Police and DBS warn about SMS phishing scams

SINGAPORE: The police and DBS Bank have warned about a recent spate of SMS phishing scams that trick customers into keying in their online banking username and password.

In a joint statement on Wednesday (Jun 8) night, they said there has been an "increasing trend" of phishing scams where the scammers would impersonate bank staff.

"Please note that banks will never send any SMS with clickable links. Members of the public should not click on links in SMS that are purportedly from banks," said the statement.

In the latest variant of such scams, members of the public would receive unsolicited SMSes from senders named “SG-DBS” or “DBS-Notice”, among others.

The SMSes claim that the customer's card had been blocked due to unusual activity, or that their bank account had been frozen because of suspicious activities. 

The SMS would direct victims to sign in via an embedded link to verify their identity. 

Upon clicking on the link in the SMS, the victim would be directed to a spoofed Internet banking log-in page, where victims would be asked to key in their online banking username and password. 

They would be redirected to another spoofed webpage requesting them to key in the one-time passwords (OTPs) received on their mobile phones. 

Victims would realise that they had been scammed when they discovered unauthorised transactions had been made from their bank accounts.

"DBS and the police have collaborated on various anti-scam efforts," said the statement.

In the last month, more than 600 customers have been "protected from various scam typologies due to active surveillance", and losses totalling S$173,000 were recovered.

But about 60 victims have each lost between S$60 and S$3,000 due to the recent phishing scams, said the bank and police.

"This could increase if accounts continue to be compromised," they added.

In a Facebook post on Wednesday, DBS reminded its customers to be alert due to an "ongoing and widespread SMS phishing scam".

"DBS will never send you any SMS with clickable links. To safeguard our customers, we may take short term measures to disrupt the scammers and seek your understanding on any potential inconvenience/delay in transactions," the bank said.

The joint statement between the police and the bank said these short-term measures "may lead to friction or delay to transactions" in order to disrupt the scams and protect customers.

The bank declined to comment further when asked about these short-term measures.

"Members of the public should be prepared for such delays, and their understanding is appreciated," said the joint statement.

Customers who suspect they have been a victim of a scam can call DBS’ dedicated fraud hotline at 1800-339-6963 (from Singapore) or +65 6339 6963 (from overseas) and speak to a DBS Customer Service Officer, or activate the Safety Switch to temporarily block access to their funds. 

DBS will assist such customers with necessary follow-up actions, including replacing their cards and lodging the fraud report, said the joint statement.

On Sunday, police said that at least 28 victims have lost about S$114,000 since May this year after giving their personal details and OTPs to scammers posing as bank employees.

A recent spate of SMS phishing scams affected hundreds of OCBC Bank customers, with a total of S$13.7 million lost.