SMS from government? Check that it’s gov.sg
From 1 July 2024, gov.sg is the Sender ID the government uses to send SMSes.
All government agencies, ministries, statutory boards, and services now send SMSes from the gov.sg Sender ID. Using a single, secure Sender ID will make it easier for the public to identify authentic government SMSes, and help protect against anyone pretending to be a government officer or agency.
The gov.sg SMS Sender ID is protected, and only government agencies are able to use it. So if you receive a gov.sg SMS, you know for sure it’s from the government.
Government SMSes will come from single gov.sg sender ID to guard against scams
From 1 Jul 2024, SMSes will be sent by gov.sg, with the respective agency's name spelt in full
The move is aimed at helping the public identify authentic government SMSes and to guard against government official impersonation scams, said Smart Nation Group, Open Government Products (OGP) and the Ministry of Communications and Information in a joint media release on Thursday (Jun 13). Since January, at least 126 people have been cheated by scammers impersonating Chinese officials, with total losses amounting to at least S$16.3 million (US$12.1 million), according to an advisory by the police on Thursday.
In the past, scammers have also impersonated police officers to convince victims to provide their personal details or transfer their money to third-party bank accounts. In the joint release on Thursday, the agencies said that SMS remains a key platform for government communications to the public, given the widespread use of mobile phones. More than 100 million SMSes are sent by various government agencies annually to notify recipients about policy changes and provide transaction updates, they added.
Singapore banks to phase out use of OTP for login for customers using digital tokens
Use of OTPs for bank account login for customers who are digital token users will be phased out within the next 3 months
Major retail banks in Singapore will phase out the use of OTPs for account login for customers who are digital token users within the next three months. These include the three local banks: DBS Bank, OCBC Bank and UOB. Customers who are using physical tokens will not be affected. Customers who have activated their digital token on their mobile device will have to use it when they log into their bank account via an internet browser or a mobile banking app.
The digital token will authenticate customers’ login without the need for an OTP, which scammers can steal or trick customers into disclosing, MAS and ABS said. The feature is integrated into mobile banking apps and often requires biometric or face recognition to authenticate logins or transactions. “Customers who have not activated their digital tokens are strongly encouraged to do so, to lower the risk of having their credentials phished,” they added.
Singapore Police work with banks to block scams
The police and commercial banks notified victims to cease monetary transfers after detecting jobs, investments, fake friends, or e-commerce scams with robotic process automation technology.
They sent nearly 14,000 short messages to over 9,800 scam victims and averted potential financial losses of more than S$47 million (US$35 million), the police added.
MORE THAN 9,800 POTENTIAL SCAM VICTIMS ALERTED IN JOINT OPERATION BETWEEN ANTI-SCAM CENTRE AND SIX PARTNERING BANKS
The Singapore Police Force’s Anti-Scam Centre (ASC) and six banks leveraged Robotic Process Automation (RPA) technology in a coordinated effort to detect victims of job, investment, fake friend call, and e-commerce scams. The detection of the victims allowed the Police and the banks to intervene quickly to notify the victims to scams so that they can cease further monetary transfers, thereby minimising potential financial losses. The participating banks include DBS Bank, UOB Bank, OCBC Bank, Standard Chartered Bank, HSBC Bank, and GXS Bank.
During the two-month operation conducted from 1 May 2024 to 30 June 2024, ASC officers and the banks sent more than 13,984 SMSes to over 9,810 potential scam victims who are customers of the banks. The upstream detection of these potential scam victims resulted in the successful disruption of over 2,805 ongoing scams and averted potential financial losses of more than $47 million. The adoption of RPA technology streamlined the sharing and processing of information, enable the Police to swiftly reach out to potential scam victims through SMSes. The SMS alerts notified the victims to the suspicious transfers which the scammers had instructed them to perform and advised the victims to refrain from making additional transfers. Upon receiving the SMSes, most victims would realise that they had fallen prey to a scam and come forward to lodge a police report.
The Police urge members of the public to “ACT” against scams. The ACT acronym outlines how members of the public can Add security features, Check for signs, and Tell the authorities and other about scams:
- ADD – Add security features such as two-factor authentication for personal accounts, such as banks, social media, and Singpass accounts. Transaction limits for internet banking, including PayNow, could also be set up to limit the amount of funds that can be lost in the event of a scam.
- CHECK – Check for potential signs of a scam by asking questions, fact-checking requests for personal information and money transfers and verifying the legitimacy of online listings and reviews. Take the time to pause and check. If it is too good to be true, it is probably untrue, and a scam.
- TELL – Tell the authorities and others about scam encounters by reporting to the bank or by filing a Police report. Tell others about ongoing scams and preventive steps they can take. Report the fraudulent pages and/or monikers to the respective platforms.
To fight scams, Singapore banks set up anti-mule team, hire ex-police officers
Unusual transactions or account activities that do not tally with a customer’s profile – these are the red flags that Mr Darren Eu looks out for in mule accounts.
For instance, an account holder making large deposits and withdrawals over consecutive days without a clear reason. They could have been deceived into giving away their banking credentials to scammers as part of a "job". “No customer will admit they are a money mule, so it is our job to find out,” said Mr Eu, an investigation specialist with DBS’ anti-mule team.
