7 people arrested so far for allegedly using ICA e-service to change people’s addresses
SEVEN people have been arrested for allegedly using the Immigration and Checkpoints Authority’s (ICA) e-service to change people’s registered home addresses.
In a release on Tuesday (Jan 14), the police said the six men and a woman, aged between 19 and 32, are purportedly responsible for at least 30 of the cases of unauthorised attempts first announced by ICA on Jan 11.
ICA had said then that it suspended that online service temporarily after 80 unauthorised attempts to change the registered home addresses via the service were reported, with 75 per cent of them successful.
In an update, ICA said that as at Jan 13, it found a total of 87 unauthorised attempts, 69 of which were successful.
Of these successful attempts, the culprits gained control of 17 Singpass accounts, said ICA.
The police said between Jan 11 and 13, more than 60 officers from the police’s Criminal Investigation Department and Police Intelligence Department mounted an islandwide operation to arrest the suspects.
BT in your inbox
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
Six are being investigated for offences under the Computer Misuse Act, for unlawful disclosure of access codes.
One is being investigated for unlawful disclosure of password or access code in relation to Singpass under the same Act.
Some are also being investigated by ICA for alleged breaches under the National Registration Regulations, the police said.
It added that investigations to identify the other perpetrators are ongoing.
In an update on Tuesday, ICA said it had resumed the service that allows the public to change their own address and implemented additional security measures.
Users must now perform face verification when logging in using their Singpass account.
The module that allows individuals to change the addresses for others remain unavailable.
ICA said it is working on additional security measures to prevent abuse and to safely allow the change of address by a family member or a proxy.
ICA said it is contacting all 87 affected individuals to inform them of the attempted change to their registered addresses, and house visits were made to those uncontactable by phone.
For all 87 cases, ICA said it is facilitating a replacement of their identity cards, and restoring their registered addresses in its database to their legitimate ones.
The Singpass accounts linked to all 87 cases have been reset or suspended, it added.
ICA said it is working together with the Government Technology Agency to assist the 17 users whose Singpass accounts were compromised.
The police reminded the public that Singpass accounts are strictly for personal use and should not be disclosed to others.
It added: “To avoid being implicated in criminal activities, we should always reject seemingly easy and attractive money-making opportunities that promise fast payouts in exchange for the use of our Singpass account, bank accounts or other personal accounts.”
On Jan 11, ICA said the perpetrators used stolen or compromised Singpass accounts to change the residential addresses of the victims through the “Others” module, which allows the change of address by a proxy.
After keying in the victim’s NRIC number and its date of issue, a verification mailer would be sent to the registered address specified by the scammer, allowing him to access the mailer and confirm the change of address.
Pretending to be the victim, the scammer would ask for a new PIN to be sent to the address. This allows him to set a new password for the victim’s Singpass account and gain access to it.
ICA had said: “It is likely that the perpetrators are using stolen or compromised Singpass accounts and letter boxes of third parties to generate more mule accounts to use for scams and other cybercrimes.” THE STRAITS TIMES
Copyright SPH Media. All rights reserved.
