Phishing scams where scammers would impersonate as bank staff and target victims through SMSes are on the rise.
The Singapore Police Force (SPF) and DBS put out a joint statement on June 8 warning members of the public against clicking into links in SMSes purportedly sent by banks.
"Banks will never send any SMS with clickable links," said the statement.
DBS and SPF work together on various anti-scam efforts.
Over the past month, they have have protected over 600 customers from various scams typologies and successfully recovered S$173,000 of losses.
Recent phishing scams have caused about 60 victims to each lose between S$60 and S$3,000.
Scammers claim to be from DBS Bank
In the latest variant of these scams, members of public would receive unsolicited SMSes from senders with names such as “SG-DBS” or “DBS-Notice”.
The SMS would claim that their card had been blocked due to unusual activity, or that their bank account had been frozen because of suspicious activities.
The SMS would direct victims to click on an embedded link to verify their identity.
The link leads to a spoofed internet banking log-in page where victims would be asked to key in their online banking username and password, as well as the One-Time Passwords (OTPs) received on their mobile phones.
The scammers would then make unauthorised transactions from the victims' bank accounts.
Here are some examples of DBS SMSes and URLs that are not legitimate:
The bank said that it may be necessary for DBS to take short-term measures that may lead to "friction or delay to transactions" in order to disrupt the scams and protect their customers due to the widespread nature of this current campaign.
"Members of the public should be prepared for such delays, and their understanding is appreciated," said the statement.
Top images by DBS and Mothership.