Set up in September last year, the team, which is part of a broader anti-scam squad, is made up of eight former police officers and bank employees. Their job is to eliminate money mules – people who allow criminals to control their bank accounts and in doing so, help scammers move illicit money out of the financial system:
- DBS - Singapore's biggest bank, formed its anti-scam squad in 2019. The squad includes more than a dozen people monitoring fraud alerts round-the-clock.
- OCBC - Consolidated its anti-scam and fraud functions under one department then tripled its headcount for the team to more than 100.
- UOB - Declined to reveal how big its anti-scam team is, citing operational sensitivities.
Banks to remove clickable links in emails, SMS sent to customers as part of new security measures
New measures for digital banking are to be rolled out for banks in Singapore, after a recent spate of SMS phishing scams affected at least 469 of OCBC's customers
Banks in Singapore will be removing clickable links in emails or SMS messages sent to retail customers and set the threshold for funds transfer notifications to customers by default at S$100 or lower. These are part of several measures to protect account holders from phishing scams.
The changes, announced by the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) in a joint statement on Wednesday (Jan 19), will be implemented within the next two weeks. The new measures came after at least 469 customers were affected by an SMS phishing scam targeting OCBC bank customers, with losses totalling at least S$8.5 million. The fraudsters had sent out fake bank alerts that spoofed the bank's official SMS channel, duping many of them into clicking on web links and giving up their personal account information last month.
In the joint statement, MAS and ABS said that these measures will bolster the security of digital banking, given that it will lengthen the time taken for certain online banking transactions and also provide an added layer of security to protect customers’ funds. Other measures that banks will be putting in place include:
- Delaying activation of a new soft token on a mobile device by at least 12 hours
- Sending notification to a customer's existing mobile number or email registered with the bank whenever there is a request to change a customer’s mobile number or email address
- Introducing a cooling-off period before executing requests to important account changes such as in a customer’s key contact details
- Having dedicated and well-resourced customer assistance teams to deal with feedback on potential fraud cases on a priority basis
- More frequent scam education alerts
Banks don’t send SMS clickable links, police and DBS warn after $446k lost to scams in 2 weeks
Victims were misled into clicking on links in unsolicited SMSes. In these SMSes (bearing overseas numbers, local numbers, or short codes), the scammers claim to represent DBS/POSB Bank, and warn their victims of “possible unauthorised attempts to access their DBS/POSB bank accounts”. Next, the victims are urged to click on the embedded URL links to “verify their identities and stop the transactions”. After clicking on the links, the victims are directed to spoofed DBS websites and misled into providing their Internet banking credentials and one-time password (OTP), which the scammers use to make unauthorised withdrawals.
Since early 2022, all banks have removed clickable links in e-mails or SMSes to their retail customers. This measure is among safeguards that banks have implemented to combat phishing scams, such as lowering the default threshold for funds transfers, transaction notifications to customers and increasing the frequency of scam education alerts. The police and DBS advised members of the public to adopt these precautionary measures to protect themselves from being scammed:
- ADD – Install the ScamShield app to protect against scam calls and SMSes. Set up security features like transaction limits for Internet banking transactions, and two-factor or multi-factor authentication for banks and e-wallets.
- CHECK – Be wary of links in unsolicited SMSes that lead to a bank’s website. Never disclose personal or banking credentials, including OTPs, to anyone. Verify the authenticity of claims of problems with bank account or cards issued by the bank with the official bank website or sources. DBS will never send customers clickable links via SMS. Neither will its employees call customers to ask for Internet banking credentials or OTPs.
- TELL – Tell the authorities, family and friends about scams. Report any fraudulent transactions to DBS immediately.
Banks to tighten security, remove clickable links in SMSes after OCBC phishing scams
These measures were introduced following a spate of SMS phishing scams targeting bank customers Foto Lim Yaohui
Banks in Singapore will have to put in place more stringent measures to bolster the security of digital banking, such as removing clickable links in SMSes or e-mails sent to retail customers, within the next two weeks.
These additional measures were introduced in view of the recent spate of SMS phishing scams targeting bank customers, the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) said in a joint statement on Wednesday (Jan 19). This comes after OCBC Bank said it would cover in full the losses suffered by its customers to SMS phishing scams last month and as other local banks, the Singapore Police Force and the Supreme Court issued warnings about phishing scams targeting their users.
The measures include a delay of at least 12 hours before activation of a new soft token on a mobile device, notification to existing mobile number or registered e-mail whenever there is a request to change a customer's contact details, and dedicated customer assistance teams to deal with feedback on potential fraud cases on a priority basis. The threshold for funds transfer transaction notifications to customers will also be set by default at $100 or lower, more frequent scam education alerts will be sent out, and additional safeguards such as a cooling-off period before implementation of requests for key account changes will also be in place:
- Remove clickable links in SMSes and e-mails to retail customers
- Dedicated customer assistance teams to deal with feedback on potential fraud cases
- Threshold for funds transfer to be set by default to $100 or lower
- Delay of at least 12 hours before activation of new soft token on mobile device
- Notifications to be sent to existing mobile number or e-mail for requests to change these details
- Cooling-off period before implementing requests to make key changes, such as contact details
Additional Measures to Strengthen the Security of Digital Banking
The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) today announced additional measures to further safeguard customers from digital banking scams. These measures complement those announced on 19 January 2022.
