DBS bank issued an alert on Jan. 19 about SMS phishing scams after a customer received a message about the "suspension" of his account.
A screen shot of the message was then circulated online.
The message, a scam SMS, attached a clickable link to confirm details of the recipient as it informed the customer that access to some services had been "cut off".
In a Facebook post, DBS urged customers not to click on the link in the SMS.“DBS will never ask for your account details or OTP (one-time password) over the phone, email or SMS. Please be assured that we are actively taking down such phishing sites,” the post said.
Some S$8.5 million were lost recently after 469 OCBC bank customers fell victim to a SMS phishing scam.
It has since been shown that spoofing SMS messages to look like they originate from a legitimate sender is relatively easy to do without the use of sophisticated technology.
How phishing scam works
OCBC customers received an SMS informing them that a new payee has been added to their account.
The scam SMS appears in the same SMS thread that has been used to disseminate legitimate OCBC SMSes.
The victims are instructed to click a link to verify or refute the addition of the new payee, but will first be led to a phishing website disguised as the OCBC website, where they would type in their username and password, and also provide their one-time password.
Once the scammer gains access to the victims' accounts, daily withdrawal limits can be raised and money can be transferred out.
OCBC subsequently sent out warnings via SMS to alert customers to the scam.
The SMS warnings then appeared in the same thread below the scam SMS.