SINGAPORE (The Straits Times/Asia News Network): Singaporeans who receive an e-mail instructing them to transfer their outstanding stamp duty payment to an account claiming to be held in the name of the Commissioner of Inland Revenue should ignore it, the tax authority said.

The Inland Revenue Authority of Singapore (Iras) on Wednesday (Feb 22) warned of the scam phishing e-mail and advised recipients not to provide any personal, credit card or bank account details.

They should not make payments or follow any instructions in the e-mail, it added.

Those who have done so are advised to lodge a police report.

In the e-mail titled “Stamp duty matter”, recipients are told to deposit their final payment into a British bank account, which claims to be held in the name of the Commissioner of Inland Revenue.

This is the third scam attempt involving Iras in February.

The latest scam comes after the tax authority warned of a phishing website falsely labelled as a “Singapore Government Agency” website earlier this month. In an earlier advisory, Iras advised people not to provide their phone numbers or Singpass login credentials, or click on the link to the phishing website.

In the earlier attempt, a scam e-mail with the subject heading “Filed GST returns” claiming to be from Iras instructs recipients to file their goods and services tax claims.

Meanwhile, in a separate advisory on Tuesday, the police and Cyber Security Agency of Singapore cautioned people against downloading files from unknown sources.

Doing so can lead to malware being installed on mobile devices, which may result in confidential and sensitive data, such as banking credentials, being stolen, the agencies said.

“Malware may infect mobile devices through various means, including through the downloading of free software from unknown sources, opening of unknown e-mail attachments and visiting of malicious websites,” said the statement.

Users should be wary of unknown or suspicious Android Package Kit or APK files with titles such as “GooglePlay23Update.apk” and “GooglePlay.apkUpdate.apk”, as they are not official files released by Google.

If installed, they may let the attackers remotely control the mobile phones and intercept SMSes, among other risks.

The agencies advised people to download apps only from official app stores, and to check that the app is from the official developer.

Any unknown apps should be uninstalled, the statement added.