S$1.07 million lost to scammers who spoofed banks' SMS accounts from Jan-May 2021

Some of the messages could appear in the same SMS conversation thread as an actual message from the bank.

Matthias Ang | July 10, 2021, 11:49 AM

From January 2021 to May 2021, there were 374 cases of banking-related phishing scams, which saw a total loss amounting to about S$1.07 million.

Money was lost through messages that spoofed the actual SMS accounts of banks

According to a press release by the Singapore Police Force (SPF), such scams would take the form of messages being sent to victims, allegedly from the bank, informing them about payment attempts detected from their own accounts.

These messages would also provide a link for victims to click on if they did not make the transactions.

In addition, as the scammers had spoofed the bank's SMS accounts, the message could appear in the same SMS conversation thread as an actual message from the bank.

Once victims clicked on the link, they would be led to a phishing website, resembling a bank's official website, requesting for their personal particulars, internet banking details and One-Time Passwords (OTPs).

Upon providing the details, victims would realised they were scammed after receiving SMSes on money being transferred from their bank accounts.

OTPs and internet banking login details will never be requested over the phone

In the event that members of the public receive such messages, they are advised to:

  • Not click on the URLs or call the numbers provided,
  • Verify the authenticity of the information with the official website,
  • Never disclose personal internet banking particular and OTP to anybody, and
  • Report any fraudulent credit/debit card charges to the bank and cancel the card immediately.

The police further highlighted that bank staff and government officials will never request for the public's internet banking login details and OTPs over the phone.

Top image collage via SPF