In consultation with MAS and the Singapore Police Force (SPF), banks are progressively implementing the following additional measures, which will be in full effect by 31 October 2022:
- require additional customer confirmations to process significant changes to customer accounts and other high-risk transactions identified through fraud surveillance;
- set the default transaction limit for online funds transfers to S$5,000 or lower;
- provide an emergency self-service “kill switch” for customers to suspend their accounts quickly if they suspect their bank accounts have been compromised;
- facilitate rapid account freezing and fund recovery operations by co-locating bank staff at the SPF Anti-Scam Centre;
- enhance fraud surveillance systems to take into account a broader range of scam scenarios.
To minimise the risk of navigating to fraudulent websites, bank customers are strongly encouraged to use mobile banking apps, as opposed to web browsers. Banks will continue to enhance the functionality of their banking apps and assist customers to make the transition towards greater use of these apps. To ensure sustained investment in the industry’s anti-scam initiatives, an ABS Standing Committee on Fraud, comprising the seven domestic systemically important banks, will take forward the work of the Anti-Scam Taskforce established in 2020. The Committee will report directly to the ABS Council and will drive the industry’s anti-scam efforts, implement robust measures to safeguard customers, and reinforce public confidence in the security of digital banking. Under the Committee, the on-going anti-scam work of the industry will be formalised into the five key workstreams covering: customer education; authentication; fraud surveillance; customer handling and recovery; and equitable loss sharing. The Committee will work alongside member banks to continually review and enhance anti-scam measures for effectiveness and relevance as the scam landscape evolves.
DBS, OCBC, UOB customers can lock up savings to guard against scams; funds must be unlocked in person
DBS, OCBC and UOB on Monday (Nov 27) announced new money-locking features for customers to guard against scams.
Customers will be able to lock up their funds using their app or internet banking, and these funds can be unlocked when customers visit bank branches to verify their identity. OCBC customers can also use ATMs to do so.
DBS is progressively rolling out its features from Monday, while OCBC and UOB will start on Thursday:
- DBS - DBS' new feature, called digiVault, enables customers to lock up their money digitally in a designated account, from which funds cannot be digitally transferred out.
- OCBC - Unlike DBS and UOB, OCBC customers will not need to open a new bank account to use its Money Lock feature. Funds can be locked using the app or internet banking.
- UOB - UOB customers can open new LockAway accounts that do not allow digital payments and outbound transfers.
DBS, OCBC and UOB to roll out 'money lock' feature that lets customers block savings from digital transactions
Major banks are turning to the “money lock” feature to make it harder for fraudsters to siphon money.
PHOTO: The Straits Times
A new security feature that allows bank customers to block their savings from digital transactions will be rolled out by major banks DBS, OCBC and UOB by the end of November.
Once locked in, the money cannot be transferred through digital means, but can be moved only in person at an ATM or at a branch, depending on the bank.
The "money lock" feature is the latest measure adopted by banks to make it harder for fraudsters to siphon money out of a hacked account. This comes as scams continue to plague the nation, with more than 750 victims losing at least $10 million in total after falling prey to malware scams in the first half of 2023.
‘Money lock’ activated for about 38,000 Singapore bank accounts, protecting over S$3.2 billion in savings
Launched by local banks in November, the “money lock” feature helps to mitigate losses if a customer’s digital access to bank accounts is compromised. PHOTO: BT FI
THE “money lock” feature offered by local banks – which lets customers set aside funds so they cannot be transferred – has been activated on about 38,000 accounts in Singapore, with over S$3.2 billion of savings set aside, said Deputy Prime Minister Lawrence Wong on Wednesday (Jan 10) in a written parliamentary answer.
Launched by local banks in November, the feature helps to mitigate losses if a customer’s digital access to bank accounts is compromised.
Wong was replying to Member of Parliament Saktiandi Supaat, who asked for data on the take-up rate of the feature. The Monetary Authority of Singapore (MAS) is working with other major retail banks to introduce the money lock feature as well, said Wong.
Banks to have more anti-scam measures by Oct 31, including 'kill switch' to freeze accounts
The slew of measures to stop digital banking scams will be implemented by Oct 31, 2022 FOTO: KUA CHEE SIONG
An emergency self-service "kill switch" that lets customers freeze their bank accounts if they suspect that their accounts have been compromised is among a slew of measures that will be introduced to stop digital banking scams.
They will be implemented by Oct 31, said the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) on Thursday (June 2). The measures complement those announced on Jan 19, which include the removal of clickable links in e-mails or SMSes sent to retail customers and having a delay of at least 12 hours before activation of a new soft token on a mobile device.
Among the added measures is having the default transaction limit for online fund transfers set to $5,000 or lower a day. Additional customer confirmations will be required to process significant changes to customer accounts and other high-risk transactions identified through fraud surveillance. Fraud surveillance will be bolstered as well to take into account a broader range of scam scenarios. Banks will also facilitate rapid account freezing and fund recovery operations by co-locating bank staff at the Singapore Police Force (SPF) Anti-Scam Centre.
Negligent banks, telcos may be held responsible for scam victims’ losses as part of proposed measures
Financial institutions and telecommunication companies (telcos) in Singapore may have to compensate their customers who have fallen prey to scams if they are found to have breached their responsibilities.
These responsibilities prescribed under a proposed framework include failure by banks to send outgoing transaction alerts to consumers and telcos failing to implement a scam filter for SMSes. As a start, the framework will focus on phishing scams which account “for a sizeable proportion of unauthorised transactions” here.
