For those interested, the OneKey token can be applied here (http://www.onekey.sg/).
At the end of the above article from Yahoo was a related news, The SingPass Scam Returns: Singaporeans, Be Wary!.
It reported that an email from SingPass Government [notification@singpass-services.gov.sg] send to “notify” users of the need for security info verification. That was phishing mail.
But I am puzzled.
In an email, the sender email states “notification@singpass-services.gov.sg”? How is that possible if the email was sent via other server? If the server is indeed registered under gov.sg, then it’s easy to catch the perpetrator because domain name registered under gov.sg or .sg is easy to be traced back to the registrant.
Unless the whole string SingPass Government [notification@singpass-services.gov.sg] was just the “display name” of the sender instead of the “email address” which is usually denoted as an angled-bracket.
What is more puzzling is that, instead of emailing government agency, why must we mail to Crimson Logic (e.g. singpass-helpdesk@crimsonlogic.com) instead? For a layperson like me, that doesn’t make sense. I would be suspicious of Crimson Logic if I am not familiar with that company or brand (which I am still unfamiliar).
Instead of showing laypersons about how to detect fraud by checking on the security certificates on their browsers, why not just enlighten them about authenticating the sender’s address? That would be the easiest, no?
For the above example, the address SingPass Government [notification@singpass-services.gov.sg] <fraudster@fraudster.com> would suggest that the email was send from fraudster.com instead of singpass-services.gov.sg.
An example of email with display name and email address (below)
If there is any doubt about the authenticity of edm.email-mk-tg.com, we can search for the registrant information via whois. Example of whois return (below).
The domain name edm,email-mk-tg.com seemed to be associated with Canon SG but the information provided is limited. For that reason, I would be extra cautious of the link/association of email from this site to Canon Inc.
