Received a call from 'DBS' from this number 91418609. An automated person telling me that I had made several repeated transactions and to press '1' to hear message again or press '2' to speak to Customer Service.
Do not respond by pressing '1' or '2' coz it is from Hackers which will lead you to their Scam Sites and their Malware will take 'Full Control' over of your Hand Phone and deplete your Bank Account.
Always remember that Banks will not send 'Clickable Links' via your Hand Phones, SMSes, messages or Emails. If you wish to verify with the Bank's Customer Officer, please use the Bank's Official Contact Number or their Online Websites. Banks to remove clickable links in emails, SMS sent to customers as part of new security measures.
Singapore banks to phase out use of OTP for login for customers using digital tokens
Use of OTPs for bank account login for customers who are digital token users will be phased out within the next 3 months
Major retail banks in Singapore will phase out the use of OTPs for account login for customers who are digital token users within the next three months. These include the three local banks: DBS Bank, OCBC Bank and UOB. Customers who are using physical tokens will not be affected. Customers who have activated their digital token on their mobile device will have to use it when they log into their bank account via an internet browser or a mobile banking app.
The digital token will authenticate customers’ login without the need for an OTP, which scammers can steal or trick customers into disclosing, MAS and ABS said. The feature is integrated into mobile banking apps and often requires biometric or face recognition to authenticate logins or transactions. “Customers who have not activated their digital tokens are strongly encouraged to do so, to lower the risk of having their credentials phished,” they added.
Banks to remove clickable links in emails, SMS sent to customers as part of new security measures
New measures for digital banking are to be rolled out for banks in Singapore, after a recent spate of SMS phishing scams affected at least 469 of OCBC's customers
Banks in Singapore will be removing clickable links in emails or SMS messages sent to retail customers and set the threshold for funds transfer notifications to customers by default at S$100 or lower. These are part of several measures to protect account holders from phishing scams.
The changes, announced by the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) in a joint statement on Wednesday (Jan 19), will be implemented within the next two weeks. The new measures came after at least 469 customers were affected by an SMS phishing scam targeting OCBC bank customers, with losses totalling at least S$8.5 million. The fraudsters had sent out fake bank alerts that spoofed the bank's official SMS channel, duping many of them into clicking on web links and giving up their personal account information last month.
In the joint statement, MAS and ABS said that these measures will bolster the security of digital banking, given that it will lengthen the time taken for certain online banking transactions and also provide an added layer of security to protect customers’ funds. Other measures that banks will be putting in place include:
- Delaying activation of a new soft token on a mobile device by at least 12 hours
- Sending notification to a customer's existing mobile number or email registered with the bank whenever there is a request to change a customer’s mobile number or email address
- Introducing a cooling-off period before executing requests to important account changes such as in a customer’s key contact details
- Having dedicated and well-resourced customer assistance teams to deal with feedback on potential fraud cases on a priority basis
- More frequent scam education alerts
Banks don’t send SMS clickable links, police and DBS warn after $446k lost to scams in 2 weeks
Victims were misled into clicking on links in unsolicited SMSes. In these SMSes (bearing overseas numbers, local numbers, or short codes), the scammers claim to represent DBS/POSB Bank, and warn their victims of “possible unauthorised attempts to access their DBS/POSB bank accounts”. Next, the victims are urged to click on the embedded URL links to “verify their identities and stop the transactions”. After clicking on the links, the victims are directed to spoofed DBS websites and misled into providing their Internet banking credentials and one-time password (OTP), which the scammers use to make unauthorised withdrawals.
Since early 2022, all banks have removed clickable links in e-mails or SMSes to their retail customers. This measure is among safeguards that banks have implemented to combat phishing scams, such as lowering the default threshold for funds transfers, transaction notifications to customers and increasing the frequency of scam education alerts. The police and DBS advised members of the public to adopt these precautionary measures to protect themselves from being scammed:
- ADD – Install the ScamShield app to protect against scam calls and SMSes. Set up security features like transaction limits for Internet banking transactions, and two-factor or multi-factor authentication for banks and e-wallets.
- CHECK – Be wary of links in unsolicited SMSes that lead to a bank’s website. Never disclose personal or banking credentials, including OTPs, to anyone. Verify the authenticity of claims of problems with bank account or cards issued by the bank with the official bank website or sources. DBS will never send customers clickable links via SMS. Neither will its employees call customers to ask for Internet banking credentials or OTPs.
- TELL – Tell the authorities, family and friends about scams. Report any fraudulent transactions to DBS immediately.