These are among the proposals put forth by the Monetary Authority of Singapore (MAS) and the Infocomm Media Development Authority (IMDA) on Wednesday (Oct 25) in a long-awaited consultation paper on how losses arising from scams will be shared between companies and consumers. The shared responsibility framework was first announced in February 2022 after close to 800 OCBC customers lost a combined S$13.7 million to scammers.
Singapore and Meta Unite to Crackdown on Online Scams
The Singapore police force has joined hands with social media giant Meta in a concerted effort to combat the burgeoning issue of online scams and eliminate suspicious content from the digital landscape. Online scammers have been honing their craft, using enticing advertisements on platforms such as Facebook and Instagram to bait unsuspecting victims, leading to an alarming surge in scam cases.
According to the police, the first six months of this year saw victims losing a staggering S$334.5 million to scams. This marked a 64.5% increase in scam cases, hinting at the escalating severity of the situation. The demographic that was found most vulnerable to such scams were young adults between the ages of 20 to 39. They primarily fell prey to e-commerce, job, and phishing scams, highlighting the diverse nature of the scamming strategies employed. Scammers have been leveraging a variety of channels to reach their potential victims. These include messaging platforms, social media, phone calls, online shopping platforms, and even text messages. An alarming trend that emerged was the rise in malware scams targeting Android device users. Over 750 cases were reported, with victims suffering losses amounting to at least S$10 million, including a substantial S$218,000 from CPF savings.
This rising trend of online scams has far-reaching implications, not just for individuals but also for the larger digital ecosystem. The collaboration between Singapore police and Meta could pave the way for more such alliances between law enforcement agencies and tech companies, potentially creating a safer online environment. While this is a step in the right direction, it is crucial for individuals to remain vigilant and exercise caution while navigating the digital space.
DBS, UOB become latest banks to restrict access if unverified apps are found on customers' phones
Local banks DBS and UOB are rolling out new anti-scam security measures that include restricting customers from accessing the banks’ digital services on their mobile phones if apps from unverified app stores – also known as sideloaded apps – are detected.
They are the latest banks in Singapore to do so – after OCBC and Citibank – amid a spate of malware scams targeting users of Android devices. DBS said on Tuesday (Sep 26) that its new anti-malware tool for Android phones seeks to prevent scammers from fraudulently logging into customers’ accounts by restricting app access if it detects potential risks.
One such security risk is the presence of malware or malicious applications on customers’ phones. This new function has gone live, the bank’s head of legal and compliance Lam Chee Kin told CNA.
Singapore introduces potent anti-scam measures
Singapore will step up up efforts to stamp out phishing and spoofing, ministers told the island nation's parliament on Tuesday. The topic earned ministerial attention after instances of attacks and scams soared recently. The standout example is the attack on Southeast Asia's second-largest bank, the Oversea-Chinese Banking Corporation (OCBC). In the OCBC bank scam, threat actors stole a combined SG$13.7 million ($10.2M) from 790 customers by spoofing text messages in what minister of finance Lawrence Wong referred to as "by far the most serious phishing scam seen" in Singapore.
Wong detailed [VIDEO] several ways banks would be expected to improve security, including using more diverse machine learning algorithms to strengthen fraud detection tools to identify suspicious transactions. Banks will also be required to block suspicious transactions in a more consistent fashion, require additional customer confirmations for high-risk transactions or changes to account details, expand biometric technology, and accelerate adoption of – and preference for – mobile banking apps. "These [measures] will introduce some frictions to customers undergoing genuine transactions," Wong predicted, "but we will all need to adapt and get used to these inconveniences." Furthermore, Wong said customers and banks would have a shared responsibility for any losses in the future in order to prevent a "weaken[ed] incentive to be vigilant" on the part of the customer.
Communications and information minister Josephine Teo then highlighted new and future measures to prevent cyberscams – including an enhanced effort by the government to block malicious websites. "In 2020, we blocked about 500 suspected scam websites, by 2021 the net was cast much more widely and 12,000 were blocked,” said Teo. She noted the government had the capacity to block more, but that it could become a futile game of whack-a-mole as scammers react quickly and dynamically to circumvent the measures. Teo revealed that at the peak of the OCBC phishing expedition, which lured customers to a website identical to the bank's and incentivized them to input their credentials, the government blocked 52 sites related to the scam in one day.
Protect yourself from online scams and attacks
Gone phishing
One of the most common attacks we see are what we call “phishing” attacks (pronounced like fishing). This is when an attacker contacts you pretending to be somebody you know or an organization you trust, and tries to get you to give them personal information or open a malicious website or file. Most phishing attempts arrive via email, but they can also come via text messages, direct messages on social media, or even phone calls (what we call "Vishing").
What they all have in common are:
- A trusted sender - The message or call will appear to come from a person or organization you trust. Could be your bank, the government, a service like Netflix or Spotify, a tech company like Microsoft, Amazon, or Apple, or some other service you recognize. The truly daring scammers may try to impersonate your boss or a family member.
- An urgent request - The messages usually have a sense of urgency to them. Something is going to be canceled, you’re going to have to pay some kind of penalty, or you’re going to miss out on some kind of special deal, and you have to act NOW. The urgency is to get you to take the message seriously and also to get you to act on the message without thinking about it too much, consulting a trusted advisor, or looking into whether the message might be a fake.
- A link or attachment - The message will include something you need to click on – a link to a website, or an attached file most commonly. The website will likely be a fake version of a legitimate website, designed to fool you into entering your username and password, or other personal information, so they can steal that information to use themselves. Any attached file is almost certainly malware.
