SINGAPORE — The Ministry of Manpower (MOM) has lodged a police report after finding — for the second time in three days — a duplicate of its website.

It assured the public in a Facebook post yesterday that access to its official website remains unaffected.

“There have also not been any reports of user data being compromised to date,” said the MOM statement. “We urge the public to only use the official MOM website at www.mom.gov.sg for all MOM matters.”

The ministry also cautioned the public to look out for small variations in the URLs they click on.

It noticed the first duplicate website — www.momgov.sg — last Thursday and lodged a police report the following day. The website was deleted at close to midnight on Friday.

The second duplicate website — www.movgov.sg — was found on Saturday. Titled “Ministry Of Workpermit”, it resembled the official MOM website in its layout, colour scheme and images used. The MOM’s logo and a Government insignia were also present.

Visitors to this duplicate site will be greeted with pop-ups informing them of incoming messages, or of being the 100,000th site visitor and inviting them to claim prizes.

Weighing in on the issue on Facebook yesterday, Acting Manpower Minister Tan Chuan-Jin called on the public to stay alert for such sites.

“Some feel it is a game and cheer on such activities. It is not. It disrupts all our lives and if substantive sites are really compromised, consequences aren’t always trivial,” he said.

“We will do what we can to keep our systems secure. Defacements are annoying but do not have significant ramifications. Phishing sites are criminal because they try to fool you into giving your data. Serious hacking that entail stealing of information and disruption of systems is dangerous and something we must defend against.”

Mr Anthony Lim, Asia-Pacific Director of WhiteHat Security, said duplicates are not unique to Singapore and are usually created for spreading malware, stealing users’ private information or posting malicious messages.

“The deeper you go (into the website), the more likely are they able to plant a malware on your PC,“ he said.

“If you start entering (information), then they start stealing your data.”

Mr Lim, who is a member of the Application Security Advisory Board and an information security professional and advocate, also urged the public to double-check links to web addresses carefully.

“When in doubt, always assume the worst ... that it is going to throw malware at you the moment you click on it, even though it is not likely,” he said.

Duplicators can also post fake announcements to cause social discomfort and inconvenience, he said, adding that replicating the homepage and a few more pages can be easily done by most website builders.

It also depends on the duplicator’s skill as an average user without knowledge or experience in building websites will not be able to do it, he said.

“If you build websites for a living, then it is not hard at all,” he said.