Ng Wei Chang, Yuen Mun Fei, and Koh Hong Yan, three Singaporeans, found themselves in hot water for their involvement in unauthorized attempts to change residential addresses on an online service provided by the Immigration and Checkpoints Authority (ICA). The trio appeared in a district court on Friday morning, facing charges under the Computer Misuse Act.
Ng Wei Chang, 30, was charged with unauthorized disclosure of an access code for an unlawful purpose. He allegedly abetted the disclosure of a six-digit PIN to gain access to data held in the ICA e-service to illegally change the registered addresses of unknown individuals without their knowledge around October 1, 2024.
Yuen Mun Fei, 38, faced charges for transmitting Koh Hong Yan’s user identification, password, and one-time password for the national digital identity service in November 2024. These credentials were allegedly to be used in committing an offense under Section 3(1) of the Computer Misuse Act, covering unauthorized access to computer material.
Koh Hong Yan, 26, was charged with disclosing his SingPass user identification, password, and one-time password to Yuen Mun Fei for an unlawful purpose on December 16, 2024. For these offenses, the punishment for a first-time offender could result in a jail term of up to three years, a fine of up to S$10,000 (US$7,300), or both.
The prosecutor revealed that the offenses were believed to be syndicated, leading to a request for the trio to be remanded for a week for the police to conduct a raid and investigations. All three have been remanded with permission to be taken out for investigations and are set to return to court on January 24.
ABUSE OF ICA’S E-SERVICE
The issue of attempts to illegally change other people’s home addresses came to light on January 11 when the ICA disclosed about 80 such cases identified. These attempts were made through an option on the e-service that allowed the residential address to be changed by a proxy.
The e-service was suspended on January 11 and partially restored on January 14, with the proxy option removed. About seven suspects have been arrested and are suspected of being responsible for at least 30 cases of attempted unauthorized address changes. The perpetrators managed to change addresses successfully in about 75 percent of the attempts, using stolen or compromised Singpass accounts.
The perpetrators acquired the NRIC number and NRIC date of issue of the victims to enter these details into the e-service. The e-service then sent a verification PIN mailer to the registered address set by the perpetrator, who could access the mailer to confirm the change. Once the victim’s residential address was changed, it was used to set a new password for the victim’s Singpass account by requesting a new Singpass PIN to be mailed there.
“It is likely that the perpetrators are using stolen or compromised Singpass accounts and letterboxes of third parties to generate more mule accounts to use for scams and other cybercrimes,” ICA stated.
I once fell victim to a cybercrime scam myself, and it was a wake-up call about the importance of safeguarding personal information online. Remember, protecting your digital identity is crucial in today’s interconnected world. Stay vigilant and ensure your online accounts are secure to prevent falling prey to malicious activities.