Cyber Aid

Use this tool to describe your cybersecurity incident – we will help you identify the issue and offer advice on how to resolve it. If you are an IT specialist, please use our technical form instead.

Tell Us What Happened

I would like to report something that happened to...
I have an issue with
We have an issue with
which
which
I
I
I
which
which
We
We

This sounds like a phishing email.

Phishing is a social engineering technique used to obtain sensitive information such as usernames, passwords and credit card details.

Do not open any attachments or follow any links in the email.

If you downloaded any attachments, we recommend updating your anti-virus and performing a full scan on the device.

If you followed the link and provided sensitive information, consider measures such as changing passwords of affected online account(s) and/or contacting your bank and monitoring for suspicious transactions.

Please use link below to send us the email so we can review it. This also enables us to understand current phishing trends and help us to alert and assist a broader range of individuals and organisations.
Report a Phishing Email

This sounds like a phishing email.

Phishing is a social engineering technique used to obtain sensitive information such as usernames, passwords and credit card details.

Do not open any attachments or follow any links in the email.

If you downloaded any attachments, we recommend updating your anti-virus and performing a full scan on the device.

If you followed the link and provided sensitive information, consider measures such as changing passwords of affected online account(s) and/or contacting your bank and monitoring for suspicious transactions.

Please use link below to send us the email so we can review it. This also enables us to understand current phishing trends and help us to alert and assist a broader range of individuals and organisations.
Report a Phishing Email

This sounds like an extortion scam email.

Extortion scam emails are designed to trick and coerce potential victims into paying a sum of money to avoid the release of sensitive information that the scammer claims to be in possession of, e.g. indecent pictures/videos and/or passwords.

We recommend that you change your email account password and delete the email. Learn more about how you can create a strong password here: Cyber Tip - Use Strong Passwords And Enable 2FA.

If you wish to find out more about scams, you may visit https://www.scamalert.sg/types-of-scams or call the anti-scam helpline at 1800-722-6688 for more information.

If any payments were made, consider lodging a Police report at the nearest Neighbourhood Police Centre/Post or online via Police e-Services.
Police e-Services

Your account credentials may have been leaked online.

We recommend changing your password to a strong one immediately and enabling two-factor authentication (2FA), if available. Do not use the same password for different online accounts.

Learn more about how you can create a strong password here: Cyber Tip - Use Strong Passwords And Enable 2FA.

In addition, turn on login alerts, if available. The platform should send you an alert when someone logs into your account from an unrecognised device or browser. Review any unrecognised login sessions immediately for unusual account activities.

Please remember to always log out from online accounts when not in use.

This sounds like defacement.

Website defacement is a type of attack that changes the visual appearance of the website.

If you are the owner of the affected website, we recommend that you perform an anti-virus scan to remove malicious files from the server, and ensure that your systems are patched and up-to-date.

If you are not the owner of the affected website, please provide us with the details of the defaced website (e.g. URL, screenshots) for our analysis via the reporting form.
Report Incident

This sounds like a phishing site.

Phishing is a social engineering technique used to obtain sensitive information.

Phishing websites trick a victim into thinking that it is a legitimate website and tries to obtain the victim's online account credentials and passwords, credit card details or other sensitive personal information.

Always check the url of the website to verify that it is the legitimate site before providing your account credentials or other sensitive data. Learn more about how you can spot signs of phishing here: Cyber Tip – Spot Signs of Phishing

Please provide us with the details of the phishing website such as the website URL and screenshots of the site for our analysis via the reporting form.
Report Incident

This sounds like a vulnerability.

A website vulnerability refers to a weakness or misconfiguration in a website or web application code, which could allow an attacker to gain some level of control of the site and possibly the hosting server.

For vulnerabilities affecting a Government website, please make a report at https://www.tech.gov.sg/report_vulnerability.

For vulnerabilities affecting non-government websites, please provide us with the details of the vulnerability for our analysis via the reporting form.
Report Incident

This sounds like impersonation.

Impersonation refers to the use of an online account that appears as though it is the legitimate account that belongs to you.

We recommend that you report the impersonation account to the platform's support team for their assistance to resolve the issue.

If you suspect that the account is being used to commit fraudulent activities, consider lodging a Police report at the nearest Neighbourhood Police Centre/Post or via Police e-Services.
Police e-Services

This sounds like a phishing attempt.

