All Government Agencies Will Have Anti-SMS Spoof System After OCBC SMS Phishing Scam

SMSes from ‘official’ banks and agencies are Singaporeans’ new source of paranoia. Are you sure that this message is really from MINDEF or IRAS? (OK, so maybe scammers haven’t tried scams about reservists or taxes. But you never know!)

Not to worry, as nobody can try to spoof government agencies’ SMS IDs anymore. Here’s why.

The End of Spoofing?

Spoofing, which is the act of copying a legit SMS ID to pass a scam message off as an official message, is a big deal recently.

This is because more than 460 OCBC customers got scammed by what they thought were official OCBC messages, and lost over $8 million.

Learning from this lesson, all government agencies will be registering with a new anti-spoofing registry, so that nobody can pretend to be the government. All 16 ministries and over 60 statutory boards will sign up with the registry.

This comes after the Infocomm Media Development Authority (IMDA) urged more businesses to sign up for the Singapore SMS SenderID Protection Registry.

By registering their SMS sender names, unauthorised parties that try to send SMSes using registered names will be blocked from mobile operators’ networks. This will level up the difficulty of spoofing!

The registry can also help facilitate tracing efforts by the Ministry of Home Affairs to catch scammers.

Additionally, the Government will be exploring the use of other channels, like the Singpass app’s inbox feature, to send messages to the public.

Use of Clickable Links and Additional Authentication Steps Being Reviewed

SMS communication has been instrumental in reaching citizens who don’t own a smartphone or don’t use apps. Removing clickable links in SMSes entirely might end up excluding these groups of people from being able to access services.

Given their importance, SMSes with clickable links will likely still be around for low-risk transactions.

To mitigate the risks, government agencies must send links that end with “” to allow the public to easily identify them as trusted, official links. The Smart Nation Digital Government Group will ensure all agencies comply with this rule.

There will also be increased efforts to educate the public on how to verify the validity of links before clicking on them.

Join our Telegram channel for more entertaining and informative articles at or download the Goody Feed app here: 

Reviews for increased authentication steps are also ongoing, like requiring biometric identification for high-risk transactions.

The group will continue to work with agencies to strengthen systems for detecting fake login attempts from different locations and devices.

What Can We Do To Protect Ourselves?

IOS users can download the Government’s ScamShield app, which identifies and filters out scam messages using artificial intelligence. It also blocks scam messages and calls from phone numbers used in other scams or reported by other ScamShield users.

Android users will have to wait, as the Government is still working on a version for Android devices.

We must also stay vigilant, as scammers will likely be redirecting their efforts through other channels like emails to trick us into visiting fake websites.

When visiting any official government organisation or agency’s website, it should be by typing the official link in your browser. Alternatively, make sure that the clickable link ends with “”.

For correspondence from banks like OCBC or DBS, do not click on any links sent in SMSes or emails. Ensure that you’re not directed to a cloned website by typing the official link in your browser.

Banks, organisations and government agencies are all adopting stronger security measures to protect the public.

Read Also:

Featured Image: Saxarinka /