Singapore Government Online Homepage
Singpass
small medium large
ONLINE SECURITY TIPS

As your SingPass is highly personal and confidential, we strongly recommend that you observe the following best security practices at all times:

DO’s

  • Keep your SingPass confidential and do not disclose it to anyone.
  • Change your SingPass on a regular basis i.e. every 90 days.
  • Log off your online session once you have completed your transactions.
  • Clear your browser's cache or internet history after each session.
  • Keep your computer updated with the latest anti-virus and firewall updates.
  • If you suspect your SingPass has been compromised, reset your SingPass immediately at the appointed counter locations island-wide.

DON’Ts

  • Do not store any Login ID or password information on your browser. To disable this feature, go to Internet Options (for IE6 and IE7), under the Content tab, click on the AutoComplete Settings and uncheck the option "User names and passwords on form".
  • Do not access online services with your SingPass at internet cafes.

GUARDING AGAINST PHISHING

  • What is Phishing?

    • Phishing (pronounced as ‘fishing’) is a criminally fraudulent process whereby the ‘attacker’ attempts to get users to divulge sensitive personal information such as their user identities and passwords, and credit card details.

    • An example of phishing is where the ‘attacker’ sets up a website that impersonates the legitimate organization’s site. Sensitive information is acquired when the users enter the requested information (i.e. key in their user identities and passwords, or completes an online form).

    • Another example involves fraudulent emails. The ‘attacker’ generates a seemingly legitimate email to the users, requesting the users to perform some actions. A hyperlink to the fraudulent website is then provided, where the users perform the said actions and personal information of these users are captured. 

  • How to prevent yourself from becoming a victim of ‘phishing’?

    • Ensure that URL is correct before proceeding with the login. The SingPass URL should bear the domain name of “https://www.singpass-services.gov.sg/basic” (note: “https” rather than “http” to signify that this is a secure website). You may verify the URL with the website certificate as shown in the screen shots below (for IE 6 & IE 7). Simply right click and select Properties, then on Property page, click on the “Certificate” button.

      • Certificate Dialogue

    • Do not disclose your SingPass and password to anyone (i.e. members of your family, friends, and staff operating SingPass) under any circumstances.

    If you suspect that you have been phished (you may do so by verifying the URL with the one in the certificate), immediately:

    • Reset your SingPass using the Immediate Reset feature
    • Reset your SingPass at the reset counter(s)

  • Should I lodge a report if I suspect that I have been a victim of 'phishing'?

If you suspect that you could have been a victim of ‘phishing’, please immediately lodge a report at singpass-helpdesk@crimsonlogic.com or call the SingPass hotline at 6887-7377. This will enable us to identify any fraudulent websites attempting to obtain sensitive information of SingPass holders and take action against them.

 
Last updated on 12 May 2013
This site is best viewed using Internet Explorer 6.0 and above.
Privacy Statement | Terms of Use
© 2013 Government of Singapore