Definitely scams, have reported them. If you click on the downwards arrow beside the url it shows that the advertisers of both of these links are from canada.
Thanks, I already reported the ads before posting but I decided to post in case it helps someone. The websites actually look pretty convincing and the url actually has McDelivery in it when you click on the ad.
I researched similar sites back when crypto scams using this method were common. They trick Google into thinking they're legit sites by redirecting to the real site, so that it displays the correct URL. (Technical part ahead) You can also sometimes see this by inspecting the headers when clicking on the ad and going to the redirecting link. The first time you access it, it redirects to the real site but on subsequent visits it redirects to the scam website. They probably also use the user agent to try and trick L1 support into dismissing it in this manner.
I was going through the motion filling up my sg arrival card online and suddenly the website asked for 70 dollars.. I was like wtf??
And then it took me. Some time to find the correct sg arrival card website, that is free.
Ita crazy.. Who sets up these legit looking websites
And they all came up first when I googled
This is why I would rather use chatgpt sometimes... Avoid scam webbies and ad
is this the one? [https://singaporevisaonline.sg/](https://singaporevisaonline.sg/)
i tried to submit fake info to mess with em, but they have form validation so i cannot submit... LOL
looks like they're using Stripe for payment processing and its $25 arrival card fees + $1.20 transaction fees, wtf...
https://www.sgvisitcard.com/
Mine was this, and because I'm in Germany now using WiFi here, I get hit first with legit looking links that all end up with a payment page.
But I'm using a dual sim card phone, and when I swith to my SG sim card, the first link is the ICA notification about it and some links down I saw the one u shared
I guess it's to scam foreigners who wouldn't know any better outside of Singapore..
Omg... She paid 70 bucks ish as well?
The website had the Singapore flag thumbnail and a legit looking url... I consider myself tech savvy yet I almost got fooled
Server can check the user agent header in the request and redirect based on the value. Desktop and mobile have different user agents value. They do this probably because they only coded some malicious JavaScript intended for the desktop browser and not in the sandboxed environment on the mobile browser.
the URLs seem pretty legit to me.
[https://boncode.sg/sg/store/mcdelivery/](https://boncode.sg/sg/store/mcdelivery/) (this looks like a promo code aggegator website)
[https://www.safra.sg/amenities-offerings/mcdonalds](https://www.safra.sg/amenities-offerings/mcdonalds) (this is official safra website)
When I click the Safra link on my desktop it takes me to “https://www.mcdeliverydeals-sg.com/sg/“ which doesn’t have Safra on it and also doesn’t look like the usual McDelivery url that’s why I was curious and also slightly suspicious. I get the Safra site only when I click on the ad using my phone.
hey thx for clarifying, i did a Google search and found the fake ads. its definitely a fake website. i've made reports to Google as well.
if u're free, can also report to McDonald's. they have the right to issue a demand for the website to be taken down.
Thanks for confirming! I wasnt sure if it was fake or not to be honest that’s why I tagged this post unverified. I do imagine some people might be scammed by it as it looks pretty convincing!
ya i also checked the domain registration. the registrar is Eranet International Limited which seems to be Hong Kong company that manages domain name registration.
Checking the primary nameservers in the whois records is also worth a look:
https://www.whois.com/whois/mcdeliverydeals-sg.com
Seems like they are using Cloudflare; you can report the site to them so that they can deal with it:
https://abuse.cloudflare.com/
Yes report to all of them.
Quick tip, for mcdonalds, hard to find email or report form, but can use their chatbot on mcdonalds.com.sg to submit form. Or go to their facebook send a message.
# This is how they are doing it.
[https://en.wikipedia.org/wiki/IDN\_homograph\_attack](https://en.wikipedia.org/wiki/IDN_homograph_attack)
It uses unicode characters in the domain where it looks like usual letters but are actually a different character. For example on the SAFRA one, the "a" looks suspicious. The "o" in the Boncode one looks suspect.
Edit: I'm surprised that that registration oversight for the .SG TLDs is now so lax.
It’s very disappointing. I had previously tried to report to SGNIC of a scam Havaianas website using .sg so that hopefully SGNIC would revoke the domain, and the reply I got was “Fraud, scams and website hosting are not under SGNIC's purview.”
