Public warned of LTA and Royal Malaysia Police phishing scams targeting travellers
Police warn of phishing scams impersonating the LTA and Royal Malaysia Police, with victims losing over S$32,000. The public is urged to ignore dubious links and use official sources for toll payments.
- Phishing scams impersonating the Land Transport Authority (LTA) and Royal Malaysia Police (PDRM) are targeting Singaporean travellers.
- At least 16 scam cases have been reported in 2024, with combined losses exceeding S$32,000.
- Authorities urge the public to avoid clicking on links from SMSes using decommissioned sender IDs or claiming outstanding tolls.
Singaporean travellers are being targeted by a new phishing scam involving spoofed SMS messages claiming to be from the Land Transport Authority (LTA), the police said on 10 February 2026.
The messages, sent via the decommissioned sender ID "LTA", allege that recipients have unpaid vehicle tolls following mobile roaming in Malaysia.
The sender ID in question was officially decommissioned in July 2024 and is no longer used by the government.
Victims are prompted to click on a link embedded in the message, which leads to a phishing website designed to harvest bank card details.
According to the police, “Victims only realise that they have been scammed when unauthorised transactions are made to unknown merchants from their cards.”
Since 27 January 2026, at least 10 such cases have been reported, with estimated losses of no less than S$24,000 (approximately US$19,000).
Royal Malaysia Police impersonation scams also reported
In a separate advisory issued the same day, the police highlighted similar phishing scams involving impersonation of the Royal Malaysia Police (Polis Diraja Malaysia, or PDRM).
In this variant, victims receive SMSes allegedly from PDRM, again claiming they have outstanding toll payments to settle.
These messages also include phishing links, which prompt users to enter personal and banking information.
At least six such cases have been reported since the beginning of 2026, with combined losses of at least S$8,000.
Victims typically only become aware of the fraud after noticing unauthorised transactions in their bank accounts or on their cards.
Singapore authorities clarified that the PDRM does not collect toll payments via SMS or through embedded links. All legitimate payments are processed through the official Touch ‘n Go system in Malaysia.
Official advisories and public guidance
The police have reminded the public that all Singapore government SMS communications are sent from a single unified sender ID: "gov.sg".
Messages received from any decommissioned sender ID—such as the former “LTA”—should be regarded as fake.
Authorities have advised members of the public to:
-
Avoid clicking on links in suspicious SMSes.
-
Block and report sender numbers associated with scam messages.
-
Verify toll payment status using official websites, such as the LTA’s One Motoring portal.
A sample of phishing URLs used in the scams was also released by the Singapore Police Force to raise public awareness.
Broader scam trends and continued vigilance
These incidents are part of a broader trend of SMS-based phishing attacks (commonly referred to as “smishing”) targeting cross-border travellers and mobile roaming users.
By exploiting legitimate-sounding toll-related messages and using decommissioned or spoofed sender IDs, scammers are attempting to create a sense of urgency and authenticity.
Travellers are encouraged to stay informed about the latest scam tactics and to share warnings with friends and family, especially those who frequently travel between Singapore and Malaysia.