Singapore Police work with banks to block scams
The police and commercial banks notified victims to cease monetary transfers after detecting jobs, investments, fake friends, or e-commerce scams with robotic process automation technology.
They sent nearly 14,000 short messages to over 9,800 scam victims and averted potential financial losses of more than S$47 million (US$35 million), the police added.
MORE THAN 9,800 POTENTIAL SCAM VICTIMS ALERTED IN JOINT OPERATION BETWEEN ANTI-SCAM CENTRE AND SIX PARTNERING BANKS
The Singapore Police Force’s Anti-Scam Centre (ASC) and six banks leveraged Robotic Process Automation (RPA) technology in a coordinated effort to detect victims of job, investment, fake friend call, and e-commerce scams. The detection of the victims allowed the Police and the banks to intervene quickly to notify the victims to scams so that they can cease further monetary transfers, thereby minimising potential financial losses. The participating banks include DBS Bank, UOB Bank, OCBC Bank, Standard Chartered Bank, HSBC Bank, and GXS Bank.
During the two-month operation conducted from 1 May 2024 to 30 June 2024, ASC officers and the banks sent more than 13,984 SMSes to over 9,810 potential scam victims who are customers of the banks. The upstream detection of these potential scam victims resulted in the successful disruption of over 2,805 ongoing scams and averted potential financial losses of more than $47 million. The adoption of RPA technology streamlined the sharing and processing of information, enable the Police to swiftly reach out to potential scam victims through SMSes. The SMS alerts notified the victims to the suspicious transfers which the scammers had instructed them to perform and advised the victims to refrain from making additional transfers. Upon receiving the SMSes, most victims would realise that they had fallen prey to a scam and come forward to lodge a police report.
The Police urge members of the public to “ACT” against scams. The ACT acronym outlines how members of the public can Add security features, Check for signs, and Tell the authorities and other about scams:
- ADD – Add security features such as two-factor authentication for personal accounts, such as banks, social media, and Singpass accounts. Transaction limits for internet banking, including PayNow, could also be set up to limit the amount of funds that can be lost in the event of a scam.
- CHECK – Check for potential signs of a scam by asking questions, fact-checking requests for personal information and money transfers and verifying the legitimacy of online listings and reviews. Take the time to pause and check. If it is too good to be true, it is probably untrue, and a scam.
- TELL – Tell the authorities and others about scam encounters by reporting to the bank or by filing a Police report. Tell others about ongoing scams and preventive steps they can take. Report the fraudulent pages and/or monikers to the respective platforms.
Banks to tighten security, remove clickable links in SMSes after OCBC phishing scams
These measures were introduced following a spate of SMS phishing scams targeting bank customers Foto Lim Yaohui
Banks in Singapore will have to put in place more stringent measures to bolster the security of digital banking, such as removing clickable links in SMSes or e-mails sent to retail customers, within the next two weeks.
These additional measures were introduced in view of the recent spate of SMS phishing scams targeting bank customers, the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) said in a joint statement on Wednesday (Jan 19). This comes after OCBC Bank said it would cover in full the losses suffered by its customers to SMS phishing scams last month and as other local banks, the Singapore Police Force and the Supreme Court issued warnings about phishing scams targeting their users.
The measures include a delay of at least 12 hours before activation of a new soft token on a mobile device, notification to existing mobile number or registered e-mail whenever there is a request to change a customer's contact details, and dedicated customer assistance teams to deal with feedback on potential fraud cases on a priority basis. The threshold for funds transfer transaction notifications to customers will also be set by default at $100 or lower, more frequent scam education alerts will be sent out, and additional safeguards such as a cooling-off period before implementation of requests for key account changes will also be in place:
- Remove clickable links in SMSes and e-mails to retail customers
- Dedicated customer assistance teams to deal with feedback on potential fraud cases
- Threshold for funds transfer to be set by default to $100 or lower
- Delay of at least 12 hours before activation of new soft token on mobile device
- Notifications to be sent to existing mobile number or e-mail for requests to change these details
- Cooling-off period before implementing requests to make key changes, such as contact details
Additional Measures to Strengthen the Security of Digital Banking
The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) today announced additional measures to further safeguard customers from digital banking scams. These measures complement those announced on 19 January 2022.
In consultation with MAS and the Singapore Police Force (SPF), banks are progressively implementing the following additional measures, which will be in full effect by 31 October 2022:
- require additional customer confirmations to process significant changes to customer accounts and other high-risk transactions identified through fraud surveillance;
- set the default transaction limit for online funds transfers to S$5,000 or lower;
- provide an emergency self-service “kill switch” for customers to suspend their accounts quickly if they suspect their bank accounts have been compromised;
- facilitate rapid account freezing and fund recovery operations by co-locating bank staff at the SPF Anti-Scam Centre;
- enhance fraud surveillance systems to take into account a broader range of scam scenarios.