What can you do about phishing?
- Look carefully at any messages you get that want you to take urgent action. Pay particular attention to the email address of the sender. If the message claims to be from your bank but the sender’s address is not your bank’s domain name that should be a loud warning.
- Never open any links or attachments you weren’t expecting; even if they appear to come from somebody you trust.
- If you get a link that appears to be from your bank or other trusted organization, open a new tab in your web browser and go directly to the organization’s website from your own saved favorite, from a web search, or by typing in the organization’s domain name yourself. A link from a phishing email will take you to a site that looks very genuine but is designed to trick you into entering your personal information.
- If you get an attachment you weren’t expecting, don’t open it. Instead reach out to the sender, preferably via a different method like text message or phone call, and confirm that the attachment is genuine before you open it.
- Use SmartScreen for Microsoft Edge which can help to block known phishing websites.
Top Online Scams and How to Avoid Internet Scams
The internet is such an integral part of our lives that it can be easy sometimes to forget that not everyone we encounter online has our best interests at heart. Internet scams are an ever-present threat, with hackers and cybercriminals doing their best to stay one step ahead of internet users. Staying informed of the risks and how to combat them is the best way to keep safe. Here is a list of the top online scams and how to avoid getting duped:
- Job offer scams - Job offer scams increased during the coronavirus pandemic. In this scam, you receive an unsolicited email offering a job, typically not in your area of expertise, often for a mystery shopper or similar position. When you accept, you are paid by check or money order for an amount greater than your "employer" offered. You are then asked to send back the difference, only to discover the original check or money order was fake, and you're out of the money you sent to your fake employer.
- Lottery scams - Reportedly, lottery scams were the fourth most common type of scam in the US in 2020. You typically receive an email with these scams claiming you have won a little-known lottery, usually in another country and always with a substantial pay-out. To claim your prize, you will be asked to pay a fee. Scammers will often say these fees are for insurance costs, government taxes, bank fees, or courier charges. You are asked to send personal details for verification, and suddenly you're the victim of identity theft, and the money you sent is gone.
- Beneficiary scams - You get an email from someone who is looking to move some money around quickly. These emails sometimes come from people claiming to be royalty – you’ve probably heard of the Nigerian prince scam – but more often, they're from a "businessman" who says he has millions to move out of the country and wants your help in exchange for a cut of the profits. The sender includes just enough details to make the offer seem legitimate. But the money is inevitably delayed, leaving you on the hook for a host of small payments to facilitate the transfer of funds.
- Online dating scams - Romance scams are on the rise. You meet someone through a dating app or website, you start to get to know each other, and it can feel authentic. However, you can never be sure who is on the other side of your screen. If you find yourself in an online relationship with someone who begins to ask for money or asks you to redirect items they send you, then the person you've met is a scammer.
- Charity fraud scams - After large-scale natural disasters or other high-profile public tragedies, you want to help any way you can, and scammers know to capitalize on this. They set up fake donation sites and accounts and then craft an emotional pitch email to solicit funds that never reach the victims. These scams are successful because they play on sympathy, but always make sure you do your research. Fact-check any donation sites and make sure they are affiliated with the issues they claim to represent.
- Coronavirus scams - The pandemic gave fraudsters the opportunity to devise new scams – although often these were variations on existing scams but repackaged with a fresh coronavirus angle.
- Repair scams - In a scam that starts in the real world and quickly moves into the online one, you receive a phone call from someone who claims to work for "Microsoft", or another large software company, claiming they can fix PC issues like slow internet speeds and loading times. It sounds helpful, and so when the email arrives in your inbox, you download a remote access program, which allows scammers to take control of your computer and install malware. Not all consumers are equally tech-savvy, so many don't know how their PC works and are easily deceived by scammers. Once they install malware, they have access to your files, data, and personal information.
- Social media scams - Social media scams are becoming increasingly more popular and come in many forms.
- Robocall scams - If you answer the phone and hear a recording rather than a live person speaking, that’s a robocall. Robocalls are sometimes used to deliver useful information, such as appointment reminders or flight cancellations. Mostly though, they are unsolicited marketing calls, and many of them are scams.
- Messaging scams -Fraudsters also use messaging systems and apps, such as SMS, WhatsApp, Facebook Messenger, Viber, Skype, Google Hangouts, and others, to scam you out of money. Phishing scams carried out via SMS are known as “smishing”.
- Online shopping scams - Scammers use the latest technology to set up fake retailer websites that look like genuine online stores, using stolen logos and copied designs. Many of these websites offer popular brands of clothing or jewelry, or gadgets at low prices. Sometimes you may receive the item you’ve paid for, but often you don't. A more recent version of the scam involves setting up a social media store, which usually disappears after a while to resurface again in another guise.
Ten tips to protect yourself from online scams
The convenience of online shopping is undeniable. You can browse hundreds of items from the comfort of your home and make a purchase anytime with just a single tap. However, while it is convenient, it might come at the cost of higher vulnerability from cyber crimes and scams. With increased reliance on digital technologies, e-commerce platforms, mobile devices and websites have become the prime platforms for scammers to target unsuspecting shoppers to steal personal information or money.
Indeed, online scams are becoming more prevalent – online scams have hit an all-time high, surging to 31,728 cases here last year, as reported by the Singapore Police Force. After all, scams are not so easy to spot. Phishing scams, the most common type of scams in Singapore, grew by 41.3% in 2022 compared to 2021. E-commerce scams, the third most common type, increased by 74.5% in the same period.
