Singapore Directs Apple and Google to Combat Scam Messaging

The Singapore Police Force has mandated that Apple and Google implement measures to prevent government impersonation scams via their messaging platforms, iMessage and Google Messages. This directive, issued on November 24, 2023, aims to curb the spoofing of government identifiers, including the “gov.sg” SMS sender ID, according to a statement from the Ministry of Home Affairs (MHA).

The rising trend of impersonation scams, particularly those involving government officials, prompted this decisive action. Spoofing is a technique used by cybercriminals to disguise their identity as a trusted source. The newly mandated measures require that accounts and group chats cannot display names that mimic “gov.sg” or any government agency. Additionally, messages from such accounts must be filtered to protect users.

To enhance user awareness, the MHA emphasized that profile names of unknown senders should either not be displayed or should be shown less prominently than the sender’s phone number. “This would help users better identify and be wary of unknown senders,” the MHA stated.

The implementation of these directives, which falls under the Online Criminal Harms Act, requires compliance by December 3, 2023. Both Apple and Google have indicated their intention to adhere to these guidelines. The MHA has urged the public to regularly update their messaging applications to ensure they have the latest anti-spoofing features.

Data from the police indicates a significant surge in government impersonation scams. Reports show that such cases nearly tripled in the first half of 2023, with incidents rising by 199.2 percent to 1,762 cases, compared to 589 cases during the same period in 2022. These scams accounted for approximately S$126.5 million in losses, representing the second-highest financial loss among all scam types.

Government agencies employ the “gov.sg” sender ID for legitimate communications to help citizens recognize official messages. However, because this identifier is not used in iMessages or Google Messages, users may be misled by messages from accounts claiming to represent the government. The MHA noted that there have already been over 120 cases of impersonation involving other registered sender IDs, including those of SingPost.

The Online Criminal Harms Act, enacted in July 2023, empowers authorities to direct online service providers to implement necessary safeguards against cyber offences. Non-compliance with these directives could result in fines up to S$1 million (US$770,000), with additional fines of up to S$100,000 for each day the offence continues post-conviction.

In previous initiatives, the Singapore government has also instructed Meta to incorporate measures such as facial recognition technology to mitigate impersonation scams on platforms like Facebook. The latest actions reflect an ongoing commitment to safeguarding the public from deceptive practices in digital communications.