S'pore woman loses S$94,000 to scammers over 3 days, only realises when police calls to tell her

The scammers identified themselves as officers from Singtel and the CSA, and sought her cooperation to catch hackers who supposedly compromised her IP address.

Nigel Chua | June 05, 2020, 08:33 PM

The Covid-19 pandemic has disrupted almost every aspect of everyday life in Singapore.

As people in Singapore are only allowed to go out for certain prescribed purposes, much of life has shifted into the online space. Telecommuting is the norm for most, with video calls becoming the default way for many to connect with those from different households.

Scammers have been actively operating online as well, with 151 phishing scams reported to the police between Apr. 7 (when the circuit breaker started) and May 7.

Here's how one group of scammers capitalised on the uncertainty and anxiety of life during the circuit breaker period to win the trust of a 61-year-old woman in Singapore, and scammed her of a total of over S$94,000 through multiple calls made over three days.

The first red flag: A "Singtel officer" who wanted to "ensure her online banking was safe"

The woman, who wanted to be known only as Bavara (not her real name), runs a business development consultancy firm that works with small companies.

One week into the circuit breaker period, Bavara, a Singapore Permanent Resident who has been living here for 20 years, received a call from one "Peter Costa" claiming to be from Singtel.

Her Singtel IP address had been compromised by hackers, he said, claiming that her IP address had been used for "major transactions" that were being monitored by the Cyber Security Agency (CSA).

His role, he explained over the call, was to work with Bavara, to "ensure that her online banking was safe".

Bavara can't recall if the scammer knew her name from the get go, but admitted that she let her guard down at the caller's mention of Singtel as she was indeed a Singtel customer.

She said she also previously needed to speak with Singtel staff over the phone to troubleshoot issues — thus a call of this nature did not feel unusual to her.

The man, who claimed that his name was "Peter Costa", even volunteered his "employee ID" and telephone number.

2nd red flag: Getting her on TeamViewer to share screens

Concerned about the fact that the case involved CSA and hackers, Bavara agreed to work with the alleged Singtel officer.

To do this, "Peter Costa" instructed her to download TeamViewer, a software that allows users to share their screen with other users — and also allow remote control — over the internet.

As Bavara had used TeamViewer with tech support staff at her office previously, she did not suspect anything amiss at this point.

The scammers had also not asked Bavara for money yet.

3rd red flag: A "letter of authorisation" from a bank not associated with the company the caller claimed to be from

In fact, they even provided Bavara with a "letter of authorisation", which had a DBS letterhead. The letter indicated that the person Bavara was dealing with on the phone was authorised to take action on her case.

"I didn't really think of calling the bank and verifying it," she said.

"He was very confident. He was very polite. He was very knowledgeable... I asked him all kinds of questions, and he had good answers to everything."

After going through Bavara's email and bank account details over TeamViewer, the scammer said, "we have identified nine hackers".

He explained that while some were located in Singapore, others were based overseas.

This, the scammer said, meant that the case would have to be brought to the attention of the CSA, and told Bavara that a CSA officer would be calling her shortly.

"I mean, it was pretty real," she said.

"CSA officer" calls Bavara

Bavara said the scammers were "pretty convincing" especially because of the detailed information they were sharing with her, including telling her about how the hackers were allegedly doing illegal Bitcoin transactions using her IP address.

So the "Singtel" scammer hung up, and a second caller (allegedly from the CSA) told her that these illegal transactions would be traced back to her unless she worked with them to trap the hacker.

And then, the final, fatal flaw: sharing OTPs

"And then, I did something which in hindsight, I should not have done," Bavara said. "I shared OTPs [one-time passwords]."

The second caller claimed he needed to carry out "fake transactions" that would help him "track down the hackers" who were responsible, and Bavara agreed to help.

The "CSA" caller also told Bavara that they were confident of being able to track down the hackers.

"They also told me that the Singapore government has provided a budget for the Cyber Security Agency to actually go after cyber crime sort of cases."

This budget, he told her, would be used to reimburse the amounts transferred out of her accounts subsequently.

They reassured her that the large amounts involved in the transactions were necessary, and had to be large enough in order "to lure the hackers in".

Conveniently, Bavara was also instructed by the second scammer that she should not tell anyone about what was going on.

And so the scammers gained access to two of her bank accounts, making six transactions siphoning off some S$170,000. Without her realising.

And then, the police called

The situation turned around, however, when two days after her first scammer calls, Bavara received a call from the police, who informed her that they were contacted by DBS about her being a victim of a scam.

It turned out the bank was able to flag two of the outgoing transactions as suspicious, blocked them and then notified the police.

"I was angry with myself in the first place, that I was tricked into this thing," she said. "I wasn't critical enough."

"I was angry and then I was overwhelmed. And then I was a bit frightened actually."

After the call from the police, Bavara quickly took action to follow up with her other bank, Standard Chartered, to undo the transfers.

She was also able to make arrangements to block all her accounts and credit cards.

"I was pretty grateful," she said, as the call came in time for her to take action to cut off the scammers' access and take steps to block the outgoing transactions. "I didn't lose it all."

Her banks were, thankfully, able to block four of the six transactions in question.

Scammers try to contact her again

The next day, Bavara received more calls from the scammers.

Although she blocked all of these calls, which came from "various numbers", she suspects that the scammers were trying to get her to reinstate the transactions that were blocked the day before.

"Not at all" a likely victim

Asked whether she had previously thought that she would be a victim of such scams, Bavara said, "not at all."

"I consider myself pretty switched on, pretty in the middle of things," she said.

However, what was different was that "I never before experienced this relatively scary situation of Covid-19, and restrictions, total lockdown."

"I was anxious in general," she explained. "Not in my normal kind of environment."

Effect of circuit breaker period

She also thinks things would have been different if the call did not come during circuit breaker period, explaining that the imposition of movement restrictions had already given her some anxiety.

If not for the circuit breaker, she says she would have been in the office with colleagues, instead of being alone at home, and she would likely have been busy with work when the call came in.

"So I would have probably said, I don't have time at the moment, can I call you back in 15 minutes or something like that."

Bavara admits she can't say for sure how this 15-minute delay would have made a difference to the final outcome.

However, if the call had come in ordinary circumstances, she said that she could have asked the people around her for advice on the situation instead of having to deal with it while being alone at home.

Advice for others

Bavara now realises the importance of being able to take a step back from the situation, even though her scammers "make it very urgent".

"10 minutes, sitting down and taking a step back and thinking. 10 minutes doesn't change, even if [your security] actually [has been] compromised."

Taking these 10 minutes to verify the identity of the caller could make a difference to the situation, however, she said.

Phone scams: 70 per cent of victims are aged between 40 and 75 years old

Scams involving scammers who pretend to be technical support staff from local telecommunication service providers such as Singtel and StarHub are not new.

According to the Singapore Police Force (SPF), there were at least 50 such victims in October 2019.

More recently, victims of Tech Support scams have lost at least S$7.7 million to scammers between January to April 2020, compared to S$169,600 in the same period last year, SPF said.

English is the main medium of such scams, and the largest sum cheated in a single case was S$958,500.

About 70 per cent of victims are aged between 40 and 75 years old, SPF said.

Related stories:

Top image via @enginakyurt on Unsplash