Some users confused as SMSes from legitimate firms get flagged as ‘likely scam’

SINGAPORE – Financial adviser Tan Zhi Liang thought he had been scammed after buying flight tickets to South Korea from, when he saw a booking verification SMS flagged as “likely scam”.

Mr Tan, 29, said: “I thought I had made a purchase from a scam site. I found it weird at first, but I double-checked my booking and it was there, so I didn’t worry too much then.”

He is among a handful of Internet users who received SMSes marked as “likely scam” after a new system by the Infocomm Media Development Authority (IMDA) dubbed the SMS Sender ID Registry kicked in on Tuesday to alert users to possible scam messages.

But some of these SMSes marked as “likely scam” have come from legitimate businesses for genuine communications, leading to confusion among some Internet users.

Tech consultant Tricia Chia hesitated to log into her firm’s insurance provider Cigna to make a medical claim when she received an SMS with the “likely scam” label containing a verification code.

“I got scared and didn’t dare to complete my task because I didn’t want to get scammed,” said Ms Chia, 25.

She later logged in to her account using the verification code after a friend told her about the SMS registry, and the possibility of legitimate business communications being wrongly labelled at the start.

Civil servant Xin Ng, 28, thought she had received a scam message after she tried to reset her login details on the online portal for insurance company Singlife with Aviva.

She said: “I thought it was a potential scam at first, but I felt that the SMS came as expected, and it started with the words ‘Singlife’, so I was more assured it was genuine… I checked again on the browser site I was on, and requested for the one-time password (to be sent) again before proceeding.”

Ms Ng said that while it was difficult to recognise which firms are in the clear and which are genuine scams, the registry serves as an added layer of protection for users in the long run.

The registry, which is able to detect and block spoofed SMSes upfront, currently labels SMSes that use alphanumeric sender names as “likely scam” if the senders have not listed with it. From July, SMSes from businesses not listed on the registry will be entirely blocked.

Ms Konstance Lim, 26, who received a one-time verification code from event planning app Partiful, said she thought it was a new function by the mobile network provider to flag sources that may not be widely-known.

“But I continued with it since the website was recommended by a friend, so I trusted that it won’t be a scam,” said the product manager.

Users have also received SMSes marked “likely scam” from video games platform Steam, insurance providers Great Eastern and Singlife with Aviva, and co-working platform Switch, according to screenshots seen by The Straits Times.

ST has contacted these companies for a comment. ST has also asked IMDA what it plans to do to educate users and businesses to minimise confusion.

Users had also received such SMSes from Okta, a widely-used access management provider that issues authentication codes to users. Okta told ST that it is in the midst of registration.

It is understood that several companies, including and Meta, have applied for the registry and are in the midst of getting various sender names approved. During this period, Facebook, WhatsApp and Instagram users may receive authentication SMSes labelled with a five-digit number in the interim, instead of a typical sender ID.


This website uses cookies. By continuing to use this site, you accept our use of cookies.