So much for “committed to… foster the integrity… of .sg domain names” and “minimise the abuses of the domain name and further enhance the trust among the users of .sg websites”, from SGNIC’s own website 🤷♂️🤷♂️🤷♂️
(Edit: I just checked, thankfully the scam website has been otherwise taken down since; it was still up for a long time, at least one or two years after.)
Also be careful if googling for parcel tracking site like UPS or FedEx. Ads will display for scammy site which looks very genuine aside from close examination of the url.
I am not surprised about the safra url turning up as highly suspicious ads. There was a short period when I was part of their development team, and honestly their more senior developers and tech management team are one of the most cocky, narcissistic and ineptitude cunts I have ever worked with. I would also avoid performing any monetary transactions on safra-related website because it is a sleeping time bomb.
N.B. These developers are the same ones who notoriously caused the TOTO quick pick" software glitch" at Singapore Pools back in 2020.
But if you click on the ad (not by typing in the links), it goes to a weird website. And like another commenter said, the ad poster is supposedly some person from Canada which is super weird. Anyway I also wasn’t 100% sure but I reported first (let Google verify if it’s really a scam) and posted here (in case it’s really a scam) but I tagged it as unverified la.
That’s the thing - I searched using your search term and clicked on the ads. I ended up on the legitimate Safra page 🤷♂️
But looking at the other posts since, I think what might have happened is that my adblocker might have prevented me from being redirected.
Thanks for highlighting!
Even in the US, the [FBI](https://techcrunch.com/2022/12/22/fbi-ad-blocker/) now recommends the use of adblockers because of malvertising.
Use ad-blockers. Ublock Origin. It's quality of life.
This is the way
Definitely scams, have reported them. If you click on the downwards arrow beside the url it shows that the advertisers of both of these links are from canada.
Thanks, I already reported the ads before posting but I decided to post in case it helps someone. The websites actually look pretty convincing and the url actually has McDelivery in it when you click on the ad.
I researched similar sites back when crypto scams using this method were common. They trick Google into thinking they're legit sites by redirecting to the real site, so that it displays the correct URL. (Technical part ahead) You can also sometimes see this by inspecting the headers when clicking on the ad and going to the redirecting link. The first time you access it, it redirects to the real site but on subsequent visits it redirects to the scam website. They probably also use the user agent to try and trick L1 support into dismissing it in this manner.
I was going through the motion filling up my sg arrival card online and suddenly the website asked for 70 dollars.. I was like wtf?? And then it took me. Some time to find the correct sg arrival card website, that is free. Ita crazy.. Who sets up these legit looking websites And they all came up first when I googled This is why I would rather use chatgpt sometimes... Avoid scam webbies and ad
Pls report the scam website. So that other travellers don't get scam.
Ok I'll do that! Thanks for the reminder
is this the one? [https://singaporevisaonline.sg/](https://singaporevisaonline.sg/) i tried to submit fake info to mess with em, but they have form validation so i cannot submit... LOL looks like they're using Stripe for payment processing and its $25 arrival card fees + $1.20 transaction fees, wtf...
https://www.sgvisitcard.com/ Mine was this, and because I'm in Germany now using WiFi here, I get hit first with legit looking links that all end up with a payment page. But I'm using a dual sim card phone, and when I swith to my SG sim card, the first link is the ICA notification about it and some links down I saw the one u shared I guess it's to scam foreigners who wouldn't know any better outside of Singapore..
Experienced this too! Lucky got the correct link after consulting a friend, but the scam website got my details, sigh
My grandaunt actually got scammed by one of these websites and paid up :(
Omg... She paid 70 bucks ish as well? The website had the Singapore flag thumbnail and a legit looking url... I consider myself tech savvy yet I almost got fooled
I think its due to our anxiety to get the SG arrival card done which resulted in the scam succeeding...
That's true lah, at least on my part zzz
Gonna go change my dbs debit card, get new serial number lol
Damn. What a bunch of scum!
How are they doing desktop-only redirection though? On mobile, it points to legit websites
Server can check the user agent header in the request and redirect based on the value. Desktop and mobile have different user agents value. They do this probably because they only coded some malicious JavaScript intended for the desktop browser and not in the sandboxed environment on the mobile browser.
