Key Highlights
- Singapore police received at least 30 reports of Microsoft and Crypto.com impersonation scams, with losses exceeding S$1 million.
- Fraudsters used fake Microsoft security alerts, remote access software, and bogus Crypto.com support to steal crypto assets.
- Victims were tricked into approving irreversible cryptocurrency transfers or revealing wallet credentials controlled by scammers.
Singapore Police has warned of a surge in technical support scams in which fraudsters impersonate Microsoft and crypto exchange Crypto.com, saying victims have lost at least S$1 million (about $740,000) since May 2026.
As per the official advisory, authorities said they had received at least 30 reports linked to the scam, which combines fake computer security alerts with cryptocurrency theft. Investigators also noted a recurring pattern involving local eight-digit telephone numbers beginning with the digit “3”, which scammers use to appear legitimate.
From fake tech support to stolen crypto
The execution sequence relies on layered social engineering, combining classic tech-support software tricks with the anxieties surrounding cryptocurrency wallet security.
The scam typically begins in one of two ways. In the first variation, targets hit a malicious script while browsing the internet, triggering a full-screen browser lockup disguised as an official Microsoft security warning. The pop-up tells the user their terminal has been blocked due to malware and directs them to call an onscreen help number.
In the second variation, victims receive an unexpected call from an agent claiming to represent Crypto.com. The operator tells the victim that their trading profile is experiencing an active attack, often citing unauthorized logins originating from locations like Turkey, and backs this up by sending matching phishing emails or SMS alerts.
Once the scammers establish contact, they convince the victim to install remote-desktop software under the guise of scanning the machine. The call is then handed off to a second bad actor pretending to be a senior blockchain security specialist.
This person instructs the victim to set up a new Crypto.com On-Chain app wallet using a seed phrase generated on an external web address controlled by the fraud ring. Believing they are moving their tokens to a secure holding account, the victim authorizes transactions that transfer their assets directly into the scammer’s treasury.
What victims should do
Police advised anyone who suspects they have fallen victim to disconnect their computer from the internet or power it off immediately, remove software installed at the scammers’ request, and perform a full antivirus scan.
If bank accounts may have been compromised, police have advised victims to contact their bank, change their login credentials using a trusted device, and remove any unauthorized payees.
For cryptocurrency users, authorities recommended contacting the relevant crypto platform to halt further transactions or freeze the account where possible, revoking any suspicious token approvals, and moving any remaining assets to a new wallet if the original wallet’s seed phrase has been exposed.
Crypto scams continue to evolve
The latest cases highlight how crypto scams are becoming more sophisticated by blending familiar technical support fraud with digital asset theft. Instead of asking for money outright, scammers create a sense of urgency, convincing victims they are protecting their funds while actually authorising the transfers themselves.
The warning comes just weeks after Singapore announced plans in May to establish a dedicated Cyber Command within the Singapore Police Force. The unit, which is scheduled to begin operations in July, will bring together cybercrime, scam investigation, intelligence, and operational capabilities under a single command to strengthen the country’s response to online fraud, including cryptocurrency-related scams.
Police also urged the public to verify software security alerts through official channels, enable two-factor or multi-factor authentication, set transaction limits, and use protective features such as Money Lock where available.
Authorities did not identify any suspects or say whether arrests had been made. Investigations into the reported cases are ongoing.
Also Read: US Users Pour $571M Into Polymarket’s Political Markets Despite Geo-Block
