Thwarting Phishing Expeditions

April 7, 2025

5 min read

How to recognise scam emails and prevent yourself and your loved ones from getting phished.

The Automobile Association of Singapore (AA Singapore) has been made aware of some phishing emails ostensibly sent by the Association to members and non-members alike. These emails may offer recipients a chance to win or purchase at a discount a car emergency kit; they may also invite recipients to participate in a survey about their experience with the Association. An example of this can be seen here:

The senders’ email addresses vary and may sometimes look similar to, but they do not match the Association’s domain, which always end in ‘@aas.com.sg’.

What to do if you receive such emails

The Association urges members to play their part in protecting themselves from these email scams.

One basic steps is for members to check the email address of the sender. To do this, click on or hover your mouse over the sender’s name. If the email originated from the Association, the email address should end with ‘@aas.com.sg’.

Any email claiming to be from the Association with a different domain name is a scam; do not click on anything in the email — neither the body text nor attachments — and delete it immediately. If you have entered your credit card details into any associated links, inform your bank immediately and seek assistance.

If you are ever unsure of the legitimacy of a communication from the Association, do not hesitate to contact us at aasmail@aas.com.sg for verification — AA Singapore will never ask for sensitive information (credit card number, password, etc) or offer unsolicited gifts in this manner.

As members may be receiving phishing emails from a wide variety of scammers, not just those who claim to be from AA Singapore, here are the typical characteristics that a scam email may display. Do note that such emails may contain combinations of these characteristics.

Mismatched / Misleading information

If there is a mismatch between the domain name of the sender’s email address and the organisation the sender claims to be from, delete the email. For example, genuine emails from organisations usually have domain names that have the respective organisations’ name or initials in the domain name. Be very careful when the email addresses end with a generic ‘@yahoo.com’ or ‘@gmail.com’.

Be wary of letter substitutions to make the domain name look legitimate. For example, instead of ‘AA’ or ‘AAS’, the scammer could use ‘Aa’ or even ‘Automobile Association’. This applies to websites (check their URLs), too, no matter how closely they resemble the authentic websites.

Urgent / Threatening language

Be suspicious if the email contains phrases such as “urgent action required” or “your account will be terminated”. Such wordings are meant to make you panic, and pressure you into replying quickly with confidential information. If you have good reason to believe it is a scam, delete the email immediately.

Alternatively, before deleting the email, call the sender on a publicly available number (do not use the contact details given in the email as the scammers could have personnel impersonating staff from the sending organisation) to verify that the email is authentic.

Attractive rewards

Instead of using threatening phrases, scammers sometimes go to the other extreme, offering amazing deals or valuable prizes — all you need to do is to click on a pop-up or complete an email survey to win! This is another attempt to encourage you to act immediately. Remember that old saying, “If it sounds too good to be true, it probably is”? It applies to this type of phishing emails — always.

If you wish to give such an email the benefit of the doubt, then verify by contacting the sender (again, do not use contact details provided in the email, but use those that are publicly available, eg on the organisation’s website).

Confidential information required

Responsible organisations will never ask for your personal information (NRIC, login credentials, credit card details, etc) via email. Scammers can pretend to be from government organisations (SP, IRS, ICA, CPF, etc) or financial institutions (banks, credit unions, etc), and request for such information via email. While receiving an email from such authoritative organisations may make you feel like you need to reply promptly, you should be very suspicious if you get an email from your ‘bank’ requesting private information.

If you wish to show deference to such important organisations, then contact them directly to clarify (again, do not to use the contact details provided in the email).

Unexpected emails

Scammers often test their luck by sending broadcast emails to large groups of people, hoping that someone vulnerable to such phishing expeditions falls for their ruse. So if you receive an email that is unexpected — for example, the email contains an invoice for an item you know you did not buy — do not click on the links and attachments, and delete the email immediately.

On the other hand, if you wish to verify, follow the method described above.

Suspicious attachments

In this day and age, it is almost an automatic response to click open an email attachment. Do curb this instinct and exercise caution instead — emails sent by scammers often include attachments that, when clicked, infect your device with malware that steals your data.

Look out for suspicious attachment names and file types. If the attachment is unfamiliar to you, or uses an uncommon file type such as .exe, delete the email.