SINGAPORE: Hyperlinks in SMSes from government agencies are still necessary when providing public services in certain circumstances, such as mobilising citizens to get vaccinated against COVID-19, said Home Affairs Minister K Shanmugam on Tuesday (Sep 13).
To mitigate the risks, if the government agency assesses that it is necessary to send hyperlinks in SMSes, the agency will only use a domain ending with .gov.sg, said Mr Shanmugam. It will also not ask users to provide their credentials through websites accessed through the hyperlinks.
Mr Shanmugam was responding to a parliamentary question from NMP Shahira Abdullah, who asked about the removal of hyperlinks from SMSes, which are known to increase the risk of phishing.
The Inter-Ministry Committee on Scams (IMCS) will continue to study the use of hyperlinks in other sectors and work with sector partners to adjust their use if necessary, Mr Shanmugam wrote in his answer.
“As scammers may pivot to other communication channels, the removal of hyperlinks in SMSes does not eliminate the risk of users falling prey to phishing attempts. Users should continue to exercise vigilance,” he added.
Earlier this year, the Government said it was reviewing its use of SMS and clickable links when communicating with members of the public.
This came after a spate of online banking scams, including an SMS phishing scam involving OCBC Bank that affected hundreds of people and saw them lose a total of about S$13.7 million.
Mr Shanmugam said the IMCS takes a “sector-based, risk calibrated” approach to the removal of hyperlinks in SMSes.
“This is in consideration of the tradeoffs, between the risks of phishing and the facilitation of services, which hyperlinks enable,” he added.
The inter-ministry committee has worked with the Association of Banks in Singapore to get banks to remove hyperlinks in SMSes sent to retail customers, said Mr Shanmugam, who is also Law Minister.