To minimise the risk of navigating to fraudulent websites, bank customers are strongly encouraged to use mobile banking apps, as opposed to web browsers. Banks will continue to enhance the functionality of their banking apps and assist customers to make the transition towards greater use of these apps. To ensure sustained investment in the industry’s anti-scam initiatives, an ABS Standing Committee on Fraud, comprising the seven domestic systemically important banks, will take forward the work of the Anti-Scam Taskforce established in 2020. The Committee will report directly to the ABS Council and will drive the industry’s anti-scam efforts, implement robust measures to safeguard customers, and reinforce public confidence in the security of digital banking. Under the Committee, the on-going anti-scam work of the industry will be formalised into the five key workstreams covering: customer education; authentication; fraud surveillance; customer handling and recovery; and equitable loss sharing. The Committee will work alongside member banks to continually review and enhance anti-scam measures for effectiveness and relevance as the scam landscape evolves.
DBS, OCBC, UOB customers can lock up savings to guard against scams; funds must be unlocked in person
DBS, OCBC and UOB on Monday (Nov 27) announced new money-locking features for customers to guard against scams.
Customers will be able to lock up their funds using their app or internet banking, and these funds can be unlocked when customers visit bank branches to verify their identity. OCBC customers can also use ATMs to do so.
DBS is progressively rolling out its features from Monday, while OCBC and UOB will start on Thursday:
- DBS - DBS' new feature, called digiVault, enables customers to lock up their money digitally in a designated account, from which funds cannot be digitally transferred out.
- OCBC - Unlike DBS and UOB, OCBC customers will not need to open a new bank account to use its Money Lock feature. Funds can be locked using the app or internet banking.
- UOB - UOB customers can open new LockAway accounts that do not allow digital payments and outbound transfers.
DBS, OCBC and UOB to roll out 'money lock' feature that lets customers block savings from digital transactions
Major banks are turning to the “money lock” feature to make it harder for fraudsters to siphon money.
PHOTO: The Straits Times
A new security feature that allows bank customers to block their savings from digital transactions will be rolled out by major banks DBS, OCBC and UOB by the end of November.
Once locked in, the money cannot be transferred through digital means, but can be moved only in person at an ATM or at a branch, depending on the bank.
The "money lock" feature is the latest measure adopted by banks to make it harder for fraudsters to siphon money out of a hacked account. This comes as scams continue to plague the nation, with more than 750 victims losing at least $10 million in total after falling prey to malware scams in the first half of 2023.
‘Money lock’ activated for about 38,000 Singapore bank accounts, protecting over S$3.2 billion in savings
Launched by local banks in November, the “money lock” feature helps to mitigate losses if a customer’s digital access to bank accounts is compromised. PHOTO: BT FI
THE “money lock” feature offered by local banks – which lets customers set aside funds so they cannot be transferred – has been activated on about 38,000 accounts in Singapore, with over S$3.2 billion of savings set aside, said Deputy Prime Minister Lawrence Wong on Wednesday (Jan 10) in a written parliamentary answer.
Launched by local banks in November, the feature helps to mitigate losses if a customer’s digital access to bank accounts is compromised.
Wong was replying to Member of Parliament Saktiandi Supaat, who asked for data on the take-up rate of the feature. The Monetary Authority of Singapore (MAS) is working with other major retail banks to introduce the money lock feature as well, said Wong.
Banks to have more anti-scam measures by Oct 31, including 'kill switch' to freeze accounts
The slew of measures to stop digital banking scams will be implemented by Oct 31, 2022 FOTO: KUA CHEE SIONG
An emergency self-service "kill switch" that lets customers freeze their bank accounts if they suspect that their accounts have been compromised is among a slew of measures that will be introduced to stop digital banking scams.
They will be implemented by Oct 31, said the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) on Thursday (June 2). The measures complement those announced on Jan 19, which include the removal of clickable links in e-mails or SMSes sent to retail customers and having a delay of at least 12 hours before activation of a new soft token on a mobile device.
Among the added measures is having the default transaction limit for online fund transfers set to $5,000 or lower a day. Additional customer confirmations will be required to process significant changes to customer accounts and other high-risk transactions identified through fraud surveillance. Fraud surveillance will be bolstered as well to take into account a broader range of scam scenarios. Banks will also facilitate rapid account freezing and fund recovery operations by co-locating bank staff at the Singapore Police Force (SPF) Anti-Scam Centre.
