Scam Prevention

A Guide to Recognising Text and SMS (Smishing) Scams in Singapore

  • Duncan
  • 8 April 2025
A Guide to Recognising Text and SMS (Smishing) Scams in Singapore

Introduction

According to the Straits Times, scam messages are rising in Singapore, with at least 17 Land Transport Authority (LTA) phishing cases reported in December 2024 and $33,000 lost. With the growth in the use of electronic devices, criminals exploit mobile communication and the internet. They do this via phishing attacks to lure users into revealing login credentials, credit card numbers, or other personal details. A common way scammers do this is by text or SMS. 

As Singapore advances technologically and its people embrace the online economy wholeheartedly, we can expect more such news in the future. Most smishing scams rely on exploiting human trust rather than technical exploits. 

This guide will help Singaporeans recognise and avoid text or SMS scams in Singapore. 

See our guide on phishing scams and learn how to stay safe in Singapore. 

 

2. Understanding SMS Scams

Definition of SMS Scams

SMS Phishing or Smishing is when scammers text you to steal your money or data. Smishing or text scams can work in a variety of ways. They aim to trick victims to 

  1. Providing personal information 

  2. Open malicious links 

  3. Download harmful apps or software

What is particularly dangerous about smishing scams in Singapore, is that it is widespread and hard to detect. At a single time, a scammer can forward multiple scam messages to a large group of people. It will be hard to contain the spread of such messages as it is direct, thus bypassing traditional scam filters. Scammers also make use of real-looking sender IDs that impersonate governmental bodies or banks such as DBS or IRAS, making it hard to distinguish from legitimate messages. 

 

 

The Rise of Text Scams 

Texting has made it convenient to communicate. However, smishing (or SMS phishing) has become a significant threat, as many busy people, glued to their phones all day, are easy prey for well-crafted texts that look trustworthy and demand instant action. 

“Victims lost at least $162,000 to phishing scams involving social media advertisements since September 1, 2024, with at least 173 cases reported” (Source: The Straits Times)

Police, in releasing the annual scam figures on Feb 2, 2025, said, “Phishing scams rounded off the top three scams of concern in 2024 with $59.4 million lost, more than four times the amount lost the year before” (Source: The Straits Times)

 

“Singapore has lost more than $3.4 billion to scams since 2019, with a record annual high of $1.1 billion in 2024 alone. In 2025 so far, there have been more than 6,100 cases of scams reported, with victims losing more than $152.1 million.” (Source: The Straits Times)

 



3. How to Spot Text Scams and Phishing Messages in Singapore 

 

Attackers may use

·         fake websites with malicious links to trick you into revealing your credentials, which are later used to steal your identity or be sold on the dark web.

·         vishing and smishing to bypass email filters and directly target victims through calls and text messages, showing how phishing is evolving beyond emails, making these scams harder to detect and prevent.

 

A 2024 study into AI-powered personalised phishing attacks reveals that it is harder to spot phishing emails and messages, as AI-generated phishing emails achieved a click-through rate of 54%, matching the performance of emails crafted by human experts and outperforming a control group by 350%.

 

For e.g., a common mobile phishing scam might involve a message that appears to be from a bank, asking the recipient to click on a link to verify their account. Once the victim enters their information on the fraudulent site, the cybercriminal can gain access to their bank account.

 

The police said at least S$8.5 million were lost in phishing scams involving SMSes impersonating OCBC bank, with 469 victims falling prey to such scams since December 1, 2021. (Source: Today)

 

Cybercriminals often use one of two methods to steal data:

 

Malware:

The smishing URL link might trick you into downloading malware (malicious software) that hides itself in fake apps. This SMS malware might pretend to be a legitimate app, tricking you into typing in confidential information and sending this data to cybercriminals.

 

Malicious website:

The link in the smishing message might lead to a fake site that requests you to type sensitive personal information. Cybercriminals use custom-made malicious sites designed to mimic reputable ones, making it easier to steal your information.

 

Recognising the warning signs of phishing text messages is crucial in protecting yourself from scams. For example, a legitimate bank will never ask you to provide your full PIN or password via SMS. If you receive such a request, it is almost certainly a scam.

 

4.1 Warning Signs of SMS Scams

Know these warning signs of SMS scams in Singapore to stay safe. 

