SINGAPORE: Since last month, there’s been a surge of phishing scams where fraudsters have impersonated banks or bank staff to obtain people’s banking credentials through SMSes, said the Police and DBS Bank in a joint statement issued on Sunday (Jan 14).
For the first two weeks of the year, there have been at least 219 victims of such scams, with total losses amounting to at least S$446,000. As a warning to members of the public, DBS and the Police said that banks will never send clickable links via SMS.
The joint statement included samples of the messages sent in these scams.
The modus of fraudsters who perpetrate these scams is that they send links via unsolicited SMS, and when the unwitting victims click on the links, they lose money.
The SMSes are sent by scammers from overseas or local numbers or bear shortcodes.
In the messages, the fraudsters claim to represent DBS or POSB bank and warn victims of “possible unauthorised attempts to access their DBS/POSB bank accounts.”
The SMS recipients are then urged to click the embedded URL links to “verify their identities and stop the transactions”.
This leads them to spoofed DBS bank websites where they key in their Internet banking credentials and OTP.
The scammers are then allowed access to people’s accounts and can make unauthorized withdrawals.
“Since early 2022, all banks have removed clickable links in emails or SMSes to retail customers.
This measure is among several other safeguards that banks implemented to combat the spate of phishing scams in 2022, such as lowering the default threshold for funds transfer transaction notifications to customers and increasing the frequency of its scam education alerts,” the joint statement reads.
The Police and DBS Bank added that scammers continue to evolve in their operations and technology.
While banks look for measures to offer their customers greater protection against scams, customers themselves should also stay vigilant against scammers.
As a precaution, the Police have asked the public to add the ScamShield App and security features.
Bank customers should also implement security features for their accounts, including setting up transaction limits for Internet banking transactions and enabling Two-Factor Authentication (2FA) and Multifactor Authentication for banks and e-wallets.
No one should ever give out personal or banking credentials, including Time Passwords (OTPs), to anyone.
They added and underlined the importance of looking out for tell-tale signs of a phishing website.
Scams should also be reported immediately to the Police Hotline at 1800-255-0000 or via online submission at www.police.gov.sg/iwitness. /TISG