Group-IB identifies phishing campaign targeting Singapore

Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, announced today that it has identified an ongoing phishing campaign targeting residents of Singapore, under the guise of subsidies from the government. The campaign, which began in mid-December 2024, involves victims clicking on a link found in a SMS, which would redirect them to a phishing website impersonating the government portal SupportGoWhere. From there, victims would be instructed to provide their personal information and credit card details, ostensibly for verifying their identity. Along with the submission of their credit card information, the victims would also be required to provide the issuing bank’s two-factor authentication (2FA) code, in order to claim the “subsidies”.

Screenshots of (left) the SMS received by victims, and (right) the phishing website created by fraudsters, impersonating the government portal SupportGoWhere.

Screenshots of the phishing website where victims would be required to provide their personal information (left), as well as financial information for verification purposes (right).

Screenshots of the phishing website where victims would be required to provide the 2FA codes sent by their issuing bank.

At the time of reporting, CERT-GIB has uncovered 30 active fraudulent websites associated with this campaign. Additionally, 592 dormant websites, likely linked to the same threat actor, were identified. These fraudulent websites, which are housed within the .TOP domain zone, could potentially be activated as part of the scheme.

A screenshot of Group-IB’s proprietary Graph Network Analysis mapping the threat actors infrastructure

Further analysis of the phishing website has revealed that the same phishing kit used by the fraudsters is being employed across various schemes, with implementations associated with other services such as the payment of parking fines, redemption of bonus points, and resolving issues with failed deliveries, among others.

“This phishing campaign highlights the ever-increasing scale of attacks and the ability of cybercriminals to mimic a wide range of services, including those of government entities, in order to exploit trust and steal sensitive information. It is crucial for individuals to remain vigilant and cautious when receiving unsolicited messages, particularly those requesting personal or financial details.”

Vladimir Kalugin

Operational Director of Group-IB’s Unified Products

Group-IB recommends Singapore residents to take the following precautions:

Verify authenticity: Avoid clicking on unsolicited links in SMS messages, especially those claiming to offer government subsidies or urgent actions.
Check URLs: Look for inconsistencies in web addresses, especially if redirected to domains that differ from official government or business websites.
Monitor financial accounts: Regularly review credit card and bank statements for unauthorized transactions.
Report incidents: Report suspicious SMS messages or phishing attempts to relevant authorities through channels such as ScamShield.

About Group-IB

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses, citizens, and support law enforcement operations.

Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

Group-IB’s decentralized and autonomous operational structure helps it offer tailored, comprehensive support services with a high level of expertise. We map and mitigate adversaries’ tactics in each region, delivering customized cybersecurity solutions tailored to risk profiles and requirements of various industries, including retail, healthcare, gambling, financial services, manufacturing, crypto, and more.

The company’s global security leaders work in synergy with some of the industry’s most advanced technologies to offer detection and response capabilities that eliminate cyber disruptions agilely.

Group-IB’s Unified Risk Platform (URP) underpins its conviction to build a secure and trusted cyber environment by utilizing intelligence-driven technology and agile expertise that completely detects and defends against all nuances of digital crime. The platform proactively protects organizations’ critical infrastructure from sophisticated attacks while continuously analyzing potentially dangerous behavior all over their network.

The comprehensive suite includes the world’s most trusted Threat Intelligence, The most complete Fraud Protection, AI-powered Digital Risk Protection, Multi-layered protection with Managed Extended Detection and Response (XDR), All-infrastructure Business Email Protection, and External Attack Surface Management.

Furthermore, Group-IB’s full-cycle incident response and investigation capabilities have consistently elevated industry standards. This includes the 77,000+ hours of cybersecurity incident response completed by our sector-leading DFIR Laboratory, more than 1,400 successful investigations completed by the High-Tech Crime Investigations Department, and round-the-clock efforts of CERT-GIB.

Time and again, its solutions and services have been revered by leading advisory and analyst agencies such as Aite Novarica, Gartner®, Forrester, Frost & Sullivan, KuppingerCole Analysts AG, and more.

Being an active partner in global investigations, Group-IB collaborates with international law enforcement organizations such as INTERPOL, EUROPOL and AFRIPOL to create a safer cyberspace. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.

Group-IB identifies phishing campaign targeting Singapore residents disguised as SupportGoWhere government website