Additional Measures to Tackle Increase in Cases of Government Officials Impersonation and Phishing Scams

44 Mr Vikram Nair asked the Coordinating Minister for National Security and Minister for Home Affairs in light of the increase in cases of Government officials impersonation scams, phishing scams and the amounts lost to such scams, whether the Ministry is considering additional measures which are specifically targeted at such scams.

Mr K Shanmugam: The rise in Government officials impersonation scams (GOIS) and phishing scams is a serious concern. They accounted for about 28% of all scam cases and about 34% of all scam losses in the first half of 2025.

To deal with GOIS, Government agencies have been using the "gov.sg" short message service (SMS) sender ID to send SMSes since July 2024 to help the public identify legitimate Government SMSes easily. We are planning a similar approach for outgoing Government calls. As an interim step, we intend to make outgoing calls to members of the public from commonly impersonated agencies, like the Singapore Police Force (SPF), to have only one common caller ID, regardless from which phone the officers are making the call. This will make it easier for the public to identify whether a call truly comes from the Police. The details will be announced in due course.

In addition, we are working with online platforms to enhance safeguards against Government impersonation. We will issue an implementation directive under the Online Criminal Harms Act (OCHA) to require Meta to put in place measures targeting scam advertisements, accounts, profiles and business pages impersonating key Government office holders on Facebook. We are also engaging online messaging platforms to implement measures to prevent the spoofing of "gov.sg" and public agency names.

We have observed a rise in phishing scams as scammers have shifted their modus operandi to phishing banking or credit card credentials using fake advertisements on social media platforms. To address this, SPF requires online service providers designated under OCHA, such as Facebook and TikTok, to implement upstream measures, such as user verification, and to proactively detect and disrupt suspected scam activities.

The Monetary Authority of Singapore has worked with the major retail banks to phase out the use of SMS One-Time Passwords for authentication of transactions for digital token users, and implement additional verification for provisioning of cards into mobile wallets. They are also working to roll out a Fast IDentity Online (FIDO)-compliant hardware token to better safeguard high-value Internet banking transfers. This will prevent scammers from being able to use just-phished banking credentials to steal the money in the account.

But ultimately, a vigilant public is our best defence. Members of the public should check the authenticity of websites when making payments and be discerning when receiving communications claiming to be from the Government. Government officials will never ask you to transfer money or disclose bank log-in details over a phone call, to install mobile apps from unofficial app stores or purportedly transfer your call to the Police. If in doubt, please check with the 24/7 ScamShield Helpline at 1799.