SINGAPORE: On Wednesday (Nov 1), the Central Provident Fund (CPF) Board issued a warning on its Facebook account concerning a scam email that has been circulating with the email subject: “Reminder: Requirement to declare wage information.”
“The email contains an attachment asking employers for employee wage information. This scam email mimics CPF Board’s authorised email address in the sender description. The email was 𝐧𝐨𝐭 𝐬𝐞𝐧𝐭 𝐛𝐲 𝐂𝐏𝐅 𝐁𝐨𝐚𝐫𝐝. Please do not open the attachment and delete the email immediately,” the warning added.
The CPF Board assured the public that its systems have not been compromised and encourages everyone to review and update their email security settings to block malicious or spoofed emails or seek assistance from their email service provider.
The CPF Board also added a site providing more information on protecting firms from business email compromise attacks, which may be found here. People with questions regarding the matter may call 1800-227-1188 or write to the CPF Board at cpf.gov.sg/writetous.
This is not the first time fraudsters have targeted the CPF in scamming people. In June, the Public Affairs Department of the Singapore Police Force alerted the public over the emergence of scams involving malware that ended with money taken from bank accounts and Central Provident Fund (CPF) accounts.
In two such cases, CPF savings were lost, amounting to at least $99,800. The scammers’ modus operandi is as follows: A person would see a grocery advertisement on social media platforms such as Facebook. Those interested and contacted the scammers via messaging platforms, including WhatsApp, would be sent a uniform resource locator (URL). The scammers would then tell their victims to download an Android Package Kit (APK) file, an application created for Android’s operating system, ostensibly for ordering and payment purposes.
“Unknown to the victims, the application would contain malware that allowed scammers to access the victims’ device remotely and steal passwords, including passwords (e.g. Singpass passcode) stored in the device. The scammer might also call the victim to ask for their Singpass passcode, purportedly to create an account on the application,” the police wrote.
Read related: Two scam victims lost $99,800 in CPF savings after downloading malware-infested apps via fake Facebook ads
In August, the Ministry of Manpower (MOM) issued an advisory warning the public about a scam being spread via WhatsApp with messages titled “CPF Top-up Scheme ( CPFS) OFFER.”
The scam claims that individuals who fill in their personal information on the included link in the message will receive additional CPF contributions.
Related: MOM warns public against new scam: ‘CPF Top-up Scheme OFFER’ via WhatsApp
In June of last year, after warning people against scammers, the CPF Board announced that it would bolster its cybersecurity measures by taking steps to protect members from being victimised by fraudsters.
Related: CPF Board standardises SMSes to help protect members from scammers /TISG