CPF to standardise SMS sender ID to ‘CPF Board’ to combat scams
From Channel News Asia on 18 Jul 2022 05:46PM
SINGAPORE: The Central Provident Fund (CPF) Board will send SMSes using only the sender ID “CPF Board” on matters pertaining to CPF, Workfare and Silver Support from Aug 1.
It will also stop using sender IDs “SG-Workfare” and “SG-SSS”.
In a news release on Monday (Jul 18), the CPF Board added that it has also registered the new sender ID with the Singapore SMS Sender ID Registry (SSIR) set up by the Infocomm Media Development Authority (IMDA).
The registry, originally meant to combat SMS spoofing, was shut down and replaced by a full-fledged system in March, after IMDA said a spate of SMS phishing scams warranted a “strong response”.
CPF Board said the registration of the new sender ID will prevent scammers from impersonating it.
“Registering with SSIR identifies and blocks spoofed messages upfront. Only SMSes from CPF Board will be delivered using the sender ID ‘CPF Board’.”
“Members can be assured that all SMSes from sender ID ‘CPF Board’ are legitimate messages from us.”
Those who have registered their mobile numbers will receive an SMS from Jul 20 regarding this change.
“We encourage members to retain this SMS on their mobile phones so that members can be assured that any future SMSes received on this same sender ID would be legitimate,” the CPF Board said.
“Any SMSes purporting to be sent by CPF Board on any other Sender ID should be ignored and deleted.”
Members of the public were also reminded to remain alert and recognise scam signs:
- Check if links leading to Government websites contain the domain “.gov.sg”.
- Reject calls with the prefix “+65”, as they are likely to be overseas calls.
- When in doubt, always verify the information directly with the Government agency or through official websites.
公积金局8月起 统一以“CPF Board”身份发送手机短信
公积金局发表文告说，为防止骗徒冒充公积金局发出手机短信，当局已经向资讯通信媒体发展局设立的新加坡短信发送者身份登记处登记“CPF Board”这个发送者身份，这意味着，只有当局发送的手机短信才会显示“CPF Board”这个发送者身份，公众接到的短信如果注明发送者是“CPF Board”，就是公积金局发出的真实短信。
New For.sg link to be used by public hospitals when sending e-mails, SMSes
Published by The Straits Times on JUL 11, 2022, 3:51 PM SGT
In an effort to combat scammers, public health institutions may include a new link in the e-mail and text messages they send out to members of the public.
Instead of shortened links like bit.ly or .com links, e-mails and SMSes may include the For.sg domain.
For example, to register for the Healthier SG programme engagement session with Tan Tock Seng Hospital, residents of central Singapore have to click the link For.sg/centralhsg.
The Healthier SG initiative was launched earlier this year to address the challenges of an ageing population.
Users who click the link will be taken to a page where its authenticity will be checked before they can proceed further.
It works in a similar way to the Go.gov.sg link, which public officers use to assure the public that the link is not fake.
In this case, an e-mail about an application for a passport could include the link Go.gov.sg/passport.
For.sg has been made available to all 33 public healthcare institutions from July 6, including all public hospitals in Singapore.
Open Government Products (OGP), which developed For.sg, said that in phishing scams, victims are fooled into clicking fake links.
These links in SMSes or e-mails are made to look like the real thing.
“As many public healthcare institutions rely on SMSes with links as the main form of communication with members of the public, these are methods in which scammers have been known to take advantage of unsuspecting members of the public,” said OGP, which is part of the Government Technology Agency – a statutory board under the Prime Minister’s Office.
The OGP team collaborated with the Ministry of Health (MOH) to launch For.sg.
The spike in phishing scams in recent years prompted the development of such links, which are also known as shorteners.
OGP said that when members of the public click the For.sg links, they are also reminded to guard against phishing scams.
“This builds public awareness against clicking into suspicious and unverified links and in turn, creates a more digitally educated and savvy nation,” it added.
In January last year, MOH had warned of scammers sending SMSes pretending to be health officials.
