CPF to standardise SMS sender ID to ‘CPF Board’ to combat scams
From Channel News Asia on 18 Jul 2022 05:46PM
SINGAPORE: The Central Provident Fund (CPF) Board will send SMSes using only the sender ID “CPF Board” on matters pertaining to CPF, Workfare and Silver Support from Aug 1.
It will also stop using sender IDs “SG-Workfare” and “SG-SSS”.
In a news release on Monday (Jul 18), the CPF Board added that it has also registered the new sender ID with the Singapore SMS Sender ID Registry (SSIR) set up by the Infocomm Media Development Authority (IMDA).
The registry, originally meant to combat SMS spoofing, was shut down and replaced by a full-fledged system in March, after IMDA said a spate of SMS phishing scams warranted a “strong response”.
CPF Board said the registration of the new sender ID will prevent scammers from impersonating it.
“Registering with SSIR identifies and blocks spoofed messages upfront. Only SMSes from CPF Board will be delivered using the sender ID ‘CPF Board’.”
“Members can be assured that all SMSes from sender ID ‘CPF Board’ are legitimate messages from us.”
Those who have registered their mobile numbers will receive an SMS from Jul 20 regarding this change.
“We encourage members to retain this SMS on their mobile phones so that members can be assured that any future SMSes received on this same sender ID would be legitimate,” the CPF Board said.
“Any SMSes purporting to be sent by CPF Board on any other Sender ID should be ignored and deleted.”
Members of the public were also reminded to remain alert and recognise scam signs:
- Check if links leading to Government websites contain the domain “.gov.sg”.
- Reject calls with the prefix “+65”, as they are likely to be overseas calls.
- When in doubt, always verify the information directly with the Government agency or through official websites.
公积金局8月起 统一以“CPF Board”身份发送手机短信
8视界发布于18/07/2022 11:02
从下个月起,公积金局将统一以“CPF Board”的身份向会员发送手机短信,不再使用“SF-Workfare”和“SG-SSS”为发送者身份。
公积金局发表文告说,为防止骗徒冒充公积金局发出手机短信,当局已经向资讯通信媒体发展局设立的新加坡短信发送者身份登记处登记“CPF Board”这个发送者身份,这意味着,只有当局发送的手机短信才会显示“CPF Board”这个发送者身份,公众接到的短信如果注明发送者是“CPF Board”,就是公积金局发出的真实短信。
文告说,已向公积金局登记手机号码的公积金会员,后天起将收到短信,通知他们这个调整。当局鼓励会员留住这则短信,以确保未来收到的公积金局短信都是正当的。如果会员收到自称是由公积金局发出的短信、但发送者身份却不是CPF Board,就应该删除有关短信。
New For.sg link to be used by public hospitals when sending e-mails, SMSes
Published by The Straits Times on JUL 11, 2022, 3:51 PM SGT
In an effort to combat scammers, public health institutions may include a new link in the e-mail and text messages they send out to members of the public.
Instead of shortened links like bit.ly or .com links, e-mails and SMSes may include the For.sg domain.
For example, to register for the Healthier SG programme engagement session with Tan Tock Seng Hospital, residents of central Singapore have to click the link For.sg/centralhsg.
The Healthier SG initiative was launched earlier this year to address the challenges of an ageing population.
Users who click the link will be taken to a page where its authenticity will be checked before they can proceed further.
It works in a similar way to the Go.gov.sg link, which public officers use to assure the public that the link is not fake.
In this case, an e-mail about an application for a passport could include the link Go.gov.sg/passport.
For.sg has been made available to all 33 public healthcare institutions from July 6, including all public hospitals in Singapore.
Open Government Products (OGP), which developed For.sg, said that in phishing scams, victims are fooled into clicking fake links.
These links in SMSes or e-mails are made to look like the real thing.
“As many public healthcare institutions rely on SMSes with links as the main form of communication with members of the public, these are methods in which scammers have been known to take advantage of unsuspecting members of the public,” said OGP, which is part of the Government Technology Agency – a statutory board under the Prime Minister’s Office.
The OGP team collaborated with the Ministry of Health (MOH) to launch For.sg.
The spike in phishing scams in recent years prompted the development of such links, which are also known as shorteners.
OGP said that when members of the public click the For.sg links, they are also reminded to guard against phishing scams.
“This builds public awareness against clicking into suspicious and unverified links and in turn, creates a more digitally educated and savvy nation,” it added.
In January last year, MOH had warned of scammers sending SMSes pretending to be health officials.
These text messages claimed to offer vaccination appointments, directing victims to click on malicious links.
MOH had warned members of the public to be wary, and to only click on links that could be verified.
For.sg and Go.gov.sg are examples of verified links.
Healthcare professionals with e-mail domains from any of the 33 public healthcare institutions can now log in with their e-mails and immediately create shortened links with the For.sg domain.
The links also allow for safe file sharing and analytics, said OGP.
