Picture this: your phone rings, and the caller identifies themselves as an officer from the Singapore Police Force or the Monetary Authority of Singapore. They speak with authority and tell you there's a serious problem with your account, one that requires your immediate cooperation. It feels urgent. It feels real. But it isn't.

Government official impersonation scams are one of the fastest-growing fraud threats in Singapore, and they don't just target individuals at home. Businesses and their employees are firmly in the crosshairs too. Understanding how these scams work and what your organisation can do to stay protected could be the difference between a close call and a catastrophic financial loss.

The numbers are alarming

This isn't a fringe problem. Government official impersonation scams surged by 123.6 per cent in 2025, reaching 3,363 reported cases, and the financial losses from this category rose by 60.5 per cent to S$242.9 million. To put that in context, government official impersonation scams ranked among the top five scam types in Singapore by total amount lost in 2025.

Even more concerning is who is being targeted. Nine out of 10 such cases involved victims falling for scammers impersonating local government officials, bank staff, or financial institution representatives, typically through phone calls. These were calculated, scripted operations run by organised syndicates.

How the scam actually works

The script is deceptively simple, and it's been refined to exploit how we naturally respond to authority. These scams typically unfolded in three stages: victims first received calls from individuals posing as bank employees; the calls were then transferred to scammers impersonating government officials such as police officers or MAS staff; and finally, victims were told their accounts were under investigation for alleged criminal activity and instructed to transfer funds for "verification."

In newer variants, the approach has become even more brazen. There has been a rise in in-person scams where victims were pressured to withdraw cash or purchase gold bars and jewellery, which were then handed directly to scammers acting as supposed law enforcement officers.

The psychological mechanics here are worth understanding. Scammers manufacture fear, urgency, and a sense of official legitimacy, all within the space of a single phone call. For employees who regularly handle financial transactions or sensitive data, this kind of pressure can be disorienting enough to override good judgement.

Why businesses are particularly vulnerable

Individuals lose money to these scams every day, but businesses face compounded risks. A single employee who acts on a fraudulent instruction can expose an entire organisation to significant harm. This is why managing human risk is increasingly seen as a core part of any serious cybersecurity and fraud prevention strategy. Technical defences matter, of course, but they can't fully account for the moment a staff member answers a convincing phone call and makes a decision under pressure.

For organisations operating in Singapore's financial and corporate sectors, working with a CREST tester in Singapore can help identify vulnerabilities in how employees respond to social engineering attacks, including impersonation scenarios that mirror exactly these kinds of scams. CREST-accredited testing provides a credible, structured way to assess how resilient your people and processes really are.

The warning signs to watch for

Scammers are skilled at making the illegitimate feel legitimate, but there are consistent red flags that can help employees pause before acting:

• Urgency and pressure – Genuine government agencies do not demand immediate financial action over the phone.
• Requests to transfer money or hand over valuables – Singapore government officials will never, under any circumstances during a phone call, ask members of the public to transfer money, disclose banking login credentials, or install apps from unofficial sources.
• Call transfers between "departments" – This multi-stage handoff is a hallmark of the scam, designed to create a false sense of institutional legitimacy.
• Threats of arrest or legal consequences – Scammers use fear to shut down critical thinking. Real law enforcement does not operate this way over an unsolicited phone call.
• Requests for secrecy – Being told not to tell family, colleagues, or your employer is a significant red flag.

What organisations should be doing

Awareness is the first line of defence, but it needs to be embedded into how your team actually operates. Here's where to start:

• Train people to pause and verify – Employees should know that it is always acceptable and expected to hang up an unsolicited call and independently verify the caller's identity through official channels.
• Establish clear internal protocols – Any request involving money transfers, account access, or sensitive credentials should require multi-step internal authorisation, regardless of how the request arrives.
• Run realistic simulations – Social engineering tests that mimic actual scam scenarios help employees build instinctive recognition rather than just theoretical knowledge.
• Create a no-blame reporting culture – Employees who think they may have fallen for a scam need to feel safe reporting it immediately. A delayed report can dramatically worsen the outcome.

The bigger picture

It would be tempting to assume that well-educated, tech-savvy professionals are immune to these tactics. The data says otherwise. Adults aged 30 to 49 were the most frequent scam victims in 2025, accounting for 36.1 per cent of cases. This is the demographic that makes up a large proportion of Singapore's professional workforce.

Scammers are not targeting ignorance. Now, they're targeting trust and the human tendency to defer to perceived authority. That's what makes impersonation fraud so effective and so difficult to counter through awareness alone.

Conclusion

Government official impersonation scams are not going away. They are evolving and growing more convincing with every iteration. The question for business owners and security leaders is whether their people are prepared when they encounter one of these calls.

At Group8, we help organisations build the kind of security posture that holds up when it matters most, including how your teams are trained to respond to social engineering, impersonation, and fraud-based attacks. If you're ready to take a serious look at how protected your business really is, get in touch with Group8 today.