Singapore’s Ministry of Home Affairs has issued a blunt, nonnegotiable instruction: stop impersonating government agencies on iMessage and Google Messages. Apple and Google have been ordered to prevent accounts and group chats from using the gov.sg sender ID or other local government agency names, or to filter such messages out entirely by November 30. This is not optional. This is direct action under the Online Criminal Harms Act, and it should change how we manage communications and protect clients, staff, and ourselves.
Why this matters right now
Scammers have become brazen. The police reported victims lost 126.5 million Singapore dollars to government-official impersonation scams in the first half of 2025 — almost double the previous year. Cases have almost tripled. These are not abstract numbers. They are bank accounts emptied, retirement savings gone, and people left terrified because a message looked and felt official.
Make no mistake: this order targets a real vulnerability. The gov.sg sender ID has helped people quickly recognise legitimate government communications since July 2024 — but only when messages come through approved channels. iMessage and Google Messages, until now, have been easy pickings for bad actors because profile names can be set to read like government agencies. When that happens, the recipient often assumes the message is legitimate. Human instinct wins out. You see a familiar name, you react. The criminals count on that reflex.
What the directive demands
- Prevent accounts and group chats from using names that spoof gov.sg or local agencies on iMessage and Google Messages by Nov 30.
- Hide or deemphasise profile names of unknown senders so phone numbers stand out.
- Filter messages that attempt to impersonate government IDs, or at least mark them clearly.
Apple and Google have told the ministry they will comply. Good. But compliance alone is not the end of the story for businesses and individuals who must keep people safe.
What businesses and individuals should do immediately
First, update your apps. The ministry urged the public to keep iMessage and Google Messages up to date to get the latest anti-spoofing protections. This is basic hygiene, but so often ignored. Second, change how you train staff and customers. Don’t rely on the sender name alone. Teach people to confirm sender numbers and to cross-check official notifications against government websites or official agency portals.
Third, communicate clearly. If you work with customers who might receive government-style messages — property managers, financial services, healthcare providers — tell them exactly what a legitimate government message will look like and where it will come from. If you run a small business, add a short line to invoices, SMS confirmations, and onboarding materials: “Official gov.sg notifications will come from verified gov.sg numbers only. If unsure, contact us before acting.”
A quick, necessary story
Last year, one of my team members received a message that looked identical to a gov notification. Her phone flashed the agency name and the text demanded urgent verification of a payment. She hesitated, then called me. I told her to verify the sender number and to open the government website directly instead of clicking the link. We were lucky. The link was a trap. The scammer counted on panic and quick action; instead, we took two minutes and avoided a six-figure loss for a client. That two-minute pause is exactly what these new directives are trying to encourage across the whole population.
Why platform changes alone won’t fix this
Technology can block many impersonation attempts, but it cannot solve human behaviour. Scammers adapt quickly. If profile names are hidden, they’ll use social engineering through voice calls, email, or other messaging apps. If one avenue closes, another opens. That is why platform enforcement needs to be paired with public education, stronger reporting channels, and faster takedown procedures for malicious accounts.
Platforms must also be transparent. When a message is filtered or a profile name is hidden, users should be clearly informed about why that happened and how to verify legitimate messages. Obscurity is not security. Clarity is.
Practical checklist
- Update iMessage and Google Messages immediately on all devices.
- Teach staff to verify sender numbers and avoid clicking links in unexpected messages.
- Include a notice on transactional communications about how and where official government messages appear.
- Set up an internal escalation path for suspected impersonation attempts.
- Report suspected impersonation to the relevant authorities quickly and insist platforms act promptly.
The OCHA directive is a powerful tool. It gives regulators teeth to force platform change and to reduce the attack surface that criminals exploit. Yet it is a tool, not a silver bullet. The raw data — 1,762 cases in the first half of 2025 — shows how resilient and creative criminals can be when money is the prize.
Final thought
We cannot outsource our vigilance to platforms, nor can we wait for a perfect technological fix. The directive from MHA is a welcome and necessary step, and platforms must comply immediately. Meanwhile, each of us — business owners, managers, employees, customers — must act with intention. Update apps. Train people. Pause before reacting. If you do these things, you stop scammers from counting on your haste and fear.
We will see new tricks emerge. They always do. When they come, update your processes again. Stay alert. Be clear. Act decisively. The safety of our families and livelihoods depends on it.