SINGAPORE—In a striking reminder of the increasing sophistication of cybercrime, the Immigration and Checkpoints Authority (ICA) has temporarily suspended its e-Change of Address (eCOA) service following unauthorized changes to the addresses of around 80 residents. This alarming situation stems from the misuse of stolen or compromised Singpass accounts.
Scammers on the Prowl
Since September 2024, ICA has been investigating a worrying trend of unauthorised changes in residential addresses. By December, about 75 per cent of the attempts to change addresses were successful—setting off alarm bells throughout the agency.
- About 80 cases of unauthorised address changes identified.
- Scammers employed stolen Singpass accounts to bypass security measures.
- The perpetrators reportedly aimed to establish mule accounts for nefarious activities.
How They Did It
Scammers took advantage of the ‘Others’ module in the eCOA service, which allows proxies like friends or family to assist with address changes. This module was designed for those who aren’t tech-savvy, requiring just the victim’s National Registration Identity Card (NRIC) number and the date of issue to make changes.
With these details, the scammers managed to receive a verification PIN at the victim’s new address—after which they could reset the victims’ Singpass passwords, giving them direct access to sensitive accounts. According to ICD’s Commissioner Marvin Sim, “The perpetrators are likely to be locals,” with no foreign involvement detected.
Stepping Up Security Measures
In light of these developments, ICA has taken swift action:
- Suspended the eCOA service from 11 January 2024 to bolster security.
- Plans to integrate face verification technology into Singpass login procedures.
- Introduced an option for users to verify any changes made by a proxy.
Officials indicated that the service might resume by 14 January 2024, but the ‘Others’ module will remain unavailable until additional security measures are implemented.
Public Advisory
Residents are urged to check their registered addresses using ICA’s website. Any discrepancies should be reported immediately. The agency is also reaching out to affected individuals to rectify their NRIC details and assist with resetting compromised Singpass accounts.
In a digital age, it’s crucial for everyone to stay vigilant against potential cyber threats. Ensure your details are secure—after all, keeping one step ahead of scammers is a little like our local hawkers: they’ve gotta keep the stall running smoothly!