12 Mar 2025
Source: CPF Board
Technology can be both a boon as well as a dangerous tool. While its convenience can help you in your daily life, it can also be used by scammers to trick you into giving your personal information or money. As previously covered in this article on how to stay safe from scams, scammers can use a variety of methods to steal your information. One of the common methods is the use of phishing links.
What are phishing scams?
Phishing scams are where the scammer pretends to be from a reputable or trustworthy source, in order to get you to trust them and click on the links in the emails. Once you click the link, the scammer will either steal your account, passwords or other information. Oftentimes, this is done via a fake site that masquerades as a legitimate site to trick you into providing your login information to the scammer.
Phishing scams and spoofing are both forms of deception where the scammer impersonates a trusted entity to steal your data. This can include posing as an old friend, or a representative from law enforcement or other Government agencies.
The key difference is that spoofing typically involves a person directly pretending to be someone you may know or trust, creating a false sense of connection. Phishing tends to be more impersonal, relying on the perceived authority of the organisation or service they’re impersonating to trick victims into revealing sensitive information.
How can you know if a link is genuine?
Since phishing scams rely on tricking you into clicking a link, the best way to protect yourself is to know how to identify a legitimate link from a phishing link. For example, to ensure a link genuinely leads to the CPF website or another Government website, always check that the domain ends with “.gov.sg”.
A domain forms the first part of a URL. If a “https://” prefix is included in the URL, the domain comes immediately after it:
How can you safeguard yourself being scammed?
These are ways you can protect yourself:
1. Pay attention to any misspellings, substitution of letters, and/or deliberate shifting of the “.gov.sg” portion to other parts of the URL.
2. Only click on links from trusted sources. Ways you can check the URL include:
- Desktop: Hovering your mouse cursor over the link to view the full URL.
- Mobile device: Holding your finger down on the link so that a window pops up and shows you the full URL.
3. When in doubt, look up the organisation’s website directly via search engines such as Google to ensure the website is legitimate.
4. Verify the sender:
- For emails from CPF Board: The sender’s email address must be spelt correctly and end with @cpf.gov.sg or @e.cpf.gov.sg.
- For WhatsApp messages: Ensure that the sender is “CPF Board Text Us”, the official business account, with a blue badge.
- For SMSes: They will only be sent from “gov.sg” sender ID.
5. When you’re on the webpage, take precaution and be careful before providing any sensitive information, such as personal particulars or account login details.
- This includes double checking the URL and looking out for valid encryption/security certificates, for example a “lock” in the browser’s address bar.
CPF Board’s priority is to better partner members in safeguarding their CPF savings. What’s worth mentioning is the CPF Withdrawal Lock, which is part of the Board’s suite of anti-scam measures.
This function allows members aged 55 and above to instantly disable online CPF withdrawals by setting the Daily Withdrawal Limit to $0.
If you do not need to make a withdrawal immediately, you should consider activating this function to protect your CPF savings.
You can activate the CPF Withdrawal Lock at any time online under Account Settings. Here are the 3 simple steps:
Can the Withdrawal Lock be deactivated?
Yes, it can. However, doing so requires 12 hours for the changes to take effect and may require enhanced authentication, as an added precaution to safeguard your monies. All you need to do is change your Daily Withdrawal Limit to your desired amount (up to the maximum withdrawal limit), via your Account settings. However, if you wish to make a withdrawal without deactivating the Withdrawal Lock, you can book an appointment to visit us and withdraw your preferred amount in-person.
CPF Board is constantly looking for ways to improve its anti-scam measures and help you safeguard your CPF savings. With the addition of the Withdrawal Lock, you now have an additional layer of safety, giving you greater peace of mind when it comes to protecting your retirement savings.
Find out more about the anti-scam security measures available to CPF members
The information in this article is accurate as of the date of publication.
