Fraudulent Emails Claiming To Be From CSA And SPF


The Singapore Cyber Emergency Response Team (SingCERT) has issued a warning regarding the rise in fraudulent emails, with scammers impersonating officials from the Cyber Security Agency of Singapore (CSA) and the Singapore Police Force (SPF).

The scammers are targeting members of the public with fake court order documents, falsely claiming that the recipients’ Internet Protocol (IP) addresses are linked to illegal activities. In these deceptive messages, the scammers pressure victims to respond urgently or face severe consequences, including imprisonment.

The Fraudulent Emails Scam Trail

According to SingCERT, the scam begins with the delivery of a fraudulent email, which includes a fake court order supposedly issued by the CSA and SPF. The messages claims that an individual’s IP address is connected to illegal activities, such as accessing prohibited websites. The scammers demand that the recipient respond to the court order within 24 hours to avoid being imprisoned. The court order may look official, with references to the CSA and SPF and an assertion that the recipient’s online activities have been monitored.

One of the key elements of the scam is the urgency of the message. The scammers threaten legal action, and in some cases, claim that failure to respond will lead to the confiscation of an individual or organization’s operational license. The false sense of urgency is designed to prompt immediate action, often leading victims to transfer money or provide sensitive information.

How the Scam Works?

Fraudulent Emails
Sample of Fraudulent Letter: (Source: CSA)

The fraudulent emails use a mixture of fake details, such as the name of CSA Chief, Mr. David Koh, and the contact information of the SPF, to create an air of legitimacy. They include an elaborate explanation about how the CSA is monitoring online activities, including illegal content such as juvenile pornography. The text encourages recipients to open the attached court order document to resolve the matter immediately. 

The court order may claim that the recipient has been involved in accessing illegal websites and that evidence against them has been collected. It implies that failure to respond will lead to dire consequences, including legal action and the permanent damage of one’s public reputation. The scammers often demand that victims click on links or provide personal details, such as banking information or passwords.


What to Do If You Receive Such Emails? 

SingCERT and the Cyber Security Agency of Singapore (CSA) have advised the public to remain vigilant when receiving unsolicited or suspicious emails, especially those purporting to be from government agencies like CSA or SPF. Members of the public should always verify the authenticity of any communication claiming to be from these bodies. 

Key advice from SingCERT 

  • Do not transfer money to any account mentioned in the email or communicate with unknown numbers. 
  • Do not disclose sensitive information, such as SingPass or CPF details. 
  • Avoid clicking on any links or downloading attachments that might be included in the email. 
  • Do not install software or make changes to your device based on such instructions. 

If you receive an email that appears suspicious or feels untrustworthy, always contact the agency directly using the official contact details listed on their website. For CSA, this can be done through the official SingCERT email ([email protected]) or their online incident reporting form at SingCERT Incident Reporting. 



Source link