Contact Contact Us

MOF On How To Spot Fake SG Bonus SMSes, Alipay and Tencent Say Hackers Used Stolen Apple IDs To Pilfer Money

The Ministry of Finance issued an advisory on how to spot fake SG Bonus SMSes that have been circulating of late. The fake SMSes state the sender’s name as and include the link ‘sg-gov[.]com’. They do not include the last three digits and the letter of the recipient’s NRIC number. On the contrary, legitimate SMSes list its sender as SG-Bonus or SGBonus and the link in the message start with ‘https://www[.]singaporebudget[.]gov[.]sg’. The legitimate SMSes also include the last three digits and the letter of the recipient’s NRIC number if he or she has already signed up for the SG Bonus.

Chinese payment service providers Alipay and Tencent said that hackers had used stolen Apple IDs to hack into customers’ accounts and pilfer an unknown amount of money. Alipay warned that customers who have linked their Apple identities to payment services may be vulnerable and they are encouraged to lower transactions limits to avoid additional losses. It is unclear how hackers obtained the Apple IDs. Both Alipay and Tencent have reached out to Apple to resolve the situation.

[1] Hackers Are Using Stolen Apple IDs to Swipe Cash in China
[2] MOF on how to tell if text message on SG Bonus is real

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883