These text messages claimed to offer vaccination appointments, directing victims to click on malicious links.
MOH had warned members of the public to be wary, and to only click on links that could be verified.
For.sg and Go.gov.sg are examples of verified links.
Healthcare professionals with e-mail domains from any of the 33 public healthcare institutions can now log in with their e-mails and immediately create shortened links with the For.sg domain.
The links also allow for safe file sharing and analytics, said OGP.
联合早报发布于 2022年7月6日 12:00 PM
New ‘+’ way to help consumers spot overseas spoof calls
redirect from Straitstimes
All overseas calls will come with the “+” prefix by April 15 to help the users of more than nine million mobile phone lines here better identify possible scams.
Announced by Senior Minister of State for Communications and Information Janil Puthucheary yesterday, it is one of several measures the Government will roll out to protect citizens and their personal data.
“Scammers based overseas sometimes spoof calls to look like local calling numbers to target our citizens, such as by spoofing numbers that start with ’65’,” said Dr Janil during the debate on his ministry’s budget.
With the “+” prefix, it is hoped that consumers can better identify international spoof calls.
For instance, +6955 0221 and +4241 2345 are likely to be spoofed calls. Consumers are advised to be vigilant and not share confidential data over the phone if they are not expecting overseas calls.
The measure is in addition to rules requiring local telcos Singtel, StarHub, M1 and TPG Telecom to block commonly spoofed numbers, such as 999 and 995.
“The Government will continue to develop additional measures to combat scams so our citizens can be better protected,” said Dr Janil.
Police statistics show China-official impersonation scams are one of the top 10 scam types here, alongside e-commerce, loan and credit-for-sex related scams.
The number of China-official impersonation scams – in which scammers trick victims to transfer money to their accounts or give out banking details – rose by 50 per cent yearly to 455 last year, with losses amounting to $21 million.
Local calls, including those from the authorities and legitimate organisations like banks, will not have the “+” prefix to help consumers better differentiate the calls. The limitations of this measure is it cannot be imposed on WhatsApp and Viber calls. But official calls also do not typically come via these platforms.
Mr Ong Teng Koon (Marsiling-Yew Tee GRC) and Mr Yee Chia Hsing (Chua Chu Kang GRC) asked about measures to guard against the misuse of facial recognition technology to secure entry into buildings and for attendance-taking, given its popularity.
Responding, Dr Janil said the Personal Data Protection Commission and the Government Data Office, which oversees data management practices across the public sector, will publish guides on the responsible use of biometric technology later this year.
Also, data protection rules governing the public sector will be harmonised with those for the private sector later this year, in the first major revision to address longstanding criticisms that private firms are subject to stricter measures.
For instance, all public-sector agencies will be required to decide within 72 hours whether or not to notify affected parties about a data breach, a requirement not spelt out at present.
例如，+6955 0221 和 +4241 2345 很可能是咋骗电话。建议消费者保持警惕，如果他们不期待海外电话，不要通过电话分享机密数据。
该措施是对要求本地电信公司 Singtel、StarHub、M1 和 TPG Telecom 阻止常见欺骗号码（例如 999 和 995）的规则的补充。
中国官方冒名诈骗的数量——其中诈骗者诱骗受害者将钱转入他们的账户或提供银行详细信息——去年每年增加 50% 至 455 起，损失达 2100 万美元。
本地电话，包括来自当局和银行等合法组织的电话，将没有“+”前缀，以帮助消费者更好地区分电话。此措施的局限性在于它不能强加于 WhatsApp 和 Viber 呼叫。但官方电话通常也不通过这些平台来。
Ong Teng Koon 先生（Marsiling-Yew Tee GRC）和 Yee Chia Hsing 先生（Chua Chu Kang GRC）询问了防止滥用面部识别技术以确保进入建筑物和考勤的措施，因为它很受欢迎。
例如，所有公共部门机构将被要求在 72 小时内决定是否将数据泄露通知受影响的各方，这一要求目前尚未明确。