5 ways to spot a fake government site -- including this bogus ICA one

The Immigration & Checkpoints Authority (ICA) announced that there is a fake ICA website that is phishing for visitors’ visa reference numbers and passport numbers.

In a Facebook post, the ICA advised members of the public to exercise caution by checking on the URL and web address before clicking so that they do not unwittingly fall prey to such fake websites.

Here is the link to the phishing site that you should not be clicking: www.singaporeonline-epass.com

Here is the link to ICA's official site: https://www.ica.gov.sg

In 2016, The Infocomm Development Authority (IDA) said there has been a growing number of fake government websites over the past few years.

Such sites may trick users into giving their personal or financial information, such as credit card numbers, identity card or passport numbers, or usernames and passwords, through the use of fake websites or e-mail masquerading as official sources.

Here are 5 ways you can spot a bogus government website or email according to the official website of the Singapore Government:

1. Emails that use a public internet account 

Take a look at the sender’s e-mail address before clicking on any link sent to you via email. Do not trust the email if it was sent via a public account as emails sent by the government will not be sent via a public account. Singapore government email addresses will end with @[agency name].gov.sg. Additionally, do not trust any email or website that asks you to “confirm” sensitive account information as it is surely a scam.

2.  Websites that have incorrect URLs

A tell-tale sign of a fake website is the usage of incorrect suffixes in the URL of the website. ALL government websites will end with ‘www.(agency name).gov.sg’. All Singapore government websites end with gov.sg. Only government websites are allowed to use .gov domain names. Many fake government websites will use domain names such as .org or .net. Below is an example of a fake website with a comparison of the real one. 

3. Websites that are not secure

Legitimate websites will use encryption to help ensure that your payment information remains safe. You can see if a site uses encryption by looking for a lock symbol in the browser window. You should also check that the address starts with “https://” rather than just “http://”. Do not enter payment information on any site that is not secure.

4. Grammatical errors

Watch out for poor English or grammatical errors as it could mean that the site is not genuine and was put together quickly by someone looking to make a quick profit. Before divulging any personal information, take a few moments to browse the website. Read through the ‘About Us’ or ‘Contact Us’ page and see if you see anything suspicious. 

5. Use of low-resolution images

Scammers usually put up fake sites quickly, resulting in poor quality websites. If the ministry logo or text appears to be in poor resolution, this might be an important clue that this website should not be trusted.

We would also like to remind readers not to click on links in suspicious or unsolicited e-mails.

Netizens who have shared their passwords or usernames should change their passwords immediately and those who have given out personal information should make a police report.

Stomp has been playing an active role in debunking fake news and false allegations. Check out how Stomp fights fake news here.