Protecting Singapore’s hospitality brands

Scammers may be running fake websites of your restaurant right now.

PhishScout monitors the internet 24/7 for cloned websites and fake booking pages impersonating your brand — and alerts you the moment one appears. Built by Singapore operators, for Singapore operators.

Join the Waitlist → See Real Cases
Twice featured in The Straits Times From S$1 a day No IT team required
⚠ Real scenario — happening in Singapore right now
🌎
A tourist in Tokyo Googles your restaurant to book ahead of their Singapore trip.
They find a site that looks exactly like yours — same logo, same photos, same menu.
💳
They enter their credit card to secure the reservation.
The scammers try to charge the card. Or the guests arrive in Singapore. There is no booking. Their money is gone.
💬
Naturally they blame the restaurant and may complain online.
This kind of scam targeted already LeVeL33, Burnt Ends, Claudine among others.
It can happen to you and your guests — unless you are protected.
7
Confirmed phishing domains targeting LeVeL33, neutralised
Michelin-starred Singapore restaurants confirmed targeted
13
Countries monitored covering Singapore’s top tourist source markets
S$1
Per day — the cost of protecting your brand and your customers

As Reported By

The Straits Times covered this threat twice in three months.

Singapore’s newspaper of record has documented the growing wave of fake restaurant website scams — and the operators fighting back.

December 11, 2025
“Fake restaurant websites that steal credit card details among new scams to hit S’pore’s F&B sector”
LeVeL33’s founder discovered 7 active phishing domains impersonating the Marina Bay microbrewery — cloned menus, photos and fake booking forms harvesting tourists’ credit card data.
Read the article →
February 7, 2026
“F&B scams in Singapore: More fake restaurant websites take bookings, online orders”
The problem escalates. Claudine and other Singapore restaurants confirm new phishing attacks. Fraudulent sites harvested credit card details under the guise of legitimate reservation pages.
Read the article →

Documented Cases

Singapore’s best restaurants. Targeted. All real.

These are not hypothetical threats. Phishing attacks on Singapore’s hospitality brands have been confirmed, reported to police, and covered by The Straits Times.

7 Scam Sites Confirmed & Blocked
LeVeL33
🍺 Award-winning microbrewery · Marina Bay Financial Centre
Seven phishing domains impersonating LeVeL33 were discovered and neutralised — the experience that led directly to building PhishScout. Featured in The Straits Times in December 2025, the case raised industry-wide awareness of the threat to Singapore’s F&B sector.
7 scam domains neutralised · Featured in The Straits Times · Dec 2025
1 Scam Site Confirmed & Blocked
Burnt Ends
⭐ Michelin 1 Star · Dempsey Hill
Chef Dave Pynt posted a public warning on Instagram in April 2026: burntends.biz was a scam account impersonating the restaurant. Burnt Ends filed a police report and warned guests who may have paid through the fake site to notify authorities.
Scam domain: burntends.biz · Police report filed · April 2026
Scam Sites Confirmed & Blocked
Claudine
🍽 Award-winning French restaurant · Dempsey Hill
A fake reservation website for Claudine collected guests’ credit card details through a convincing cloned booking form. The fraudulent site used the restaurant’s branding and required card authorisation “to secure the reservation.” Reported in The Straits Times, February 2026.
Multiple fraudulent domains · Reported to police · Feb 2026
PhishScout finding: 100% of monitored Singapore restaurants have incomplete email spoofing protection
Our DMARC audit found that none of the restaurants we currently monitor have full email authentication in place. This means criminals can send fake booking confirmations that appear to come directly from your restaurant’s own email domain — completely undetected by your guests.

How It Works

Three detection prongs.
Running 24/7. Automatically.

PhishScout combines three independent scanning methods to catch phishing threats across the internet — before your guests find them.

01
🔍
Google Search Monitoring
We search Google for your brand every day from 13 countries — looking for fake booking pages that appear in results before your guests find them.
🇸🇬 SG🇯🇵 JP🇰🇷 KR🇭🇰 HK🇮🇩 ID🇬🇧 GB🇩🇪 DE🇫🇷 FR🇮🇹 IT+4 more
02
🌐
Domain Permutation Scanning
We generate thousands of lookalike domain variations and check daily if any have been registered to impersonate your brand across 30+ TLDs.
.com.sg.biz.net.io.online+25 more
03
🔐
Certificate Transparency
The moment a scam site obtains an SSL certificate using your brand name — making it look legitimate with a padlock — we detect it globally in real time.
Real-timeGlobalSSL detection
📱
WhatsApp Alert
Instant notification the moment a threat is detected
🖰
One-Click Takedown
Reports sent to Google, registrar & authorities automatically
📧
Email Security Audit
DMARC check — know if your domain can be spoofed
📊
Daily Reports
All clear or threat — you know your status every day

Built By Operators

Built from firsthand experience.
Not from a whitepaper.

Franco Malesi, co-founder PhishScout and LeVeL33
“We discovered scammers had built 7 fake, cloned versions of our restaurant — complete with our photos, our menu, our branding and most importantly reservation links — and then attempted to charge the credit cards. With PhishScout I found cloned sites we were not aware of and managed to take them down before harm could be done!”
Martin Bem, co-founder of LeVeL33, was among the first Singapore restaurateurs to speak publicly about the phishing threat facing the industry. The experience led directly to the creation of PhishScout — a tool built by people who have operated Singapore restaurants for over 20 years, for people exactly like them and our guests.

Now PhishScout monitors our brands daily across the web!
As featured in The Straits Times LeVeL33 · Marina Bay 20+ years Singapore F&B Entrepreneurs’ Organisation

Pricing

Your brand and your customers should be worth S$1 a day.

No IT team. No long contracts to join the waitlist. No technical setup. Just protection.

Starter
S$30
per month · billed monthly
That’s S$1 a day
  • 1 brand monitored
  • Daily + 3× quick scans
  • WhatsApp & email alerts
  • One-click takedown reporting
  • Google search — 13 countries
  • Domain permutation scanning
  • Certificate Transparency
  • DMARC email security audit
Join Waitlist
Growth
S$79
per month · billed monthly
Less than S$3 a day for up to 5 brands
  • Up to 5 brands monitored
  • Everything in Starter
  • Multi-brand dashboard
  • DMARC guided remediation
  • Weekly threat digest
  • Priority alert response
Join Waitlist
Portfolio
Let’s talk
hotel groups · chains · associations
 
  • Unlimited brands
  • Everything in Growth
  • Custom onboarding
  • Dedicated support
  • White-label reporting
  • Association member pricing
Get in Touch

Early Access

Join the waitlist.
Be first to be protected.

PhishScout is currently in final development. Join the waitlist to be notified at launch — and receive a free DMARC audit of your domain.

No spam. No commitment. You’ll also receive a complimentary DMARC email security check for your domain.

You’re on the list.
We’ll be in touch when PhishScout launches. Watch your inbox for your free DMARC audit.