As your SingPass is highly personal and confidential, we strongly recommend that you observe the
following best security practices at all times:
- Keep your SingPass confidential and do not disclose it to anyone.
- Change your SingPass on a regular basis i.e. every 90 days.
- Log off your online session once you have completed your transactions.
- Clear your browser's cache or internet history after each session.
- Keep your computer updated with the latest anti-virus and firewall updates.
- If you suspect your SingPass has been compromised, reset your SingPass immediately at the appointed
counter locations island-wide.
- Do not store any Login ID or password information on your browser. To disable this feature,
go to Internet Options (for IE6 and IE7), under the Content tab, click on the AutoComplete Settings
and uncheck the option "User names and passwords on form".
- Do not access online services with your SingPass at internet cafes.
GUARDING AGAINST PHISHING
- What is Phishing?
- Phishing (pronounced as ‘fishing’) is a criminally fraudulent process whereby the ‘attacker’ attempts
to get users to divulge sensitive personal information such as their user identities and passwords, and credit card details.
- An example of phishing is where the ‘attacker’ sets up a website that impersonates the legitimate
organization’s site. Sensitive information is acquired when the users enter the requested information
(i.e. key in their user identities and passwords, or completes an online form).
- Another example involves fraudulent emails. The ‘attacker’ generates a seemingly legitimate email to the users,
requesting the users to perform some actions. A hyperlink to the fraudulent website is then provided,
where the users perform the said actions and personal information of these users are captured.
- How to prevent yourself from becoming a victim of ‘phishing’?
- Ensure that URL is correct before proceeding with the login. The SingPass URL should bear the domain name
(note: “https” rather than “http” to signify that this is a secure website). You may verify the URL
with the website certificate as shown in the screen shots below (for IE 6 & IE 7). Simply right click and
select Properties, then on Property page, click on the “Certificate” button.
- Should I lodge a report if I suspect that I have been a victim of 'phishing'?
If you suspect that you could have been a victim of ‘phishing’, please immediately lodge a report
at firstname.lastname@example.org or call the SingPass hotline at 6887-7377.
This will enable us to
identify any fraudulent websites attempting to obtain sensitive information of SingPass holders and take
action against them.