- Joined
- Jul 25, 2008
- Messages
- 14,913
- Points
- 113
Singaporean's home address illegally changed by scammers via ICA service, triggering banking nightmare
In December, Raymond Tan discovered that his home address had been changed without his knowledge. His Singpass account was then frozen, disrupting his access to essential government services.
The Immigration and Checkpoints Authority (ICA) Building in Singapore.
Tang See Kit
18 Feb 2025SINGAPORE: A rude shock followed by worries and frustration – 2025 has so far been an emotional rollercoaster for Mr Raymond Tan after he discovered that his home address registered with the authorities was changed without his knowledge.
The Singaporean is one of 71 people whose addresses were illegally altered by scammers via the Immigration and Checkpoints Authority’s (ICA) electronic service.
Parts of this e-service have been halted since Jan 11 so ICA can roll out further security measures. Authorities have also suspended the Singpass accounts of all affected individuals.
For Mr Tan, who is in his forties, the knowledge that his personal details in a government system can be accessed and changed by fraudulent actors has been unnerving.
While the suspension of his Singpass account has caused inconveniences, the biggest shock came when his personal bank accounts were nearly shut down.
“It has not been a peaceful start to the new year,” Mr Tan told CNA in an interview on Wednesday (Feb 12).
A TROUBLING DISCOVERY
Mr Tan first realised something was amiss on Dec 30 while purchasing travel insurance at the airport.Using MyInfo, a digital service that auto-fills forms with government-stored data, he noticed his home address had been changed to an unfamiliar Housing Board unit in Commonwealth Drive.
“I called Singpass immediately. They said they didn’t know what happened, but they gave me the option to freeze my Singpass. Of course, I did that,” he recounted.
Fearing further unauthorised access, he agreed to additional security measures requiring a video call for his Singpass account to be reinstated.
Still, even while on holiday, questions lingered in his mind.
“I was thinking if it means that my account had been compromised and if so, how long has it been and what else is affected,” Mr Tan said.
“I checked everything else, like the history of my Singpass transactions and my banking apps, and they seemed okay. So I told myself maybe it’s just a glitch and not something bad.”
But his fears were confirmed on Jan 11 when ICA disclosed that scammers had exploited vulnerabilities in its online service to alter residential addresses.
Mr Tan has since been issued a new identity card.
While he understands the need for his Singpass account to remain suspended during investigations, the situation has caused some disruptions. Without Singpass – an authenticator for various public and private sector digital services – he could not retrieve documents needed for his domestic helper's six-monthly medical examination.
He also could not proceed with his appointment as a donee in his father-in-law's Lasting Power of Attorney. An LPA is a legal document that allows individuals to appoint others to make decisions on their behalf if they become mentally incapacitated.
“Things like these are quite time-sensitive, especially with my father-in-law's advanced age … But I was told by the officer-in-charge that there’s no offline option to do this without my Singpass,” said Mr Tan.
To add to his stress, he discovered that his personal bank accounts at CIMB and OCBC had been put under review.
On Jan 27, he could not log into CIMB's internet banking service. His brother was also unable to access their joint account. Though resolved the next day, no explanation was provided as to why the review was initiated.
Two days later, in the midst of Chinese New Year celebrations, Mr Tan found that he could not transfer funds to his OCBC savings account. A call to the bank revealed that all his accounts, including joint accounts with his children, had been under review since Jan 20.
The biggest shock came on Feb 3 when letters from OCBC arrived saying that his accounts would be closed within 14 days due to “a change in the profile and/or activities”.
“We regret to inform you that we can therefore no longer provide products and/or services to you,” the OCBC letters said.
Frustrated, he pressed the bank for an explanation but received none.
“If this is due to the address issue, the bank can make it more troublesome for me, like requiring me to go down in person for transactions as a temporary measure, and that’s okay. But to suddenly want to close my and my children’s accounts without an explanation, I felt quite bullied,” he said.
OCBC eventually reversed its decision, informing Mr Tan last Thursday that his accounts would not be closed.
In response to CNA’s queries, OCBC said it reviews customers’ accounts for risk management purposes, sometimes leading to closures due to suspicious activities or law enforcement requests.
Generally, when an account is flagged as suspicious, the bank immediately places a hold on it to prevent potential misuse or to protect customers from unauthorised and fraudulent transactions, said Mr Beaver Chua, head of anti-fraud at OCBC’s group financial crime compliance.
This hold is followed by a thorough review to ensure accuracy. During this process, the bank cannot disclose specific details as doing so could compromise the investigation.
“Once the review is completed and a customer’s account is found to be compliant, we will release the hold on the account. Otherwise, the account will be closed if it is found to be suspicious or misused by bad actors,” said Mr Chua.
Similarly, CIMB said it takes a proactive approach to combating scams by working with regulatory authorities and law enforcement agencies.
“By implementing enhanced security measures swiftly, we remain committed to protecting our customers’ bank accounts,” a spokesperson said.
“NOTHING MUCH I CAN DO”
Authorities said scammers exploited an “Others” option in ICA’s online service, which allowed address changes through a proxy. The process required a Singpass login, the applicant's NRIC number and date of issue, and a verification PIN mailed to the new address.The scammers used "relinquished" Singpass accounts to impersonate proxies and fraudulently change victims' addresses, said Minister of State for Home Affairs Sun Xueling in a parliamentary update earlier this month.
She also said that ICA’s change of address e-service, launched in 2020, included safeguards such as requiring the NRIC's date of issue. However, these measures have proven inadequate as malicious actors managed to get hold of the information.
Mr Tan speculates that his NRIC details may have been compromised through common practices such as exchanging IDs for building entry passes or submitting photocopies for major purchases such as cars.
“Until the incident happened, I don't think anybody really thought that the IC’s date of issue is so important,” he said.
Even after resolving his banking issues, Mr Tan remains on guard. Just last week, he received a notification from an insurer about a change in his contact details – which triggered a flurry of calls and emails before the insurer confirmed it was "a glitch".
He continues to worry about how much of his personal information is in the hands of scammers and the impact this could have on him and his family.
“If this person was able to change my address, did he also get into other parts of my account? If he has all my information, what will he do with it? Can he masquerade as me?” he said with a sigh.
“At this point, I will say that I feel quite helpless. It seems like there's nothing much I can do.”