Phishing is a social engineering technique used to obtain sensitive information such as one-time password (OTP) on the pretext of lucky draws, contests or security verification. Once the scammer gets hold of the OTP, they will be able to gain access to the victim's online account.

Do not share your OTP with anyone, even if requested by a contact you may know; verify the authenticity of the message through alternative means (e.g. calling the contact).

If you can no longer access your online account, contact the platform's support team directly to report this issue and request for their assistance.

If the affected account is an iBanking account or linked to credit/debit cards, check for and report any fraudulent transactions to the bank immediately.

If you suspect that the account is being compromised and/or used to commit fraudulent activities, you may wish to make a Police report at the nearest Neighbourhood Police Centre/Post or online via Police e-Services.
Police e-Services

This sounds like a compromised account.

If you can no longer access your account, please contact the online platform's support team directly to report this issue and request for their assistance.

Once you have regained access to your account, we recommend logging out from all active sessions on your account, changing your password to a strong one, and enabling two-factor authentication (2FA), if available. Do not share your OTP with anyone, even if requested by a contact you may know.

Learn more about how you can create a strong password here: Cyber Tip - Use Strong Passwords And Enable 2FA.

If the affected account is an iBanking account or linked to credit/debit cards, check for and report any fraudulent transactions to the bank immediately.

If you suspect that the account is being used to commit fraudulent activities, consider lodging a Police report at the nearest Neighbourhood Police Centre/Post or online via Police e-Services.
Police e-Services

Your account credentials may have been leaked online.

We recommend changing your password to a strong one immediately and enabling two-factor authentication (2FA), if available. Do not use the same password for different online accounts.

Learn more about how you can create a strong password here: Cyber Tip - Use Strong Passwords And Enable 2FA.

In addition, turn on login alerts, if available. The platform should send you an alert when someone logs into your account from an unrecognised device or browser. Review any unrecognised login sessions immediately for unusual account activities.

Please remember to always log out from online accounts when not in use.

This sounds like ransomware.

Ransomware is a type of malware that holds a victim's files ransom via encryption, denying access until the ransom is paid.

If you have been infected with ransomware, you can refer to this advisory for basic mitigation steps.

Please provide us with additional information (e.g. screenshots of ransom note and encrypted files) for our review via the reporting form. This will enable us to understand the scope and nature of the incident, as well as alert and assist a broader range of individuals and organisations.
Report Incident

This sounds like malware.

Malware is malicious software designed to cause damage to a device or steal sensitive information.

You are advised to follow the instructions provided by your anti-virus software on the affected device to remove the malware.

As a good practice, use legitimate software (including your anti-virus) from reputable vendors. Ensure your software is kept up-to-date with the latest security patches. Enable automatic updates (where possible).

If unsure, please provide us with additional information (e.g. screenshots) via the reporting form for our review so that we can advise on possible next steps.
Report Incident

This sounds like ransomware.

Ransomware is a type of malware that holds a victim's files ransom via encryption, denying access until the ransom is paid.

If you have been infected with ransomware, you can refer to this advisory for basic mitigation steps.

Please provide us with additional information (e.g. screenshots of ransom note and encrypted files) for our review via the reporting form. This will enable us to understand the scope and nature of the incident, as well as alert and assist a broader range of individuals and organisations.
Report Incident

This sounds like a tech support scam.

Tech Support Scams involve scammers claiming to be staff of Telco Service Providers or Government agencies who need to investigate/perform repair actions on a victim's computer.

The scammers would direct the victim to download and install remote access applications on the pretext of helping to resolve the issues. The scammers will then attempt to trick the victim to log in to their online accounts, such as iBanking services, and use their remote access to make unauthorised transactions from the victim's account.

Telco Service Providers and Government agencies will not ask for your details or request payment for services rendered over the phone. For more information, please refer to our advisory on Tech Support Scams.

If you suspect that your account has been compromised and/or used to commit fraudulent activities, you may wish to make a Police report at the nearest Neighbourhood Police Centre/Post or online at https://eservices.police.gov.sg.

Should your account be an iBanking account or one that is linked to credit/debit cards, check for fraudulent transactions or card charges and report them to the bank immediately (if any).
Report Incident

This sounds like a network connectivity issue.

Network connectivity issues can include difficulty connecting to the internet via Wi-Fi and intermittent connectivity.

You may try restarting your modem/router and the affected devices.

If the issue persists, contact your Internet Service Provider or the device manufacturer for assistance.

It is difficult to diagnose the cause of this issue.

