SINGAPORE — Central Provident Fund (CPF) members will now encounter an additional step of face verification when logging into their accounts via Singpass.
This move is a reaction to a recent wave of malware scams involving CPF savings, according to a joint advisory by the CPF Board, GovTech, and the police issued on Thursday, June 29.
Over the first half of 2023, there have been more than 700 reported instances of malware-related scams, leading to an estimated S$8 million (US$5.9 million) in losses. Among these, eight cases were directly linked to CPF savings, resulting in S$124,000 in losses.
In an urgent response to protect the vulnerable members, CPF Board and GovTech introduced the Singpass Face Verification feature.
“While this might inconvenience members using CPF online services, we urge members to understand the need for enhanced security in these trying times,” the agencies mentioned in their release.
Malware scams typically lure victims through Facebook or other social media ads selling items at steep discounts.
Victims receive a link to download an Android Package Kit (APK) from an unofficial app store. Upon downloading the APK, a malware infects the phone, enabling the scammer full control over the device.
The scammer manipulates the victim into enabling accessibility services on their Android phone, consequently weakening its security. This gives the scammer access to banking credentials, allowing them to make unauthorized transactions and even delete evidence of the fraudulent activity.
The advisory also warned that the scammer could potentially log into the victim’s CPF account through Singpass to initiate withdrawals.
“While CPF withdrawals can only be paid to a bank account verified by the CPF member, the stolen banking credentials on the phone can be used to illicitly transfer funds,” stated the release.
Last month, nine individuals were arrested for their alleged involvement in similar phishing scam cases.
In the same month, the police also shared that at least two individuals lost an aggregate sum of S$99,800 from their Central Provident Fund (CPF) savings due to the new malware scams.
As prevention, the authorities advised phone users, especially Android users, to only download applications from official app stores and exercise caution when granting access permissions.
They also stressed the importance of prompt updates to the latest security patches on mobile phones.
For more information on how to protect against malware scams, CPF members are directed to visit the CPF’s official website or relevant governmental portals.
Suspicious activities should be reported immediately, and personal or banking details should never be shared over the phone or text messages.