All govt agencies to sign up for anti-spoof registry, relook use of SMS and links in communications with citizenry

SINGAPORE — The Government will sign up all of its agencies to a national anti-spoof registry and review its use of SMS and clickable links in all of its communications, the Smart Nation and Digital Government Group (SNDGG) said on Friday (Jan 21).

The registry, called the Singapore SMS SenderID protection registry, allows organisations to block spoofed scam messages from being sent to users' mobile phones.

The move came days after a suite of security measures were announced to combat scams such as the recent OCBC bank phishing scam.

In a statement, SNDGG said that the move will make it more difficult for attackers to send spoofed messages disguised as government agencies and will help the Ministry of Home Affairs trace and catch the culprits.

It added that the Government will explore using other channels, such as an inbox feature within its Singpass application, for members of the public to receive messages from government agencies. 

SNDGG noted, however, that although smartphone access in Singapore is high, SMS is still used by citizens who do not own smartphones or use messaging apps.

It added that recent moves made by organisations to make SMS more secure could lead scammers to focus their efforts on other channels.

“The removal of clickable links for low-risk transactions also has implications beyond reducing accessibility and inclusion. Scammers will redirect their efforts through other means, such as emails, to trick the public into visiting spoofed websites.” 

Right now, government agencies are required to send links that end with “gov.sg” so that members of the public may easily identify that the link is legitimate.

“We will ensure that all agencies adhere to this rule. We will increase efforts to raise public awareness on verifying that a link is a valid government link before clicking on it,” SNDGG said.

It added that it will work with agencies to strengthen its system to detect fraudulent log-in attempts from different locations or devices, and trigger “step-up authentication” such as requiring biometric face verification for higher-risk transactions. 

SNDGG reminded members of the public of the Government’s ScamShield app, which identifies and filters scam messages. The ScamShield app also blocks messages or calls from phone numbers that were used in previous scam cases or reported by other ScamShield users.

The app is available for iOS or Apple devices. SNDGG is working on a version for Android phone users.