But not all hope is lost – an enjoyable and safe online experience is still possible if you practice good cyber hygiene. This article aims to provide tips to strengthen your cyber protection, minimise your risks and stay safe and secure online:
- Learn to spot fake emails, SMSes and websites (watch out for phishing)
- Use secure websites
- Change your passwords regularly
- Turn on 2-step verifications and set notifications for all credit/debit card transactions
- Check credit card statements regularly
- Use anti-virus software
- Update your software and devices regularly for the latest security patches
- Use a virtual private network (VPN) when accessing public or free Wi-Fi networks
- Avoid sharing personal or sensitive information with unverified entities
- Be cautious when making online purchases
Scams: Types, Impact & How to Avoid Them
Being a victim of scams can be very distressing, given the financial, social, and emotional impact it has on us. With statistics showing a marked increase of scam cases in 2021 and the recent arrest of over 157 suspects linked to nearly 500 cases of scam, it is clear that scam is on the rise in Singapore. Recently, our team has contributed to a media article on the psychological impact of scams. As such, this article serves to highlight the threat of scams and support you if you have been a victim.
Common Types of Scams in Singapore:
- SMS PHISHING SCAMS- Scammers impersonate a bank (such as DBS, POSB, or OCBC), and direct recipients to rectify issues such as errors or accounts being suspended through a link, usually requiring them to key in their bank details. In doing so, scammers gain access to victims’ bank account details withdraws from their accounts.
- E-COMMERCE SCAMS - Scammers employ a variety of methods to cheat victims on e-commerce sites. Some of the scams involved are Selling popular goods at a low price, such as Nintendo Switches, before disappearing with the payment. Listing “jobs” that require a victim to make advance payment to a non-existent e-business to boost sales; victims instead transfer money into the scammer’s bank account. Sending out messages to users awaiting delivery, informing them that their packages have been lost and asking for recovery payment
- LOAN SCAMS - Scammers send out messages via SMS or WhatsApp while impersonating licensed moneylenders. Loan scammers often require victims to place multiple deposits into a bank account as “set up” processes for trial loans. However, borrowers never receive the loan amount promised as the scammers disappear with the deposit.
Best online security practices to protect yourself from scammers
Online scams are on the rise. From scammers impersonating Singapore Police Officers to text messages that retrieve confidential information – leading to victims losing their life savings through unauthorised transactions.
Mr Chiah Tian Ming, a Fraud Analyst at Hugo, spent more than six years in anti-fraud and anti-money laundering roles in notable banks shared with The Independent Singapore the top 14 ways to ensure your banking and personal details are safe from scammers. With bank clients losing millions in phishing scams, there is an increased need for public awareness regarding online scams and how they operate. Risk management and anti-fraud experts from financial technology company, Hugo, have provided fool-proof ways to protect oneself from scammers.
Ms Julia Chin, the Head of Compliance at Hugo, with over 20 years of experience in risk management and compliance at international financial institutions across Asia and the Middle East, along with Fraud Analyst, Mr Chiah Tian Ming, advised the below:
- Do not give away sensitive banking details such as usernames, PINs, passwords to anyone.
- Strengthen your account security by using sophisticated and unique passwords and storing them safely for reference.
- Refrain from sharing too much personal information online to prevent scammers and hackers from piecing details together.
- Don’t fall for social engineering schemes such as phishing emails and texts, scam calls and scareware (malicious computer programs that trick users into buying or downloading unnecessary and potentially dangerous software).
- Pay close attention to the URL, meaning it must perfectly match the original website.
- Be familiar with your bank’s security measures and double-check with the bank if there are changes, such as the login and authentication processes.
- Ensure that a website has valid Secure Sockets Layer (SSL) certificate, which authenticates a website’s identity and provides an encrypted connection between a web server and browser.
- Maintain optimal security by updating to the latest versions of web browsers as they keep to date with the best anti-phishing systems.
- Routinely scan and clean your device for potential malware using trusted software.
- Avoid shady sites and install high-quality firewalls to prevent your device from being infected with malware or spyware.
- Use 2-factor authentication when possible because this is a fundamental way to add extra security to your online activity.
- Avoid conducting online banking transactions on public or shared computers.
- Routinely log out and clear your caches just to be safe.
- Monitor bank account transactions regularly to keep track of any suspicious behaviour.
Most common scams in Singapore 2022
In 2022, phishing scams were the most common type of scam in Singapore, with around 7.9 thousand cases reported. Job scams also represented a prevalent form of fraud in the country, with over 6.49 thousand cases reported.
Phishing threat in Singapore - In Singapore, around 42 thousand different phishing URLs with a .SG domain were detected in 2022. The highest number of phishing URLs was recorded the previous year, with around 55 thousand. Phishing attacks can take many forms, such as corporate e-mail compromise (CEC), mass phishing, or smishing. These phishing e-mails represent a crucial risk for businesses. They can also lead to ransomware infections, which have also increased in recent years.
Data breaches - Companies and governments are increasingly relying on technology to collect, analyze, and store personal data. This can lead to potential risks when such data is affected by cyber incidents. In Singapore, the number of exposed data points per thousand people reached 26 in 2022. Over the same period, around 154 thousand data sets were reported as leaked in the country.
10 scams happening in Singapore
There’s been a sharp rise in the number of cyber scams and real life cheating incidents in Singapore.