To fight scams, Singapore banks set up anti-mule team, hire ex-police officers
Unusual transactions or account activities that do not tally with a customer’s profile – these are the red flags that Mr Darren Eu looks out for in mule accounts.
For instance, an account holder making large deposits and withdrawals over consecutive days without a clear reason. They could have been deceived into giving away their banking credentials to scammers as part of a "job". “No customer will admit they are a money mule, so it is our job to find out,” said Mr Eu, an investigation specialist with DBS’ anti-mule team.
Set up in September last year, the team, which is part of a broader anti-scam squad, is made up of eight former police officers and bank employees. Their job is to eliminate money mules – people who allow criminals to control their bank accounts and in doing so, help scammers move illicit money out of the financial system:
- DBS - Singapore's biggest bank, formed its anti-scam squad in 2019. The squad includes more than a dozen people monitoring fraud alerts round-the-clock.
- OCBC - Consolidated its anti-scam and fraud functions under one department then tripled its headcount for the team to more than 100.
- UOB - Declined to reveal how big its anti-scam team is, citing operational sensitivities.
Negligent banks, telcos may be held responsible for scam victims’ losses as part of proposed measures
Financial institutions and telecommunication companies (telcos) in Singapore may have to compensate their customers who have fallen prey to scams if they are found to have breached their responsibilities.
These responsibilities prescribed under a proposed framework include failure by banks to send outgoing transaction alerts to consumers and telcos failing to implement a scam filter for SMSes. As a start, the framework will focus on phishing scams which account “for a sizeable proportion of unauthorised transactions” here.
These are among the proposals put forth by the Monetary Authority of Singapore (MAS) and the Infocomm Media Development Authority (IMDA) on Wednesday (Oct 25) in a long-awaited consultation paper on how losses arising from scams will be shared between companies and consumers. The shared responsibility framework was first announced in February 2022 after close to 800 OCBC customers lost a combined S$13.7 million to scammers.
related: Singapore banks to allow customers to 'lock up' funds in latest move to guard against scams
DBS, UOB become latest banks to restrict access if unverified apps are found on customers' phones
Local banks DBS and UOB are rolling out new anti-scam security measures that include restricting customers from accessing the banks’ digital services on their mobile phones if apps from unverified app stores – also known as sideloaded apps – are detected.
They are the latest banks in Singapore to do so – after OCBC and Citibank – amid a spate of malware scams targeting users of Android devices. DBS said on Tuesday (Sep 26) that its new anti-malware tool for Android phones seeks to prevent scammers from fraudulently logging into customers’ accounts by restricting app access if it detects potential risks.
One such security risk is the presence of malware or malicious applications on customers’ phones. This new function has gone live, the bank’s head of legal and compliance Lam Chee Kin told CNA.
Singapore introduces potent anti-scam measures
Singapore will step up efforts to stamp out phishing and spoofing, ministers told the island nation's parliament on Tuesday. The topic earned ministerial attention after instances of attacks and scams soared recently. The standout example is the attack on Southeast Asia's second-largest bank, the Oversea-Chinese Banking Corporation (OCBC). In the OCBC bank scam, threat actors stole a combined SG$13.7 million ($10.2M) from 790 customers by spoofing text messages in what minister of finance Lawrence Wong referred to as "by far the most serious phishing scam seen" in Singapore.
Wong detailed [VIDEO] several ways banks would be expected to improve security, including using more diverse machine learning algorithms to strengthen fraud detection tools to identify suspicious transactions. Banks will also be required to block suspicious transactions in a more consistent fashion, require additional customer confirmations for high-risk transactions or changes to account details, expand biometric technology, and accelerate adoption of – and preference for – mobile banking apps. "These [measures] will introduce some frictions to customers undergoing genuine transactions," Wong predicted, "but we will all need to adapt and get used to these inconveniences." Furthermore, Wong said customers and banks would have a shared responsibility for any losses in the future in order to prevent a "weaken[ed] incentive to be vigilant" on the part of the customer.
Communications and information minister Josephine Teo then highlighted new and future measures to prevent cyberscams – including an enhanced effort by the government to block malicious websites. "In 2020, we blocked about 500 suspected scam websites, by 2021 the net was cast much more widely and 12,000 were blocked,” said Teo. She noted the government had the capacity to block more, but that it could become a futile game of whack-a-mole as scammers react quickly and dynamically to circumvent the measures. Teo revealed that at the peak of the OCBC phishing expedition, which lured customers to a website identical to the bank's and incentivized them to input their credentials, the government blocked 52 sites related to the scam in one day.
