MOM warns of phishing campaign using fake e-mail address with Covid-19 support fund as bait

The Ministry of Manpower said it had received information that the campaign will be targeting businesses. PHOTO: ST FILE

SINGAPORE - A potential phishing campaign designed to steal personal data and financial information of individuals and companies is being planned by hackers using a fake Ministry of Manpower (MOM) e-mail address, warned the ministry on Friday (June 19).

In a Facebook post, MOM said hackers are planning to use the e-mail to trick people, using the Covid-19 support fund as bait to get them to share such private data.

"The hackers plan to use a spoofed MOM e-mail address (covid-support[@]mom[.]gov[.]sg) and using the Covid-19 support fund as a lure to get recipients to click on the embedded phishing link," said the ministry in its post, which was later shared by the Government Technology Agency (GovTech).

"These phishing e-mails are designed to drive recipients to fake websites where they will be deceived into divulging personal and financial information," the MOM said.

Phishing attacks are when hackers pass themselves off as someone the victims would trust to trick them into giving up their data, user names, log-in details or other information.

The MOM said it had received information that the campaign will be targeting businesses, and reminded the public to use only the official ministry website for all information and transactions on the ministry's matters.

In a report about the phishing campaign, cybersecurity firm Cyfirma, based in Singapore and in Tokyo, said that the hackers claim to have 8,000 business contact details and will target businesses with a phishing e-mail on June 21.

Recipients will then be directed to fake websites, where they will be tricked into divulging personal and financial information, Cyfirma said.

The firm conducted an online threat assessment in the first half of this month and found that the prominent hacker group Lazarus Group was planning a global attack that involved this phishing campaign.

The global attack is said to target more than five million people and businesses in six countries that have announced financial support measures for their citizens in light of the Covid-19 pandemic. They are Singapore, Japan, South Korea, India, the United States, and Britain.

This is the second time this week that the MOM warned of phishing schemes involving hackers pretending to be from the ministry.

On Tuesday, it uploaded a post on Facebook warning of online sites that have been passing themselves off as the ministry's official website and which were designed to steal information from victims.

Join ST's WhatsApp Channel and get the latest news and must-reads.