SINGAPORE: The Singapore Police Force on Monday (Nov 24) ordered Apple and Google to take steps to prevent government impersonation scam messages on iMessage and Google Messages.
These measures are aimed at preventing the spoofing of “gov.sg” SMS sender ID and government agency names, said the Ministry of Home Affairs (MHA) in a press release on Tuesday.
Spoofing refers to a technique cybercriminals use to disguise themselves as a known or trusted source.
The mandated measures include preventing accounts and group chats from displaying names that spoof “gov.sg” or government agencies, or filtering messages from accounts and group chats with such names.
Apple and Google must also ensure that the profile names of unknown senders are not displayed or displayed less prominently than their phone numbers, said MHA.
“This would help users better identify and be wary of unknown senders,” it added.
The implementation directives, which were issued by the police under the Online Criminal Harms Act, require the companies to comply by Sunday.
Apple and Google have indicated that they will comply with the directives, said MHA.
"We urge the public to regularly update the iMessage and Google Messages apps on their mobile devices, to ensure that the latest anti-spoofing safeguards are in place," added the ministry.
Government official impersonation scams are on the rise.
According to police data, the number of such cases reported almost tripled in the first half of 2025, increasing by 199.2 per cent to 1,762 cases, up from 589 cases during the same period last year.
Such cases also recorded the second-highest loss among all scam types in the first half of this year, with about S$126.5 million lost.
Government official impersonation scams accounted for about 28 per cent of all scam cases and 34 per cent of all scam losses in the first half of the year.
To protect the public from such scams, government agencies have been using the “gov.sg” sender ID to send SMSes to make legitimate government messages easily identifiable.
"While we have imposed this and other safeguards like the SMS Sender ID Registry (SSIR) on SMSes, they currently do not apply to messages sent via iMessage and Google Messages," said MHA.
The "gov.sg" sender ID is not used to send messages via iMessage and Google Messages, said the ministry.
However, some might assume that the iMessages or Google Messages that they receive from accounts claiming to be from “gov.sg” are legitimate, as they appear alongside official SMSes and are not easily distinguishable.
“The police have already seen scams involving the impersonation of other SSIR-registered SMS sender IDs on iMessage and Google Messages,” said the ministry.
These include over 120 cases involving the impersonation of SingPost, it added.
“There is therefore a need to put in place measures to deter the abuse of iMessage and Google Messages by scammers.”
The Online Criminal Harms Act, passed in July 2023, allows the relevant authority to issue directives to online service providers to put in place any system, process or measure, if the authority is satisfied that this is necessary or expedient to address a relevant offence.
Online service providers that fail to comply with the implementation directive without a reasonable excuse may be fined up to S$1 million (US$770,000).
In the case of a continuing offence, they may be further fined up to S$100,000 for every day or part of a day during which the offence continues after conviction.
The Singapore government previously ordered Meta to put in place measures such as facial recognition to curb Facebook impersonation scams.
Continue reading...
These measures are aimed at preventing the spoofing of “gov.sg” SMS sender ID and government agency names, said the Ministry of Home Affairs (MHA) in a press release on Tuesday.
Spoofing refers to a technique cybercriminals use to disguise themselves as a known or trusted source.
The mandated measures include preventing accounts and group chats from displaying names that spoof “gov.sg” or government agencies, or filtering messages from accounts and group chats with such names.
Apple and Google must also ensure that the profile names of unknown senders are not displayed or displayed less prominently than their phone numbers, said MHA.
“This would help users better identify and be wary of unknown senders,” it added.
The implementation directives, which were issued by the police under the Online Criminal Harms Act, require the companies to comply by Sunday.
Apple and Google have indicated that they will comply with the directives, said MHA.
"We urge the public to regularly update the iMessage and Google Messages apps on their mobile devices, to ensure that the latest anti-spoofing safeguards are in place," added the ministry.
Also read:
Government official impersonation scams are on the rise.
According to police data, the number of such cases reported almost tripled in the first half of 2025, increasing by 199.2 per cent to 1,762 cases, up from 589 cases during the same period last year.
Such cases also recorded the second-highest loss among all scam types in the first half of this year, with about S$126.5 million lost.
Government official impersonation scams accounted for about 28 per cent of all scam cases and 34 per cent of all scam losses in the first half of the year.
To protect the public from such scams, government agencies have been using the “gov.sg” sender ID to send SMSes to make legitimate government messages easily identifiable.
"While we have imposed this and other safeguards like the SMS Sender ID Registry (SSIR) on SMSes, they currently do not apply to messages sent via iMessage and Google Messages," said MHA.
The "gov.sg" sender ID is not used to send messages via iMessage and Google Messages, said the ministry.
However, some might assume that the iMessages or Google Messages that they receive from accounts claiming to be from “gov.sg” are legitimate, as they appear alongside official SMSes and are not easily distinguishable.
“The police have already seen scams involving the impersonation of other SSIR-registered SMS sender IDs on iMessage and Google Messages,” said the ministry.
These include over 120 cases involving the impersonation of SingPost, it added.
“There is therefore a need to put in place measures to deter the abuse of iMessage and Google Messages by scammers.”
The Online Criminal Harms Act, passed in July 2023, allows the relevant authority to issue directives to online service providers to put in place any system, process or measure, if the authority is satisfied that this is necessary or expedient to address a relevant offence.
Online service providers that fail to comply with the implementation directive without a reasonable excuse may be fined up to S$1 million (US$770,000).
In the case of a continuing offence, they may be further fined up to S$100,000 for every day or part of a day during which the offence continues after conviction.
The Singapore government previously ordered Meta to put in place measures such as facial recognition to curb Facebook impersonation scams.
Continue reading...