Combating Online Scams
The Singapore police force has joined hands with social media giant Meta in a concerted effort to combat the burgeoning issue of online scams and eliminate suspicious content from the digital landscape. Online scammers have been honing their craft, using enticing advertisements on platforms such as Facebook and Instagram to bait unsuspecting victims, leading to an alarming surge in scam cases.
According to the police, the first six months of this year saw victims losing a staggering S$334.5 million to scams. This marked a 64.5% increase in scam cases, hinting at the escalating severity of the situation. The demographic that was found most vulnerable to such scams were young adults between the ages of 20 to 39. They primarily fell prey to e-commerce, job, and phishing scams, highlighting the diverse nature of the scamming strategies employed. Scammers have been leveraging a variety of channels to reach their potential victims. These include messaging platforms, social media, phone calls, online shopping platforms, and even text messages. An alarming trend that emerged was the rise in malware scams targeting Android device users. Over 750 cases were reported, with victims suffering losses amounting to at least S$10 million, including a substantial S$218,000 from CPF savings.
This rising trend of online scams has far-reaching implications, not just for individuals but also for the larger digital ecosystem. The collaboration between Singapore police and Meta could pave the way for more such alliances between law enforcement agencies and tech companies, potentially creating a safer online environment. While this is a step in the right direction, it is crucial for individuals to remain vigilant and exercise caution while navigating the digital space.
Spate of Online Scams
68-Year-Old Woman Loses Over S$72,500 to Malware-Laden App
In the digital age, cybercrimes are becoming a frequent occurrence worldwide. Singapore, one of the technologically advanced nations, is no exception to this trend. Recently, several individuals have fallen prey to scams involving malware-infected apps downloaded from third-party sites. These scams, often initiated through social media advertisements, have led to substantial financial losses for the victims.
Primarily, the scams unfold with victims responding to advertisements on platforms like Facebook. They are subsequently directed to download an app to facilitate their transactions. Unbeknown to them, these apps are infected with malware, enabling scammers to gain control over their devices and, consequently, their bank accounts. The victims are then subjected to unauthorized transactions, leading to considerable amounts being drained from their savings.
In one alarming instance, a 68-year-old woman lost over S$72,500 from her bank account after downloading a third-party app. She believed the app was required to list her items for sale. The woman was enticed by a Facebook advertisement from a recycling company that expressed interest in buying pre-loved furniture and electronics. After contacting the supposed buyer via Facebook Messenger, she downloaded the app, unaware of the imminent threat. Once the app was installed, the scammers managed to raise her transaction limit and transferred a total of S$72,500 out of her account. Upon realization of the financial loss, the victim and her son lodged a police report. The incident is currently under investigation.
DEEPFAKE VIDEO OF PM LEE PROMOTING SOME INVESTMENT SCAMS
Prime Minister (PM) Lee Hsien Loong appears to be promoting a crypto-trading video on the Beijing-based news outlet China Global Television Network (CGTN). Yes, PM Lee seems to be discussing the benefits of a hands-free crypto trading platform, which boasts the ability to compute algorithms, analyse market trends, make strategic investment decisions, and execute trades—all autonomously, without any manual input from the user.
On 29 Dec, PM Lee shared a recent deepfake video that has been circulating online. Elaborating on the type of scam involved, PM Lee explained that scammers employ AI (artificial intelligence) technology to mimic our voices and images. They transform real footage of us, taken from official events, into very convincing but entirely bogus videos of us purportedly saying things we have never said. PM Lee urged people not to respond to such scam videos, which promise guaranteed returns on investments.
DEEPFAKE VIDEO OF DPM LAWRENCE WONG SELLING SOME INVESTMENT SCAM
Deepfakes are media that have been altered by AI to look or sound like someone. In the video, DPM Wong’s mouth is altered to synchronise with a fake voiceover that sounds like him. Yes, the voiceover mimics the pitch and intonation of DPM Wong’s actual voice. Don’t believe me? You can watch the deepfake video here.
Notably, the video was made from modified footage of DPM Wong giving an interview recorded by The Straits Times. The deepfake video promotes an investment scam, even using terms reminiscent of a DPM speech, like “my dear Singaporeans”.
Artificial Intelligence Impersonation
He said such advertisements, which tend to surface after a major speech or announcement with lots of media coverage, have re-emerged in the past few days.
“If the ad uses my image to sell you a product, or asks you to invest in some scheme, or even uses my voice to tell you to send money, it’s not me,” he added.
related: