Two men, aged 23 and 52, and two male teenagers, aged 16 and 17, were arrested for their suspected involvement in the recent spate of SMS banking-related phishing scam cases, following an island-wide anti-scam enforcement operation that was conducted between 22 and 24 January 2024.
During the three-day operation, officers from the Commercial Affairs Department mounted simultaneous island-wide operations and arrested the four persons. Preliminary investigations revealed that the four persons had allegedly facilitated the scam cases by relinquishing their bank accounts, Internet banking credentials and/or disclosing Singpass credentials for monetary gains.
Since January 2024, the Police received several reports of SMS banking-related phishing scams where the scammers would impersonate DBS bank or the bank staff through spoofed SMSes, to phish for victims’ banking credentials, resulting in unauthorised transactions made from the victims’ bank accounts. In these cases, the victims would receive unsolicited SMSes (bearing overseas numbers, local numbers or short codes) claiming to represent DBS/POSB bank. These SMSes would warn the victims of possible unauthorised attempts to access their DBS/POSB bank accounts, urging them to click on the embedded URL links to verify their identities and stop the transactions. After clicking on the links, the victims were directed to spoofed DBS bank websites and misled into providing their Internet banking credentials and One-Time-Passwords (OTPs), which the scammers would use to make unauthorised withdrawals.
The 23-year-old man will be charged in court with the offences of abetting unknown persons to secure unauthorised access to the bank’s computer system and disclosing Singpass credentials under Section 3(1) read with Section 12 and Section 14 of the Computer Misuse Act 1993, and Section 8(2)(a) of the Computer Misuse Act 1993 respectively. For first-time offenders, the offence of abetting unknown persons to secure unauthorised access to the bank’s computer system carries a fine not exceeding $5,000, an imprisonment term not exceeding two years, or both, whereas the offence of disclosing Singpass credentials carries an imprisonment term not exceeding three years, a fine not exceeding $10,000, or both.
The Police will spare no effort to track down cybercriminals and individuals responsible for SMS banking-related phishing incidents and will continue to take tough enforcement actions against those who flout the law. To avoid being an accomplice in these crimes, members of the public should always reject seemingly attractive money-making opportunities promising fast and easy pay-outs for the use of their Singpass accounts, bank accounts, or allow their personal bank accounts to be used to receive and transfer money for others. The Police would like to remind members of the public that individuals will be held accountable if they are found to be linked to such crimes.
The Police would like to advise members of the public to be on heightened alert and to follow these crime prevention measures:
- ADD – Add the ScamShield App to protect yourself from scam calls and SMSes. Set security features (e.g. set up transaction limits for internet banking transactions, enable Two-Factor Authentication (2FA), Multifactor Authentication for banks and e-wallets).
- CHECK – Check the official sources. DBS bank and other banks will never send you clickable links via SMS. Neither will their employees call you to ask for your internet banking credentials or OTPs. Be extremely wary of any unsolicited links in SMSes which leads you to a bank’s website. Never disclose your personal or banking credentials, including OTPs to anyone. Always verify the authenticity of claims of problems with your bank account or cards issued by the bank with the official bank website or sources.
- TELL – Tell authorities, family, and friends about scams. Remember to spread the word to your loved ones that banks do not send clickable links via SMS. Report any fraudulent transactions to DBS bank immediately.
For more information on scams, members of the public can visit www.scamalert.sg or call the Anti-Scam Helpline at 1800-722-6688. Anyone with information on such scams may call the Police Hotline at 1800-255-0000 or submit information online at www.police.gov.sg/iwitness. All information will be kept strictly confidential.
SINGAPORE POLICE FORCE
25 January 2024 @ 7:30 PM