The Police have observed a resurgence of phishing scams where scammers would impersonate a bank and target victims through SMSes. Since October 2022, at least 26 victims have fallen prey, with total losses amounting to at least $37,000.
The two variants are as follows:
- In the first variant, members of the public would receive unsolicited SMSes with sender IDs such as “+1 (800) 11” or “+168730”, claiming that their account had been locked as the bank had noticed something amiss. The SMS would contain a clickable link. Upon clicking on the link, the victim would be directed to a spoofed internet banking log-in page to key in their online banking username and password. Thereafter, the victims would be required to key in the One-Time Passwords (OTPs) received on their mobile phones, thereby providing authorisation to scammers to access their online bank account and transfer the victim’s money out to other parties.
- In the second variant, members of the public would receive unsolicited SMSes with sender IDs such as “SMSAlert” claiming that their card had been locked due to security issues. The SMS would direct the victim to chat with or call the operator of a Whatsapp number for more details or reactivation of their card. Upon initiating contact, the victim would be informed that their account had been frozen due to unusual activity and would be directed to provide his personal and banking details for verification. Next, the victim would receive a genuine SMS with an OTP. The scammer would ask for the OTP, claiming that it would be used to reset the victim’s account. After the victim provides the OTP, he would receive a genuine SMS stating that his internet banking username and/or password had been successfully updated, lending an air of legitimacy to the scammer’s initial claim. With the victim’s trust, the scammer would continue to request for OTPs from the victim during the call, to either add new payees or transfer the victim’s money out to other parties.
Victims would realise that they had been scammed when they discover unauthorised transactions made from their bank accounts.
The Police would like to advise members of the public to be on heightened alert and to follow these crime prevention measures:
- Bank officers will never ask for your banking details or OTPs over the phone or via SMS.
- Do not click on dubious URL links provided in unsolicited text messages. Banks do not send SMSes containing links.
- Always verify the authenticity of claims of problems with your bank account or cards issued by the bank with the official bank website or sources.
- Never disclose your personal or Internet banking details and OTP to anyone.
- Report any fraudulent transactions to your bank immediately.
If you have any information relating to such crimes, please call the Police Hotline at 1800-255-0000, or submit it online at www.police.gov.sg/iwitness. If you require urgent Police assistance, please dial ‘999’.
For more information on scams, members of the public can visit www.scamalert.sg or call the Anti-Scam Hotline at 1800-722-6688. Join the ‘Spot the Signs. Stop the Crimes’ campaign at www.scamalert.sg/fight by signing up as an advocate to receive up-to-date messages and share them with your family and friends. Together, we can help stop scams and prevent our loved ones from becoming the next victim.
Annex
Pic 1: Phishing SMS with embedded malicious link redirecting the receiver to a spoofed internet banking log-in page (Pic 2)
Pic 2: Phishing website where victims would key in their online banking username and password
SINGAPORE POLICE FORCE
12 October 2022 @ 11:30 AM