Here are the on-going ones you should be aware of:
TOP 5 SCAMS: (30 SEP TO 06 OCT 2023)
An unusually good deal for a gadget, amusement park or concert tickets attracts your attention online. You transfer payment to the ""seller"" who promises delivery of the item. In some cases, the seller demands further payment for duties or delivery charges after the first payment is made. Ultimately, you never receive the item.
You receive an unsolicited job offer via messaging apps, social media, etc. Very often, potential ‘employers’ will offer high pay with very little time commitment or effort.
You receive a call, text or email soliciting personal information in order to claim a prize, secure your online accounts or to help investigate fraudulent transactions.
You receive a message from someone claiming to be stockbrokers or bank or financial company employees on social networking sites like Facebook, WeChat or Line. They ask you to share personal details like NRIC and passport numbers for an investment form. You are then asked to transfer money to banks in Hong Kong and China, pay hefty administrative and security fees, and taxes in order to receive the profits and returns.
This scam usually involves a phone call or in-app call (e.g WhatsApp) from someone claiming to be a local government official (e.g. government official, police officer or court official), staff from a bank or telco, or a representative of a Chinese bank or courier company.
Scam Climate in Singapore
Scams are a big problem today not just locally, but also around the world. And in Singapore itself, between 2016 and 2020, the number of scams reported to the Police have increased 3-fold, from around 5,400 to about 16,000 cases recently.
In 2020, scams accounted for 42% of all crime cases in Singapore, and with the losses estimated about S$265 million. Besides financial losses, we all know the emotional trauma and the consequences of being scammed can be very serious. For example, in my community work, we often come across victims of our residents to share about how they became affected or depressed after losing tens of thousands of dollars to scams. Last year, MHA’s Home Team Behavioural Sciences Centre (HTBSC) conducted the National Prevalence Survey on Scams:
- It was found that actually the majority of respondents – approximately six in 10 – had encountered scams in one way or another in the past one year, indicating that actually there is a high prevalence of scam in Singapore. Of these respondents, approximately seven in 100 had actually fallen victim before.
- Contrary to popular belief, it is not just the elderly that are vulnerable to scams. In fact, survey respondents between the age 20 to 39 made up almost half of the scam victims, although they accounted for only about one-third of the total respondents.
Of particular concern are scams that take place over online and digital mediums. Digitalisation has changed the way we live, we work, and interact with one another and have given us a lot of conveniences online. However, we may not possess good cyber knowledge to adequately protect ourselves online and as a result, may be at risk of falling victim to scams. And our surveys showed two behavioural traits.
A COLLABORATIVE APPROACH AGAINST SCAMS
Scam cases have been rising in recent years. This situation has only worsened with the COVID-19 pandemic as more people stay at home and engage in online activities. For the first half of 2021, scam cases increased by 16% to 8,403 cases, up from 7,247 cases in the same period in 2020. To combat scams, the ASC adopts six I’s in its approach – Information processing, Intervention, Investigations, Initiatives, Inculcation and International Co-operation.
In the first year of the ASC’s operations, more than 8,600 reports were received, which led to ASC officers successfully recovering more than $21.2 million and freezing more than 6,100 bank accounts (which interrupts the flow of victims' funds to scammers and disrupts their operations). Two years into its formation, the ASC has recovered more than $127 million.
Combatting Scams and Safeguarding Singapore, Together
With scams increasingly driving up crime rate over the last few years, the Home Team will take a multi-layered approach by:
- Block Scammers
- Secure Legitimate Services, government and banking channels
- Strengthen Enforcement
- Strengthen Legislative Levers, toughen our laws
Public education for a vigilant and discerning public is the best defence against scams. The Home Team will empower individuals to take actions to protect their loved ones and themselves in the fight against scams.
10 recommendations to beat online scams
Online scams spread through modern businesses like wildfire, and in 2022, the temperature only increased. In just 12 months, cybercriminals stole around $55 billion from their targets. Businesses must take the lead on extinguishing this wildfire, both individually and together in alliances like the GASA.
When alliances act, legislators listen. Our partners in the Global Anti-Scam Alliance compiled 10 recommendations to protect consumers online, and they’re presenting then to the European Commission and other authorities at the CyberSec Europe Expo & Conference. As a key stakeholder, EBRAND’s sending our CPO Jano Vico to the conference, to represent your interests as internet users trying to stay boosted and protected online. This whole process also delivers a learning opportunity, and we can guide you through each of GASA’s recommendations with some extra applied insights.
Here’s a sneak peek at GASA’s recommendations, and why they matter to you:
Raise awareness and unify consumers against online scams
Facilitate One National, Easy, Online Reporting Platform
Set-up cross-organizational support for fraud victims
Develop Infrastructural Tools to Protect Consumers
Make Fraud Traceable
Set-up a Dedicated Consumer Cyber Security Center
Establish a Global Scam Data Sharing Hub
Make Service Providers responsible & liable for scammer enablement
Allow Preventive Action (Warn, Block, Stop)
Enact an International Scam Investigation & Prosecution Network
List of recommended antivirus apps released by CSA as mobile security threats rise
For the first time, Singapore's cyber-security watchdog has released a list of recommended antivirus apps, with features such as malware and phishing detection, amid mounting mobile security threats.
