- How do I avoid falling prey to malware scams?
- How do I avoid falling prey to phishing scams?
- What should I do if I fall prey to a malware/phishing scam?
- I received a call/email/WhatsApp message from the Board regarding my enquiry. Is it a scam?
- I received an anonymous call claiming that I can sign up for a new CPF Scheme that allows me to withdraw my CPF savings, and the caller offered to meet me to sign an application form. Is it a scam?
- What are the new anti-scam security measures available to CPF members?
- Why is there a 12-hour cooling period?
- What is email spoofing?
- Why is CPF Board sending emails to advise members about email spoofing?
- What is Domain-based Message Authentication, Reporting & Conformance (DMARC)?
- Where can I find CPF Board’s email receiver checker utility tool?
- What test results would I receive when I use CPF Board’s email receiver checker utility tool?
- The utility tool results show that my email domain is not Domain-based Message Authentication, Reporting & Conformance (DMARC)-compliant. What should I do?
- How can I verify that my email domain is Domain-based Message Authentication, Reporting & Conformance (DMARC)-compliant after switching email provider, or after my current email provider’s technical team has implemented the needed protections?
- I have several email addresses. Can I use the utility tool to check if they are Domain-based Message Authentication, Reporting & Conformance (DMARC)-compliant?
- Which email service providers can identify and filter incoming Domain-based Message Authentication, Reporting & Conformance (DMARC)-compliant emails?
- What are the potential risks if I use an email service which does not comply to Domain-based Message Authentication, Reporting & Conformance (DMARC) policies?
- Am I protected against email spoofing or phishing attempts if my email service provider is Domain-based Message Authentication, Reporting & Conformance (DMARC)-compliant?
- If my email service provider implements the email security measures, does it mean that I no longer have to check that the email sender domain is from a “.gov.sg” domain for emails sent by Singapore government agencies?
- I know that I should not rely on the email display name which is easily spoofed. Isn’t it enough to check that the email sender’s domain ends with “.gov.sg”? Why do I still need to check that my email service provider implements the needed protections?
- How do I know whether the emails I receive are genuinely sent by CPF Board?
- I received an SMS from “CPF Board” informing me that there is a change in the Board’s SMS sender ID. Is it legitimate?
- Why is CPF Board standardising the SMS sender ID to “CPF Board”?
- How does CPF Board ensure that the new SMS sender ID will not be spoofed by scammers?
- I used to receive SMSes from “SG-Workfare” and “SG-SSS” on Workfare and Silver Support matters respectively but stopped receiving such SMSes after the change in SMS Sender ID to “CPF Board”. Why is that so?
- What should I do with the previous SMS messages from CPF Board?
- Why am I receiving the SMS from “CPFBoard” instead of “CPF Board”?