• IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here.

    The OTHER forum is HERE so please stop asking.

Scammers trick victims into filling in Google forms with 'Singapore Police Force' insignia

Singapore Dancing Spirit

Singapore Dancing Spirit

Alfrescian
Loyal
https://www.channelnewsasia.com/sin...ice-force-insignia-gift-voucher-email-3128796

Beware of a new phishing scam variant where victims are tricked into filling in a Google form with the “Singapore Police Force” insignia.
In an advisory on Wednesday (Dec 7), the police said victims would first receive an unsolicited email about claiming a gift voucher.

When they click on the embedded URL, they are directed to a webpage to enter their credit or debit card information, security code and one-time password.
A fraudulent transaction would then be made to the card.
“Shortly after the transaction, the scammers would contact the victim and introduce themselves as bank staff who are following up on the fraudulent transaction,” said the police.
Victims would then be directed to a Google form fraudulently bearing the Singapore Police Force (SPF) insignia along with a fake police case number. They would fill in their personal particulars on the pretext of lodging a police report.
“The scammers, posing as bank staff, would then perpetuate other scams through the victim after gaining his trust,” said the police, adding that victims may be told to download a malicious software application that allows the scammers to take control of their computer.


IMG_4566.jpg
An example of the phishing link with the Singapore Police Force insignia. (Images: SPF)
“The scammers would then access the victim’s Internet banking accounts to make unauthorised transactions.”
The police reminded members of the public not to click on dubious URL links provided by unofficial sources.
“SPF will not ask members of the public to provide information on scams or lodge reports through Google forms,” they added.

 
Singapore Dancing Spirit

Singapore Dancing Spirit

Alfrescian
Loyal
GOOGLE FORM SCAMS ARE PREVALENT AS SG GOVERNEMT APPROVE SUCH FORMS IN SG

GOOGLE WANTS TO BE A MONOPOLY AS SINGAPORE GOOVERNMENT simply/ blindly SUPPOPRTS IT, despite the fact that Google Forms CAN EASILY BE exploited by scammers to steal passwords and credentials


The researchers found that links remained active for several months after being added to public phishing databases and were later removed by Google after Zimperium team reported the issue to the search giant. Scammers used more than 25 brands and 265 different Google Forms to dupe unsuspecting users of top brands. Their analysis found that more than 70% of the sites targeted AT&T (or Yahoo and AT&T together). Other brands include Citibank, Mexican government, Microsoft Outlook, Office 365, Wells Fargo, Yahoo and others.

“Whether a company’s logo or brand was used once or several times on different Google Forms, the phishing dangers were very real,” Zimperium said in a report.

Google Forms are very attractive from a phishing perspective as it is easy to use and hosted under Google domain, it added. Besides, Phishing detectors based on domain antiquity won’t work in this site. Google Forms also provide a valid SSL certificate which implies that a user is relying on the ‘secure’ indication of the browsers.

Google forms state automatically at the base of each form “never submit password via Google forms”, but this is evidentially ignored by many victims. Researchers showed how hackers created Google Forms to trick users to steal AT&T user’s credentials.

The form wasn’t detected as phishing as it used a high-reputation domain, established several years ago, and it used a valid SSL certificate. A similar form was created to target Office 365 users where hackers were trying to get Wells Fargo banking credentials.

Attackers even created a form trying to get a user’s Google Doc credential.

According to Zimperium’s research, the amount of phishing websites using HTTPS traffic rose from 12% in early 2019 to almost 60% as of November.

WARNING

Do not use Googlepay or ApplePay even if SG Government is blind to act. Singapore GovTech Apps all using Google and AWS as cloud services. All SG public and government data information from the CLOUD has already been leaked out to their respective databases they are keeping for the stolen data. This is a day light robbery as Google ot Apple do not have a genuine accounting firm doing g any auditing.

. You will all knew the truth in due time as I would expose all the charlatans behind the BIGGEST SCAMS ever in human history
 
You must log in or register to reply here.

Similar threads

Scrooball (clone)
Chitchat 19 victims lost S$7,000 to luggage scam impersonating 'iShopChangi' & ‘Rimowa’
Replies
0
Views
496
Scrooball (clone)
Scrooball (clone)
gsbslut
7 arrested for alleged involvement in SMS banking-related phishing cases
Replies
4
Views
621
zhihau
zhihau
gsbslut
tio scam then tio scam again.
Replies
7
Views
499
Leungsam
Leungsam
P
Serious 19 Cheapskate Sinkies Scammed by Faked iChangi Website to Buy Cheap Rimowa!
Replies
4
Views
613
eatshitndie
eatshitndie
gsbslut
Two men arrested after victims of China official impersonation and ‘kidnap’ scam lost more than RM1.57mil in Singapore
Replies
2
Views
524
worcer
W
Top