You may try restarting your modem/router and the affected devices.

In addition, we recommend that you update the operating system and applications on your device, as well as update your anti-virus and perform an anti-virus scan on the affected device.

If the issue persists, contact the device manufacturer for assistance.

This sounds like a network connectivity issue.

Network connectivity issues can include difficulty connecting to the internet via Wi-Fi and intermittent connectivity.

You may try restarting your modem/router (if possible) and/or resetting the network settings on your device.

If the issue persists, contact the device manufacturer or your Internet Service Provider for assistance.

This sounds like a tech support scam.

Tech Support Scams involve scammers claiming to be staff of Telco Service Providers or Government agencies who need to investigate/perform repair actions on a victim's computer.

The scammers would direct the victim to download and install remote access applications on the pretext of helping to resolve the issues. The scammers will then attempt to trick the victim to log in to their online accounts, such as iBanking services, and use their remote access to make unauthorised transactions from the victim's account.

Telco Service Providers and Government agencies will not ask for your details or request payment for services rendered over the phone. For more information, please refer to our advisory on Tech Support Scams.

If you suspect that your account has been compromised and/or used to commit fraudulent activities, you may wish to make a Police report at the nearest Neighbourhood Police Centre/Post or online at https://eservices.police.gov.sg.

Should your account be an iBanking account or one that is linked to credit/debit cards, check for fraudulent transactions or card charges and report them to the bank immediately (if any).
Report Incident

This sounds like a phishing site.

Phishing is a social engineering technique used to obtain sensitive information.

Phishing websites trick a victim into thinking that it is a legitimate website and tries to obtain the victim's online account credentials and passwords, credit card details or other sensitive personal information.

Always check the url of the website to verify that it is the legitimate site before providing your account credentials or other sensitive data. Learn more about how you can spot signs of phishing here: Cyber Tip – Spot Signs of Phishing

Please provide us with the details of the phishing website such as the website URL and screenshots of the site for our analysis via the reporting form.
Report Incident

This sounds like a phishing attempt.

Phishing is a social engineering technique used to obtain sensitive information such as one-time password (OTP) on the pretext of lucky draws, contests or security verification. Once the scammer gets hold of the OTP, they will be able to gain access to the victim's online account.

Do not share your OTP with anyone, even if requested by a contact you may know; verify the authenticity of the message through alternative means (e.g. calling the contact).

If you can no longer access your online account, contact the platform's support team directly to report this issue and request for their assistance.

If the affected account is an iBanking account or linked to credit/debit cards, check for and report any fraudulent transactions to the bank immediately.

If you suspect that the account is being compromised and/or used to commit fraudulent activities, you may wish to make a Police report at the nearest Neighbourhood Police Centre/Post or online via Police e-Services.
Police e-Services

It is difficult to diagnose the cause of this issue.

You may try restarting your modem/router and the affected devices.

In addition, we recommend that you update the operating system and applications on your device, as well as update your anti-virus and perform an anti-virus scan on the affected device.

If the issue persists, contact the device manufacturer for assistance.

This sounds like a phishing email.

Phishing is a social engineering technique used to obtain sensitive information such as usernames, passwords and credit card details.

Do not open any attachments or follow any links in the email.

If you downloaded any attachments, we recommend updating your anti-virus and performing a full scan on the device.

If you followed the link and provided sensitive information, consider measures such as changing passwords of affected online account(s) and/or contacting your bank and monitoring for suspicious transactions.

Please use link below to send us the email so we can review it. This also enables us to understand current phishing trends and help us to alert and assist a broader range of individuals and organisations.
Report a Phishing Email

Your account credentials may have been leaked online.

We recommend changing your password to a strong one immediately and enabling two-factor authentication (2FA), if available. Do not use the same password for different online accounts.

Learn more about how you can create a strong password here: Cyber Tip - Use Strong Passwords And Enable 2FA.

In addition, turn on login alerts, if available. The platform should send you an alert when someone logs into your account from an unrecognised device or browser. Review any unrecognised login sessions immediately for unusual account activities.

Please remember to always log out from online accounts when not in use.

This sounds like a Business Email Compromise.

Business Email Compromise (BEC) is an email-based fraud technique, which involves the impersonation of a high-level executive or business partner to trick employees or customers/vendors into transferring money or revealing important business information. These requests are often sent using spoofed or compromised email accounts.