 Identify Scams

4.2 Visual Recognition Techniques

  • Identifying fake sender IDs

  • Recognising spoofing attempts

  • Comparing legitimate vs. fraudulent messages

Legitimate messages vs Scam messages

 

Legitimate messages

Scam messages

Sender

Known organisation or contact

Unknown/suspicious number

Tone

Professional, calm

Urgent, threatening

Personal information

Never directly ask for such information

Directly requests for sensitive information/data

Links

Verified; full domain

Shortened; suspicious URLs

Contact methods

Multiple channels

Single channel; pressure tactics

Verification

Easy to confirm

Difficult or impossible

 

5. Real-Life SMS Scam Examples in Singapore

Explore these real-life SMS scam examples in Singapore. It is important to learn scammer tactics to understand how to spot them and prevent falling prey to such text scams.

  • Case Study: SingPost Scam SMS

    • The Police have observed a trend of parcel delivery phishing scams where scammers obtain the victim’s personal details and banking credentials on the pretext of delivery charges. Since October 2023, at least 25 victims have fallen prey, with losses amounting to at least $38,000.

(Source: The Singapore Police Force)

  • Case Study: LTA Phishing Scam

    • The LTA phishing scam involved SMS messages claiming recipients had outstanding fines for traffic violations. The messages included a link to a fake LTA website where victims had to enter their personal and credit card details to pay the alleged fines. (Source: The Straits Times)

  • Case Study: IRAS Scam

    • An IRAS scam targeted Singaporeans during tax season, with SMS messages claiming recipients were eligible for tax refunds. The messages directed victims to a fraudulent website mimicking the official IRAS portal, where scammers collected personal and banking information. (Source: the new paper)

  • Case Study: WeChat Scam

    • A woman lost most of her savings after she believed a scammer’s lie that she had mistakenly bought insurance coverage called “protection from scams insurance” from WeChat and paid $67,500, hoping to cancel the policy.

    • On Jan 9, 2025, the police said that between Aug 28, 2024, and the end of the year, at least 1,591 cases of impersonation scams featuring Chinese companies were reported, with total losses amounting to at least $27.9 million.

    • The police previously said that in such cases, victims would receive phone calls from scammers impersonating staff of Chinese companies such as Tencent, WeChat, or UnionPay. (Source: The Straits Times)

 

These real-life examples demonstrate the diversity and sophistication of text scams targeting Singaporeans. By familiarising yourself with these scenarios, you can more easily identify fake SMS messages when they appear in your inbox.

 

6. Protecting Yourself from SMS Scams in Singapore

Learn to protect yourself from SMS scams. Always stop and check:

  1. Add security features such as downloading the ScamShield app to block scams and report them

  2. Check for scam signs with official sources

  3. Tell the authorities and warn your loved ones and friends

 

Call the ScamShield helpline (1799) to check if you suspect it is a scam.

How to Identify Text Scams & Phising Messages

 

 

6.1 Preventive Strategies

  1. Review App Permissions Regularly:

-  Check the permissions granted to your apps and disable any unnecessary access, such as access to your camera, microphone, or contacts.

  1. Install anti-scam software:

-   Use apps like ScamShield to filter out potential scam messages.

  1. Keep Your Device and Apps Updated

-  Always install the latest security patches for your operating system and apps.

-   These updates often fix vulnerabilities that hackers may exploit.

  1.  Download Apps Only from Trusted Sources

-   Avoid downloading apps from third-party app stores.

-   Stick to official app stores like Google Play and the Apple App Store, as they have security checks in place.

  1.  Install Mobile Security Software

-   Use a reputable mobile security app that can detect Malware, protect against phishing attacks, and block suspicious websites.

  1. Verify the sender's identity:

-    Always double-check the sender's number against official sources.

  1.  Never click on suspicious links:

-     Avoid clicking on links in unsolicited messages.

  1.  Keep personal information private:

  •    Legitimate organisations will not ask for sensitive details via SMS.

  1. Use strong passwords and two-factor authentication:

o   Ensure your mobile device is protected by a strong, unique password.

o   Enable two-factor authentication on your accounts whenever possible to add an extra layer of security.

  1.  Stay informed:

o   Keep up-to-date with the latest scam techniques and warnings from official sources.

  1. Be Cautious of Public Wi-Fi:

o   Avoid using public Wi-Fi networks for sensitive activities, such as online banking or shopping.

o   If you must use public Wi-Fi, consider using a Virtual Private Network (VPN) to encrypt your connection.

  1. Be Wary of Phishing Attacks:

o   Be cautious when receiving unsolicited emails or SMS messages.

o   Do not click on links or open attachments from unknown sources, and verify the legitimacy of any suspicious communication.

  1.  Register for Sender ID Protection:

o   Organisations register their official sender IDs on this portal, making it harder for scammers to impersonate them.

o   As a consumer, you can check if a sender ID is registered through the registry's public portal.