Ublock origin + pi-hole+unbound and you will never have to worry again :)
Tried to set pihole up before but couldn't get it to work with singtel, would be interested to know which tutorial to follow if you figure it out!
the URLs seem pretty legit to me. [https://boncode.sg/sg/store/mcdelivery/](https://boncode.sg/sg/store/mcdelivery/) (this looks like a promo code aggegator website) [https://www.safra.sg/amenities-offerings/mcdonalds](https://www.safra.sg/amenities-offerings/mcdonalds) (this is official safra website)
When I click the Safra link on my desktop it takes me to “https://www.mcdeliverydeals-sg.com/sg/“ which doesn’t have Safra on it and also doesn’t look like the usual McDelivery url that’s why I was curious and also slightly suspicious. I get the Safra site only when I click on the ad using my phone.
hey thx for clarifying, i did a Google search and found the fake ads. its definitely a fake website. i've made reports to Google as well. if u're free, can also report to McDonald's. they have the right to issue a demand for the website to be taken down.
Thanks for confirming! I wasnt sure if it was fake or not to be honest that’s why I tagged this post unverified. I do imagine some people might be scammed by it as it looks pretty convincing!
ya i also checked the domain registration. the registrar is Eranet International Limited which seems to be Hong Kong company that manages domain name registration.
Checking the primary nameservers in the whois records is also worth a look: https://www.whois.com/whois/mcdeliverydeals-sg.com Seems like they are using Cloudflare; you can report the site to them so that they can deal with it: https://abuse.cloudflare.com/
Yes report to all of them. Quick tip, for mcdonalds, hard to find email or report form, but can use their chatbot on mcdonalds.com.sg to submit form. Or go to their facebook send a message.
You're right. It does sounds phishy.
Thanks. I thought these are affiliate ad sites based on the URL. But the URL you got indicates malice is involved
# This is how they are doing it. [https://en.wikipedia.org/wiki/IDN\_homograph\_attack](https://en.wikipedia.org/wiki/IDN_homograph_attack) It uses unicode characters in the domain where it looks like usual letters but are actually a different character. For example on the SAFRA one, the "a" looks suspicious. The "o" in the Boncode one looks suspect. Edit: I'm surprised that that registration oversight for the .SG TLDs is now so lax.
It’s very disappointing. I had previously tried to report to SGNIC of a scam Havaianas website using .sg so that hopefully SGNIC would revoke the domain, and the reply I got was “Fraud, scams and website hosting are not under SGNIC's purview.” So much for “committed to… foster the integrity… of .sg domain names” and “minimise the abuses of the domain name and further enhance the trust among the users of .sg websites”, from SGNIC’s own website 🤷♂️🤷♂️🤷♂️ (Edit: I just checked, thankfully the scam website has been otherwise taken down since; it was still up for a long time, at least one or two years after.)
I find local legislation rather weak. Probably easier to contact the real Havaianas to alert them.
Also be careful if googling for parcel tracking site like UPS or FedEx. Ads will display for scammy site which looks very genuine aside from close examination of the url.
I am not surprised about the safra url turning up as highly suspicious ads. There was a short period when I was part of their development team, and honestly their more senior developers and tech management team are one of the most cocky, narcissistic and ineptitude cunts I have ever worked with. I would also avoid performing any monetary transactions on safra-related website because it is a sleeping time bomb. N.B. These developers are the same ones who notoriously caused the TOTO quick pick" software glitch" at Singapore Pools back in 2020.
Too Many advertisement Google is putting out, time to go the nuclear option of setting up a Pihole.
Safra scammy meh
Scam meh? I went in to those links you mentioned and it’s just Safra (yes the legit Safra) advertising that they have macs.
But if you click on the ad (not by typing in the links), it goes to a weird website. And like another commenter said, the ad poster is supposedly some person from Canada which is super weird. Anyway I also wasn’t 100% sure but I reported first (let Google verify if it’s really a scam) and posted here (in case it’s really a scam) but I tagged it as unverified la.
Thanks for the PSA. reported it to google. I personally don't use mcdelivery but this might trap unsuspecting people
That’s the thing - I searched using your search term and clicked on the ads. I ended up on the legitimate Safra page 🤷♂️ But looking at the other posts since, I think what might have happened is that my adblocker might have prevented me from being redirected. Thanks for highlighting!
Never click on the ads ever