People lost half million dollars after getting fake SingPost text about failed parcel delivery this year
At least 338 cases of parcel delivery phishing scams were reported with total losses of at least $616,000 since Jan 1, said the police on Sept 20.
At least 266 of these cases with total losses of at least $495,000 involved the impersonation of SingPost.
People would receive a message saying that a parcel delivery to their address had failed.
The message would instruct victims to click on a URL to confirm their address. The URL would direct the victims to a phishing site that prompted them to key in their credit or debit card details.
The victims realised that they had been scammed when they noticed unauthorised transactions on their cards.
The police said they also observed the abuse of online messaging applications such as iMessage and Rich Communication Services (RCS) to deliver these phishing messages.
Messages from these messaging applications would appear alongside legitimate SMSes in the victim's mobile devices.
While there are safeguards such as the SMS Sender ID Registry protect public from spoofed SMSes, such protection does not extend to online messaging applications.
You should stay alert against instances where they receive messages from unknown contacts through a group chat on such messaging applications, which would also appear alongside SMSes in the same channel.
Group chats may be renamed to mimic legitimate sender IDs used in SMSes, and thereby used by scammers to impersonate legitimate entities in such group chat settings.
SingPost has clarified on its website that it will not send SMSes to request for any payment before delivery or personal information.
SMSes from SingPost comes from the SMS Sender ID "SingPost" and will not contain clickable links. SingPost only receives payments made on the official SingPost mobile application, post offices, and SAM kiosks.