  1.  Report Suspicious Messages:

o   Lodge a police report and forward suspicious SMS to the Singapore Police Force, if you think you may have been the victim of a cybercrime to help authorities track and combat emerging scam patterns.

o   If you have received an email that you think might be a “phish,” send it to the Cyber Security Agency of Singapore (CSA), as your report will help them act quickly and prevent other people from being affected. (Source: CSA)

  1. Check Against Known Scams

o   Visit ScamShield, a mobile application developed in collaboration with the Singapore Police Force (SPF) and the National Crime Prevention Council (NCPC) to stay informed about current scam trends in Singapore, or

o   Call ScamShield helpline @ 1799 (Available 24/7, Monday to Sunday) to check if you are unsure if something is a scam, or if you have any scam-related queries.

 

7. Tools and Services to Combat Text Scams

ScamShield, an anti-scam tool in the fight against text scams in Singapore, was developed by the Singapore government to block scam calls and filter out scam SMS messages.

 

Scam.SG provides a comprehensive resource for Singaporeans to verify, learn about, and report scams in Singapore, including SMS and text-based fraud. Our TrustScore evaluates entities and websites, helping Singaporeans to check the legitimacy of unfamiliar entities and providing an additional layer of protection to avoid potential scams.

 

However, since scammers can manipulate scores, such ratings should be used alongside other safety checks.

 

Sender ID Registry Singapore is an initiative by the Infocomm Media Development Authority (IMDA) to prevent the spoofing of legitimate business and government agency SMS sender IDs. This scheme began on Jan 31, 2023, to automatically tag all non-registered SMS sender IDs as likely scams. (Source: The Straits Times)

 

Cyber Security Agency of Singapore resources

The Cyber Security Agency of Singapore (CSA) was formed in 2015 and tasked to protect Singapore’s cyberspace, enhancing cybersecurity awareness and building national resilience against cyber threats. (Source: https://www.csa.gov.sg/about-csa/who-we-are/)

 List of Recommended Security Apps 2025 Infographic

 

Telecom operator protection services

Telecom operators implemented SMS anti-scam filtering solutions within their mobile networks to automatically filter potential online scam messages before they reach consumers. Specifically, these solutions can detect malicious links within SMSs sent via our telecoms network of key mobile operators (Singtel, Starhub, and M1) from the end of October 2022. (Source: IMDA press release)

 

Since 1 July 2024, subscribers of M1, SIMBA, Singtel, and Starhub who do not regularly transact with international numbers may activate the international SMS blocking feature for both calls and SMS to safeguard against scams. (Source: InfoComm Media Development Authority)

 

8. What to Do If You Fall Victim to an SMS Scam

If you become a victim of an SMS scam, immediate actions will help in the recovery process:

 

Stop all communications with the sender immediately.

  1. Contact your bank immediately to

o   report the scam,

o   instruct them to stop any unauthorised transactions and

o   suspend your accounts, if needed.

  1. File a Police Report

 Police Report online, or

o   through the I-Witness e-Service, or

o   Police Hotline at 1800-255-0000, or

o   at your nearest Neighbourhood Police Centre

§  Provide all relevant details including:

                   - The phone number or sender ID that sent the scam message

                 - Screenshots of the messages and any websites visited

                 - Transaction details if any payments had been made

- Any personal information that may have been divulged

  • If you think an email might be a “phish,” send it to the Cyber Security Agency of Singapore (CSA) so that they can act quickly and prevent other people from being affected.

  1.  Monitor your accounts closely for any suspicious activities.

  2. Change all your passwords for email and banking accounts.

  • Do not click any links

o   Update your electronic device's security software and run a scan to remove any potential malware.

  1. Inform your family and friends about the scam to prevent them from falling victim.

o   Seek support from friends, family, or professionals during this stressful time.

  1.  For compromised social media accounts, report the incident to the respective platforms immediately.

  2. Staying calm and acting swiftly will help to lessen damage and protect yourself from further loss.

 

9. Conclusion

Providing information, whether willingly or unwillingly, is equivalent to handing the keys to your bank accounts and balances (sometimes even your life) to thieves.

 

Singaporeans must take active steps in the fight against scams because anyone can fall prey to them, and the consequences can be dire, per Minister of State for Home Affairs Sun Xueling. (Source: The Straits Times)

 

In Singapore, we have consistently emphasised the need for a whole-of-ecosystem approach to scams, fostering collaboration across multiple Government agencies as well as private sector entities. Equally crucial is an informed and vigilant public, which serves as a cornerstone in the collective fight against scams. (Source: Monetary Authority of Singapore)

 

Check out Scam.SG, and use our TrustScore system in conjunction with other such apps to better protect your online transactions and experience.