公共医疗机构为防止欺诈 推出专属缩短链接For.sg
联合早报发布于 2022年7月6日 12:00 PM
从星期三(7月6日)起,本地所有公共医疗机构都能使用专属的缩短链接For.sg,让公众更容易辨认医疗网站的真伪,以免成为诈骗或网络钓鱼的受害者。
For.sg与公众熟悉的Go.gov.sg相似,但它专给我国公共医疗机构使用。与卫生部合作推出这个缩短链接的政府开源科技部(Open Government Products)发文告说,从7月6日起,所有公共医疗机构都能使用For.sg给公众发送缩短的链接。
自冠病疫情暴发后,与医疗保健相关的网络钓鱼诈骗显著增加,推行防止诈骗的措施变得更为迫切。文告指出:“由于许多公共医疗机构依赖带有链接的短信作为与公众的主要通信方式,因此诈骗者会利用这些方法来欺诈毫无戒心的公众。”
公众如今可检查链接是否包含For.sg,避免掉入与医疗保健相关的诈骗链接的陷阱。与Go.gov.sg相同,在进入网站前,For.sg会向用户显示一个过渡页面以检查链接的真实性。
Go.gov.sg目前只限于我国政府部门和法定机构使用,而为了更容易区分医疗机构的链,政府开源科技部特设For.sg。另一个类似的产品,是公共教育机构所使用的for.edu.sg 。
New ‘+’ way to help consumers spot overseas spoof calls
redirect from Straitstimes
All overseas calls will come with the “+” prefix by April 15 to help the users of more than nine million mobile phone lines here better identify possible scams.
Announced by Senior Minister of State for Communications and Information Janil Puthucheary yesterday, it is one of several measures the Government will roll out to protect citizens and their personal data.
“Scammers based overseas sometimes spoof calls to look like local calling numbers to target our citizens, such as by spoofing numbers that start with ’65’,” said Dr Janil during the debate on his ministry’s budget.
With the “+” prefix, it is hoped that consumers can better identify international spoof calls.
For instance, +6955 0221 and +4241 2345 are likely to be spoofed calls. Consumers are advised to be vigilant and not share confidential data over the phone if they are not expecting overseas calls.
The measure is in addition to rules requiring local telcos Singtel, StarHub, M1 and TPG Telecom to block commonly spoofed numbers, such as 999 and 995.
“The Government will continue to develop additional measures to combat scams so our citizens can be better protected,” said Dr Janil.
Police statistics show China-official impersonation scams are one of the top 10 scam types here, alongside e-commerce, loan and credit-for-sex related scams.
The number of China-official impersonation scams – in which scammers trick victims to transfer money to their accounts or give out banking details – rose by 50 per cent yearly to 455 last year, with losses amounting to $21 million.
Local calls, including those from the authorities and legitimate organisations like banks, will not have the “+” prefix to help consumers better differentiate the calls. The limitations of this measure is it cannot be imposed on WhatsApp and Viber calls. But official calls also do not typically come via these platforms.
Mr Ong Teng Koon (Marsiling-Yew Tee GRC) and Mr Yee Chia Hsing (Chua Chu Kang GRC) asked about measures to guard against the misuse of facial recognition technology to secure entry into buildings and for attendance-taking, given its popularity.
Responding, Dr Janil said the Personal Data Protection Commission and the Government Data Office, which oversees data management practices across the public sector, will publish guides on the responsible use of biometric technology later this year.
Also, data protection rules governing the public sector will be harmonised with those for the private sector later this year, in the first major revision to address longstanding criticisms that private firms are subject to stricter measures.
For instance, all public-sector agencies will be required to decide within 72 hours whether or not to notify affected parties about a data breach, a requirement not spelt out at present.
帮助消费者发现海外恶搞电话的新“+”方式
来自海峡时报
贾尼尔博士在讨论他的部门预算时说:“海外诈骗者有时会伪装成本地电话号码来攻击我们的公民,例如通过欺骗以‘65’开头的号码。”
从4月15日起,所有海外电话都将带有“+”前缀,以帮助这里超过900万手机线路的用户更好地识别可能的骗局。
通信和信息高级国务部长贾尼尔·普图基里博士昨天宣布,这是政府为保护公民及其个人数据而推出的多项措施之一。
加上“+”前缀,希望消费者能更好地识别国际恶搞电话。
例如,+6955 0221 和 +4241 2345 很可能是咋骗电话。建议消费者保持警惕,如果他们不期待海外电话,不要通过电话分享机密数据。
该措施是对要求本地电信公司 Singtel、StarHub、M1 和 TPG Telecom 阻止常见欺骗号码(例如 999 和 995)的规则的补充。
贾尼尔博士说:“政府将继续制定额外措施来打击诈骗,以便更好地保护我们的公民。”
警方统计数据显示,中国官方冒充诈骗是这里的十大诈骗类型之一,此外还有电子商务、贷款和性信贷相关的诈骗。
中国官方冒名诈骗的数量——其中诈骗者诱骗受害者将钱转入他们的账户或提供银行详细信息——去年每年增加 50% 至 455 起,损失达 2100 万美元。
本地电话,包括来自当局和银行等合法组织的电话,将没有“+”前缀,以帮助消费者更好地区分电话。此措施的局限性在于它不能强加于 WhatsApp 和 Viber 呼叫。但官方电话通常也不通过这些平台来。
Ong Teng Koon 先生(Marsiling-Yew Tee GRC)和 Yee Chia Hsing 先生(Chua Chu Kang GRC)询问了防止滥用面部识别技术以确保进入建筑物和考勤的措施,因为它很受欢迎。
作为回应,贾尼尔·普图基里博士表示,个人数据保护委员会和负责监督公共部门数据管理实践的政府数据办公室将在今年晚些时候发布有关负责任地使用生物识别技术的指南。
此外,今年晚些时候,公共部门的数据保护规则将与私营部门的数据保护规则相协调,这是第一次重大修订,以解决长期以来对私营公司受到更严格措施的批评。
例如,所有公共部门机构将被要求在 72 小时内决定是否将数据泄露通知受影响的各方,这一要求目前尚未明确。