Ministry of Health issues public alert about phishing e-mail scam

The e-mail asks recipients to click on a link to verify their healthcare status.
The e-mail asks recipients to click on a link to verify their healthcare status.PHOTO: MINISTRY OF HEALTH/FACEBOOK

SINGAPORE - The Ministry of Health (MOH) is alerting the public of a phishing e-mail from "HealthCare. gov", and asking those who have received such an e-mail message to delete it.

In a post on the MOH Facebook page, the MOH said that anyone who receives an e-mail with the subject "HealthCare. gov: Important HealthCare Notification [#02015]" should not respond to the e-mail, or click on any link or attachment within the e-mail.

A phishing e-mail is one that appears to come from legitimate sources, and often redirects recipients to a mock website that spoofs a legitimate one. The fake site would proceed to ask visitors for updated personal information, such as credit card details, passwords and usernames, which can be used to access legitimate websites and services.

In this case, the MOH said that the phishing e-mail refers to filing of 2015 tax returns, and will ask recipients to click on a link to verify their healthcare status.

"Members of the public should not respond to this e-mail or click on any link or attachment in the e-mail. They are advised to refrain from opening the e-mail and to delete it," said the MOH in its Facebook post.

To protect themselves from phishing e-mail and websites, Mr John Bai, director of security response at software security company Symantec, said that consumers should be aware of the official websites that they should be visiting.

One way is to use several free domain WHOIS lookup services to check on the nature of the website. The results will bring up the company registrar behind the website, have details on when it was created, and also display the company's contact details.

Otherwise, users can also check the domain name in Google.

"If you type the domain name into Google, if it is a real site, there should be links to that website from other websites. If only the domain comes up and no other search result appears for that domain name, then it is very suspicious," said Mr Bai.

Legitimate sites will also use SSL (Secure Sockets Layer) certificates that secure the transfer of data when sensitive information, such as account creation details or submitting payment information, is required.

These certificates cost money and Mr Bai noted that often, scam sites "will not bother with an SSL certificate".

An image of the phishing email can be found in MOH's FB post embedded below.