Always verify the authenticity of such requests by seeking confirmation using a different medium (e.g. phone call or text message) before proceeding with the instruction.

For more information on how to protect your organisation against BEC, refer to this advisory.

You may provide more details (e.g. email sample) for our analysis via the reporting form.
Report Incident

This sounds like defacement.

Website defacement is a type of attack that changes the visual appearance of the website.

If you are the owner of the affected website, we recommend that you perform an anti-virus scan to remove malicious files from the server, and ensure that your systems are patched and up-to-date.

If you are not the owner of the affected website, please provide us with the details of the defaced website (e.g. URL, screenshots) for our analysis via the reporting form.
Report Incident

This sounds like a vulnerability.

A website vulnerability refers to a weakness or misconfiguration in a website or web application code, which could allow an attacker to gain some level of control of the site and possibly the hosting server.

For vulnerabilities affecting a Government website, please make a report at https://www.tech.gov.sg/report_vulnerability.

For vulnerabilities affecting non-government websites, please provide us with the details of the vulnerability for our analysis via the reporting form.
Report Incident

This sounds like impersonation.

Impersonation refers to the use of an online account that appears as though it is the legitimate account that belongs to you.

We recommend that you report the impersonation account to the platform's support team for their assistance to resolve the issue.

If you suspect that the account is being used to commit fraudulent activities, consider lodging a Police report at the nearest Neighbourhood Police Centre/Post or via Police e-Services.
Police e-Services

This sounds like a compromised account.

If you can no longer access your account, please contact the online platform's support team directly to report this issue and request for their assistance.

Once you have regained access to your account, we recommend logging out from all active sessions on your account, changing your password to a strong one, and enabling two-factor authentication (2FA), if available. Do not share your OTP with anyone, even if requested by a contact you may know.

Learn more about how you can create a strong password here: Cyber Tip - Use Strong Passwords And Enable 2FA.

If the affected account is an iBanking account or linked to credit/debit cards, check for and report any fraudulent transactions to the bank immediately.

If you suspect that the account is being used to commit fraudulent activities, consider lodging a Police report at the nearest Neighbourhood Police Centre/Post or online via Police e-Services.
Police e-Services

Your account credentials may have been leaked online.

We recommend changing your password to a strong one immediately and enabling two-factor authentication (2FA), if available. Do not use the same password for different online accounts.

Learn more about how you can create a strong password here: Cyber Tip - Use Strong Passwords And Enable 2FA.

In addition, turn on login alerts, if available. The platform should send you an alert when someone logs into your account from an unrecognised device or browser. Review any unrecognised login sessions immediately for unusual account activities.

Please remember to always log out from online accounts when not in use.

This sounds like ransomware.

Ransomware is a type of malware that holds a victim's files ransom via encryption, denying access until the ransom is paid.

If you have been infected with ransomware, you can refer to this advisory for basic mitigation steps.

Please provide us with additional information (e.g. screenshots of ransom note and encrypted files) for our review via the reporting form. This will enable us to understand the scope and nature of the incident, as well as alert and assist a broader range of individuals and organisations.
Report Incident

This sounds like a Data Breach.

A data breach refers to an incident exposing personal data to unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.

If your organisation has suffered a data breach, you can refer to this advisory for basic mitigation steps.

If possible, please provide us with your investigation findings for our review via the reporting form. This will enable us to understand the scope and nature of the incident, as well as alert and advise a broader range of individuals and organisations.
Report Incident

This sounds like ransomware.

Ransomware is a type of malware that holds a victim's files ransom via encryption, denying access until the ransom is paid.

If you have been infected with ransomware, you can refer to this advisory for basic mitigation steps.

Please provide us with additional information (e.g. screenshots of ransom note and encrypted files) for our review via the reporting form. This will enable us to understand the scope and nature of the incident, as well as alert and assist a broader range of individuals and organisations.
Report Incident

This sounds like malware.

Malware is malicious software designed to cause damage to a device or steal sensitive information.

You are advised to inform your IT administrator of the incident. Your IT administrator should be able to advise you on the next steps.

Please provide us with additional information (e.g. screenshots) via the reporting form. This will enable us to understand the scope and nature of the incident, as well as alert and assist a broader range of individuals and organisations.

As a good practice, follow your organisation’s IT policies (if any). Use legitimate software (including your anti-virus) from reputable vendors. Ensure your software is kept up-to-date with the latest security patches. Enable automatic updates (where possible).
Report Incident