SINGAPORE: A brand new sort of rip-off has emerged, tricking folks into utilizing their Singpass app to scan Singpass QR codes despatched via SMS to authorise entry into digital providers.
The police on Tuesday (Feb 22) warned that scammers might misuse the entry by registering companies, subscribing for brand new cell traces or opening new financial institution accounts underneath the sufferer’s title. These registrations could possibly be for illicit functions.
The police warned towards scanning QR codes delivered via SMS and messaging platforms similar to WhatsApp. In the identical manner, folks should not click on on embedded hyperlinks in SMS and messages.
QR code scanning by itself is secure when transactions on web sites and at cashier counters are initiated by the consumer.
Here is how the rip-off works:
1. Promise of financial rewards
Scammers create faux surveys and recruit contributors via on-line boards and e-commerce websites.
The surveys are purportedly performed for respected firms or organisations in Singapore. The scammers normally talk with the victims via WhatsApp and promise them financial rewards in alternate for filling up the surveys.
2. Request to scan QR codes
When the victims full the surveys, the scammers ask them to scan a Singpass QR code with their Singpass app, claiming that it’s a part of a verification course of to retrieve the survey outcomes to disburse the rewards.
But the Singpass QR code offered by the scammers is a screenshot from reliable web sites. Many web sites, together with these of presidency companies, telcos, insurance coverage companies and banks, authenticate providers utilizing Singpass. By scanning the QR code and authorising the transaction with out additional checks, victims are tricked into giving the scammers entry to all kinds of on-line providers.
3. Unauthorised transactions
Scammers then use the entry to register companies, subscribe to new cell traces or open new financial institution accounts underneath the sufferer’s title. These registrations could possibly be for illicit functions.
Victims solely realise one thing has gone incorrect once they obtain notifications of those transactions by their telecommunications service suppliers or banks, or when an alert of their Singpass Inbox reveals that their private particulars have been retrieved. – The Straits Times (Singapore)/Asia News Network