The move is part of the latest national campaign by the Cyber Security Agency of Singapore (CSA) launched on Saturday (Sept 30). Besides encouraging the use of antivirus tools and the scam-busting app ScamShield, the campaign urges the public to enable two-factor authentication and use strong passwords, stay alert to phishing scams, and update their software promptly.
CSA listed seven recommended antivirus apps each for Android and iOS devices. The apps, which come in free and paid versions.
Android:
- Avast Antivirus and Security - free
- AVG Antivirus and Security - free
- Kaspersky Antivirus and VPN - paid
- Lookout Security and Antivirus - paid
- McAfee Security: VPN Antivirus - paid
- Mobile Security and Antivirus (Trend Micro) - paid
- Norton360 Antivirus and Security - paid
iOS:
- Avast Security and Privacy - free
- AVG Mobile Security - free
- Kaspersky: VPN and Antivirus - paid
- Lookout - Mobile Data Security - paid
- McAfee Security: Privacy and VPN - paid
- Norton360 Security and VPN - paid
- TM Mobile Security - paid
Scammers target PM Lee in fake online ads
He said such advertisements, which tend to surface after a major speech or announcement with lots of media coverage, have re-emerged in the past few days.
“If the ad uses my image to sell you a product, or asks you to invest in some scheme, or even uses my voice to tell you to send money, it’s not me,” he added.
Deepfake video of DPM Lawrence Wong promoting investment scam circulating on social media
A deepfake video of Deputy Prime Minister Lawrence Wong promoting an investment scam has been circulating on Facebook and Instagram.
In the video, his mouth is noticeably altered to synchronise with a fake voice-over promoting an investment scam. The voice-over mimics the pitch and intonation of his real voice. The Straits Times’ logo is used at the top right-hand corner of the video.
The video has modified footage of DPM Wong at a media doorstop interview recorded by ST. An SPH Media spokeswoman said the video in question was not created or published by the company or ST.
DEEPFAKE VIDEO OF PM LEE PROMOTING SOME INVESTMENT SCAMS
Prime Minister (PM) Lee Hsien Loong appears to be promoting a crypto-trading video on the Beijing-based news outlet China Global Television Network (CGTN). Yes, PM Lee seems to be discussing the benefits of a hands-free crypto trading platform, which boasts the ability to compute algorithms, analyse market trends, make strategic investment decisions, and execute trades—all autonomously, without any manual input from the user.
On 29 Dec, PM Lee shared a recent deepfake video that has been circulating online. Elaborating on the type of scam involved, PM Lee explained that scammers employ AI (artificial intelligence) technology to mimic our voices and images. They transform real footage of us, taken from official events, into very convincing but entirely bogus videos of us purportedly saying things we have never said. PM Lee urged people not to respond to such scam videos, which promise guaranteed returns on investments.
DEEPFAKE VIDEO OF DPM LAWRENCE WONG SELLING SOME INVESTMENT SCAM
Deepfakes are media that have been altered by AI to look or sound like someone. In the video, DPM Wong’s mouth is altered to synchronise with a fake voiceover that sounds like him. Yes, the voiceover mimics the pitch and intonation of DPM Wong’s actual voice. Don’t believe me? You can watch the deepfake video here.
Notably, the video was made from modified footage of DPM Wong giving an interview recorded by The Straits Times. The deepfake video promotes an investment scam, even using terms reminiscent of a DPM speech, like “my dear Singaporeans”.
Spate of Online Scams
68-Year-Old Woman Loses Over S$72,500 to Malware-Laden App
In the digital age, cybercrimes are becoming a frequent occurrence worldwide. Singapore, one of the technologically advanced nations, is no exception to this trend. Recently, several individuals have fallen prey to scams involving malware-infected apps downloaded from third-party sites. These scams, often initiated through social media advertisements, have led to substantial financial losses for the victims.
Primarily, the scams unfold with victims responding to advertisements on platforms like Facebook. They are subsequently directed to download an app to facilitate their transactions. Unbeknown to them, these apps are infected with malware, enabling scammers to gain control over their devices and, consequently, their bank accounts. The victims are then subjected to unauthorized transactions, leading to considerable amounts being drained from their savings.
In one alarming instance, a 68-year-old woman lost over S$72,500 from her bank account after downloading a third-party app. She believed the app was required to list her items for sale. The woman was enticed by a Facebook advertisement from a recycling company that expressed interest in buying pre-loved furniture and electronics. After contacting the supposed buyer via Facebook Messenger, she downloaded the app, unaware of the imminent threat. Once the app was installed, the scammers managed to raise her transaction limit and transferred a total of S$72,500 out of her account. Upon realization of the financial loss, the victim and her son lodged a police report. The incident is currently under investigation.
Artificial Intelligence Impersonation
He said such advertisements, which tend to surface after a major speech or announcement with lots of media coverage, have re-emerged in the past few days.
“If the ad uses my image to sell you a product, or asks you to invest in some scheme, or even uses my voice to tell you to send money, it’s not me,” he added.
All Singapore local calls will not display a '+' prefix wef 15 Apr 2021
International calls to have plus sign prefix to combat scam calls
All incoming international calls will be prefixed with a plus sign (+) beginning April as part of efforts to protect members of the public from scam calls, said Senior Minister of State for Communications and Information Janil Puthucheary in Parliament on Tuesday (March 3).
From April 15, the Infocomm Media Development Authority (IMDA) will require all telecommunication companies (telcos) in Singapore to introduce this measure to help combat such spoof calls from overseas.
Domestic calls will not display such a prefix.
related: