Table of Contents
- The Protection from Scams Act: freezing accounts to protect victims
- The Shared Responsibility Framework: payouts for phishing
- The gap that catches most crypto victims
- What to do if you were scammed in Singapore
- Frequently asked questions
- Can Singapore police really freeze my own account?
- I lost money to a crypto investment scam. Will the SRF pay me back?
- Who pays first under the Shared Responsibility Framework?
- How does this compare with other countries?
Singapore has built one of the most aggressive anti-scam regimes in the world, and it works differently from anywhere else. Two tools stand out: police can step in to freeze a victim's own bank account before they hand money to a scammer, and a Shared Responsibility Framework forces banks and telcos to compensate victims of phishing when they fail their duties. Understanding which one applies to you matters, because there is a large category of crypto loss that neither fully covers.
Jurisdiction matters.
This guide covers scams involving Singapore banks and telcos. Rights differ sharply elsewhere — compare the UK's reimbursement rules, Australia's Scams Prevention Framework, and the US position.
The Protection from Scams Act: freezing accounts to protect victims
The Protection from Scams Act 2025 came into force on 1 July 2025. Its signature power is unusual: it lets the police issue a Restriction Order (RO) to a person's banks when there is reasonable belief that person is being manipulated by a scammer and is about to transfer money.
The order restricts the victim, not the scammer.
An RO temporarily blocks the victim's own outgoing transfers, ATM withdrawals, and credit facilities — a circuit-breaker for cases where someone under a scammer's spell will not listen to family or the bank. It is used only as a last resort.
An RO lasts up to 30 days and can be extended up to five times, giving authorities time to break the scammer's psychological hold. It is a preventive tool — it stops money leaving — rather than a way to get money back after the fact.
The Shared Responsibility Framework: payouts for phishing
The Shared Responsibility Framework (SRF) took effect on 16 December 2024. Issued by the Monetary Authority of Singapore (MAS) and the Infocomm Media Development Authority (IMDA), it assigns concrete duties to banks and telcos and requires them to pay affected victims when those duties are breached.
Key duties include:
- 1
12-hour cooling-off
Banks must impose a cooling-off period after a digital token is activated on a new device, blocking high-risk actions during that window.
- 2
Real-time alerts
Customers must get instant notifications for new-device logins, token activation, and high-risk outgoing transactions.
- 3
A 24/7 kill switch
Every bank must offer a self-service way to instantly freeze an account when a customer suspects unauthorised access.
- 4
Telco duties
Telcos must block scam SMS through the Singapore SMS Sender ID Registry and filter malicious links.
If a bank or telco fails a duty and a customer loses money to a covered phishing scam, the framework operates as a waterfall: the bank is considered first, then the telco. Where duties were met, the loss may stay with the customer.
The gap that catches most crypto victims
Here is the critical limit. The SRF covers phishing — scams where you were tricked into revealing credentials on a fake site and the scammer then took money from your account without your knowledge. It does not cover scams where you authorised the payment yourself, such as most fake crypto investment and pig butchering scams.
Phishing: scammer drains your account
May be covered by the SRF
Investment scam: you send crypto yourself
Not covered — an authorised transfer
If you bought crypto and sent it to a fraudulent "platform," that is an authorised transaction, and the SRF payout does not apply. Your realistic path is fast reporting, account freezing, and understanding whether the crypto can be recovered — not a bank payout.
What to do if you were scammed in Singapore
- 1
Use your bank's kill switch
If you suspect unauthorised access, freeze the account instantly through your banking app or hotline, then call the bank.
- 2
Report to the police / ScamShield
Call the Anti-Scam Helpline (1800 722 6688) or report through ScamShield. Fast reporting gives the Anti-Scam Centre a chance to trace and freeze funds at receiving banks.
- 3
Ask about the SRF if you were phished
If your loss came from a phishing link and unauthorised transactions, ask your bank to assess it under the Shared Responsibility Framework.
- 4
Preserve every record
Keep the phishing SMS, fake website, transaction references, and wallet addresses — essential for both a claim and any tracing effort.
Frequently asked questions
Can Singapore police really freeze my own account?
Yes. Under the Protection from Scams Act, police can issue a Restriction Order blocking your outgoing transactions for up to 30 days (extendable) if they reasonably believe a scammer is manipulating you — a last-resort intervention to protect you from yourself.
I lost money to a crypto investment scam. Will the SRF pay me back?
Usually not. The Shared Responsibility Framework covers phishing, where money left your account without your authorisation. An investment scam you paid into yourself is an authorised transfer and falls outside it.
Who pays first under the Shared Responsibility Framework?
It follows a waterfall: the bank's duties are assessed first, then the telco's. Payout depends on whether a duty was breached — it is not an automatic refund for every phishing loss.
How does this compare with other countries?
Singapore is strong on prevention but narrow on payouts. The UK mandates broad reimbursement, Australia uses fault-based duties, and the US has no mandatory bank refund at all.
Key takeaways
- The Protection from Scams Act (July 2025) lets police freeze a victim's own account for up to 30 days to stop money reaching a scammer.
- The Shared Responsibility Framework (Dec 2024) makes banks and telcos pay for phishing losses when they breach their duties.
- Payouts follow a waterfall — bank first, then telco — and only where a duty was breached.
- Authorised transfers, including most crypto investment scams, are not covered by the SRF.
- Freeze the account, report to the Anti-Scam Helpline or ScamShield immediately, and keep all evidence.
Know someone who needs this? Share it.
Scambulance will never ask for your private keys, passwords, or seed phrases. Anyone promising guaranteed fund recovery is likely a scammer.
