• Search Company
  • TrustScore

Phishing Scams

Protect yourself from cybercriminals who use deceptive tactics to steal your personal information and money. Learn how to identify and avoid these increasingly sophisticated threats.

Phishing scams in Singapore - How to spot and prevent online fraud

Summarise this page with:

ChatGPTCopilotClaudeGrokPerplexity

Table of Contents

1
Introduction
2
How Phishing Works
3
Social Engineering
4
Warning Signs
5
Protection Tips
6
How to Report
7
FAQ
8
Related Articles

Phishing scams are among the most common tactics used by online scammers to obtain sensitive information from people, such as passwords, usernames, or bank details. Phishing scams usually present themselves in the form of fraudulent emails, SMS, or phone calls, posing as messages from trusted organisations such as banks, government agencies, or trusted companies in Singapore. By appearing as real sources, cybercriminals deceive individuals into giving out personal details, risking their security and money.

How Phishing Scams Are Carried Out

Phishing fraud is one of the more prevalent internet scams in Singapore. It can occur in many different forms. It is essential to understand how each type of phishing is done so as to understand how to identify them and protect ourselves from the proliferation of phishing scams.

Email Phishing

Impostors send fake emails purportedly from well-established organisations, such as banks, government agencies (e.g., IRAS, LTA, Singapore Customs), or reputable companies like Singtel and SingPost. They will also usually threaten and trick individuals into giving out sensitive information, clicking on a link, or opening a virus-carrying attachment.

Spoofed Web Addresses & Fake Websites

Scammers design copied websites that are similar to genuine ones. The victims are typically directed to them via phishing emails, where they unknowingly enter sensitive data like passwords, one-time passwords (OTPs), or banking information. Spoofed web addresses may have slight misspellings or inserted characters to appear authentic. For example, dbss.com.sg instead of dbs.com.sg.

Smishing (SMS Phishing)

Trick SMS messages—false ones purporting to be from SingPost, banks, or e-commerce businesses—urge recipients to click on bogus links to rectify delivery issues, verify accounts, or process urgent payments. The links lead to imposter sites designed to harvest login credentials or bank account data.

Vishing (Voice Phishing)

Scammers also impersonate bank officers, government officials (e.g., from IRAS or Singapore Customs), or phone customer service representatives to obtain personal information. They may threaten lawsuits, report tax discrepancies, or offer too-good-to-be-true offers to intimidate victims into releasing their credentials.

E-commerce & Parcel Delivery Phishing

Scammers prey on online purchase behaviour by triggering spoofed acknowledgement emails or SMS from SingPost, courier companies, or websites. The alerts may request additional payment, getting victims to imitation payment pages that steal financial information.

Business Email Compromise (BEC)

Fraudsters target business firms using hacking or by impersonating company emails asking for illegal payments. They may also be posing as senior executives or vendors, instructing employees to transfer money into imitation accounts. This is a great threat for business firms handling huge amounts of money.

Social Engineering & Trust Exploitation

Phishers exploit victims' emotions and trust by pretending to be friends, relatives, or colleagues. They will send emails or messages stating that they are in a crisis situation and request money or confidential data urgently.

What to Look Out For in Phishing Scams

Verify Sender Information

  • Check the sender's email address carefully for misspellings, extra characters, or suspicious domains (e.g., [email protected] instead of [email protected]).
  • Be cautious of emails from free domains like @gmail.com or @yahoo.com, especially if they claim to be from banks, government agencies, or major companies.

Be Cautious of Requests for Personal Information

  • Legitimate organisations will never ask for your passwords, OTPs, or banking details over email, SMS, or phone calls.
  • If in doubt, contact the organisation directly using official customer service channels.

How to Protect Yourself from Phishing Scams in Singapore

01 – Be Skeptical

Approach unexpected emails, SMS messages, or phone calls with caution, especially if they claim to be from Singapore Customs, IRAS, LTA, Singtel, SingPost, or local banks. Government agencies and banks will never ask for your personal details or OTPs via email or SMS unless you are performing the transactions yourself.

02 – Verify Communications

Do not trust links, attachments, or phone numbers provided in suspicious messages. Instead, contact the organisation directly using official contact details from:

  • Gov.sg websites (e.g., www.iras.gov.sg for tax matters)
  • Official banking hotlines (e.g., DBS, UOB, OCBC)
  • SingPost and courier websites for parcel-related queries

03 – Use Security Software

Install and update reliable antivirus and anti-phishing software such as ScamShield to protect yourself against scams like banking phishing attacks and parcel delivery scams. Activate SMS filters on your phone through the ScamShield app to block scam messages and calls.

