The police have arrested seven individuals for allegedly exploiting the Immigration and Checkpoints Authority’s (ICA) e-service to change registered home addresses unlawfully.
The group, consisting of six men and one woman aged between 19 and 32, is linked to at least 30 of the unauthorised attempts first highlighted by ICA on 11 January 2025.
In a press release on 14 January, the police reported that between 11 and 13 January, over 60 officers from the Criminal Investigation Department and Police Intelligence Department conducted an island-wide operation to apprehend the suspects.
Six of the individuals are being investigated under the Computer Misuse Act 1993 for the unlawful disclosure of access codes, while one faces allegations relating to Singpass accounts under the same Act.
Additional investigations are ongoing, including possible breaches of the National Registration Regulations by some suspects.
Incident details and ICA’s response
On 11 January, ICA temporarily suspended its online service following 80 reported cases of unauthorised attempts to change residential addresses. Of these, 75% were successful.
By 13 January, the total number of unauthorised attempts had risen to 87, with 69 confirmed as successful. ICA found that 17 Singpass accounts had been compromised in the process.
To address the breach, ICA resumed the service on 14 January with enhanced security measures.
Users must now perform face verification when logging into their Singpass accounts to change their addresses. However, the module allowing individuals to change addresses for others remains unavailable as ICA develops additional safeguards.
The authority has contacted all 87 affected individuals. For those unreachable by phone, house visits were conducted. ICA is assisting with replacing identity cards and restoring the legitimate registered addresses in its database. Singpass accounts linked to the affected cases have been reset or suspended.
In collaboration with the Government Technology Agency, ICA is assisting the 17 users whose Singpass accounts were compromised.
The authority reiterated its advice to the public to safeguard their Singpass accounts, stressing that these accounts are for personal use and should not be shared.
Modus operandi and preventive measures
The perpetrators exploited the “Others” module in ICA’s e-service, which allowed proxies to change addresses.
Using stolen or compromised Singpass accounts, they entered victims’ NRIC numbers and dates of issue. A verification mailer was then sent to a specified address, granting scammers access.
Once received, they requested a new PIN for the victim’s Singpass account, enabling them to set a new password and gain full control of the account.
ICA suspects the scammers intended to use these compromised accounts and third-party letterboxes to create mule accounts for scams and cybercrimes.
The police advised the public to reject suspicious opportunities promising quick financial returns in exchange for personal account access. Such schemes could implicate individuals in criminal activities.
The investigation into the incident continues, with authorities working to identify other perpetrators.