Fake CPF website removed; alert over more bogus sites

A screenshot of the CPF website.
A screenshot of the CPF website. PHOTO: CPF WEBSITE

SINGAPORE - The fake Central Provident Fund website that surfaced amid ongoing service issues with the genuine CPF Web portal has been taken down.

The Cyber Security Agency (CSA) acted to have it as well as other fake websites removed after these came to its attention on Tuesday.

The fake sites mirrored the websites of government and private companies that were not named by CSA and were hosted by the domain host "jinanyuz.com".

"CSA immediately took action to notify the Web hosting service provider and the domain registrar to seek their cooperation to remove these fake websites," said CSA director (operations) Dan Yock Hau.

The fake websites looked authentic but had additional URL links at the bottom of the main webpage, which could redirect users to unrelated sites, said Mr Dan. These could be malicious - set up to obtain personal information.

Investigations are still ongoing, and some of these fake websites can still be accessed.

 

On Tuesday, CPF warned the public of its imposter website, even as it was grappling with issues at its own website that had lasted for more than two weeks.

Online services had to be temporarily taken offline because a bug during a website upgrade caused false information to be displayed. More than 90 per cent of services have since been restored.

The Immigration and Checkpoints Authority also issued an advisory yesterday to warn about three fake websites phishing for visitors' visa and passport numbers.

The websites are www.sg-immigov.com, www.icaevisa and singaporevisagov.com/tracking-visa/

The ICA said a police report had been made, and it was working to take the websites down.

An ICA spokesman said "access to the official ICA website remains unaffected and no data has been compromised".

The CSA advised the public to remain alert to phishing sites.

A common form of online scams, phishing involves the use of fake e-mail messages and lookalike websites to deceive respondents into entering personal information. This could include financial data such as credit card numbers, account user names and passwords.

"Users should exercise caution not to click on links provided in suspicious e-mails to access websites, and not to provide personal information to requests received via e-mail," said a CSA spokesman.

The spokesman said telltale signs of fake websites include suspicious Web addresses, obvious spelling and grammatical errors, unsecured pages for information submission and asking for more information than is usually required, such as credit card security codes.

These signs should raise red flags, said senior analyst Clement Teo of market research firm Forrester. "If a website asks for information that is out of the norm, you should be more wary," he said.

•Additional reporting by Lester Hio

A version of this article appeared in the print edition of The Straits Times on December 17, 2015, with the headline 'Fake CPF website removed; alert over more bogus sites'. Print Edition | Subscribe