04 – Educate Yourself

Stay updated on common scams in Singapore by following:

  • Scamshield
  • Cyber Security Agency of Singapore (CSA) – Get the latest online safety tips
  • Scam.SG – Read scam-related articles to understand different scam types

How to Report a Phishing Scam in Singapore

If you encounter a phishing scam in Singapore, it is crucial to limit the damage and protect others. Learn the different ways of reporting and how to limit the extent of losses to phishing fraud.

Make a Police Report

Contact the Singapore Police Force (SPF)'s hotline at 1799.

Contact Relevant Entities

  • Singpass phishing scams: Call the Singpass hotline at +65 6335 3533
  • SingPost phishing scams: Call the SingPost hotline at 1605
  • Bank phishing scams: Call your bank's anti-scam hotline
  • For other platforms of phishing fraud, contact the relevant entities' helpline for assistance.

If there are no losses, report it to us. Your reports will help protect others by helping them learn to identify and stay safe from future phishing scams.

Discover what to do if you gave your personal information to a phishing scam

Report a Phishing Scam

If you've encountered a phishing attempt or fallen victim to a scam, report it immediately to help protect others and potentially recover your losses.

Phishing Scams in Singapore: Your Questions Answered

A phishing scam is when scammers send fake emails, SMSes, or WhatsApp messages pretending to be from trusted organisations like banks, SingPost, or government agencies. Their goal is to trick you into revealing personal details or clicking malicious links that steal your data.

Check for misspellings, unfamiliar domains, or suspicious URLs that don't match the official site. Always access websites by typing the address directly into your browser instead of clicking links in messages.

Legitimate banks and government agencies in Singapore will never ask for your password, or banking credentials via SMS, call, or email.

Disconnect from Wi-Fi, don't enter any details, and immediately change your passwords. Contact your bank and report the scam through ScamShield and Scam.SG.

Report to the nearest police station or call 1799. After that, file a detailed report to Scam.SG to build awareness.

Related Articles

What to do if bank details leaked to scammers

Learn what to do if your bank details have been leaked to scammers. Explore immediate solutions and possible options to limit losses with Scam.SG!

Read More

What to do if you download a malicious app

Learn what to do if you downloaded a malicious app in Singapore. Discover immediate steps to take to protect your information and limit losses with Scam.SG.

Read More

Stay Informed, Stay Protected

Phishing scams are constantly evolving. The best defense is staying informed and practicing good cybersecurity habits.


For Consumer

  • Search a Company
  • Company Directory
  • Whitelist Directory
  • Virtual Office Directory
  • Company Location Map
  • Report a Scam
  • Submit a Review
  • Flag a Business
  • E-Commerce Abuse Reports
  • Articles & Community
  • Scam Statistics
  • View Scam Types

For Business

  • Verify Your Business
  • What is TrustScore
  • Claim Your Business
  • Certification Partnership
  • Advertise with Us
  • Submit an Article
  • Work with Us
  • Singapore Standard Industrial Classification

Platform

  • About Scam.SG
  • Watchlist
  • News & Alerts
  • Data Sources
  • Editorial Standards
  • Media
  • Publications
  • Contact Us
  • Sitemap

About Scam.SG

Scam.SG is the largest Singapore business company review and authenticity platform that provides business scam analysis and aggregate business authenticity to help consumers and/or business associates reduce the risk of falling into a scam. Our analysis uses proprietary algorithms to assess and score Singapore business entities based on publicly available data signals. Visit scam.sg/terminology for definitions of all platform terms.

Disclaimer

Scam.SG is operated by OnScam (SG) Pte. Ltd. We are not affiliated with, endorsed by, or sponsored by any government agency or department. The information provided on Scam.SG (the “Website”) is sourced from publicly available data, including but not limited to ACRA (Accounting and Corporate Regulatory Authority) data from data.gov.sg and other publicly accessible sources. Whilst we strive to ensure the accuracy and reliability of the data presented, we cannot guarantee its completeness or timeliness. Read more at our disclaimer page.


Privacy Policy
Terms & Conditions
Terminology
Disclaimer
Notice & Take Down
Dispute Resolution
Copyright
Sitemap
Scam.SG
© 2026 Scam.SG, operated by OnScam (SG) Pte. Ltd.