MOF On How To Spot Fake SG Bonus SMSes, Alipay and Tencent Say Hackers Used Stolen Apple IDs To Pilfer Money

9 - 16 October 2018

The Monetary Authority of Singapore (MAS) has warned the public of phishing emails impersonating the authority to deceive recipients into disclosing personal and financial information.
The Ministry of Finance issued an advisory on how to spot fake SG Bonus SMSes that have been circulating of late. The fake SMSes state the sender’s name as and include the link ‘sg-gov[.]com’. They do not include the last three digits and the letter of the recipient’s NRIC number. On the contrary, legitimate SMSes list its sender as SG-Bonus or SGBonus and the link in the message start with ‘https://www[.]singaporebudget[.]gov[.]sg’. The legitimate SMSes also include the last three digits and the letter of the recipient’s NRIC number if he or she has already signed up for the SG Bonus.

Chinese payment service providers Alipay and Tencent said that hackers had used stolen Apple IDs to hack into customers’ accounts and pilfer an unknown amount of money. Alipay warned that customers who have linked their Apple identities to payment services may be vulnerable and they are encouraged to lower transactions limits to avoid additional losses. It is unclear how hackers obtained the Apple IDs. Both Alipay and Tencent have reached out to Apple to resolve the situation. 

[1] Hackers Are Using Stolen Apple IDs to Swipe Cash in China
[2] MOF on how to tell if text message on SG Bonus is real

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence