Police warn against phishing scams impersonating as banks

SINGAPORE: The Singapore Police Force (SPF) warned members of the public on Thursday (Mar 17) against phishing scams involving the impersonation of banks, such as POSB, HSBC and UOB.

According to the police, the scammers would impersonate banks using three scam variants.

In the first variant, scammers would claim to be conducting surveys via spoofed emails.

Victims would receive an email claiming to be from a bank. The email would indicate that the victim had been selected to participate in a survey and would receive a cash reward upon completion of the survey.

After clicking on the URL embedded within the email, the victims would be redirected to a phishing website to complete the survey. Upon completion of the survey, the victims would be instructed to provide their credit/debit card details and the one-time password (OTP). 

Believing that the information was required to process the cash reward, the victims would provide the details requested by the website. 

Victims would only realise that they have been scammed when they discovered unauthorised transactions made using their credit/debit card.

SPOOFED BANKING PRODUCT SMSES

The second variant would see spoofed SMSes promoting a banking product sent to victims.

The SMSes would include embedded spoofed links or numbers that the victims could contact to find out more about an ongoing banking promotion, such as fixed deposits or high interest rate savings promotions. 

After clicking on the spoofed links, victims would be redirected to a phishing website where they would be instructed to provide their credit/debit card details and OTP. 

In some cases where victims called the indicated number, the scammer would impersonate as a bank staff member and ask victims to transfer funds to a specific account number, claiming that this was the new account that they had opened for the victim as part of the promotion.

VIDEO CALLS

In the third variant, scammers would video call victims with a bank logo as a backdrop via messaging applications such as WhatsApp.

In the unsolicited call, scammers would claim to be from a bank, informing victims that unauthorised access to their bank account was detected. 

Under the pretext of assisting to resolve the issue, the caller would request for the victims’ personal particulars and bank login details. 

Victims would only realise that they have been scammed when they discovered unauthorised transactions in their bank account.

CRIME PREVENTION MEASURES

The police advised members of the public to observe these crime prevention measures:

• Note that the banks do not send retail customers emails and SMSes that contain clickable links;
• Always verify the email address of the sender to ensure that it matches the company that it is representing;
• Always verify the authenticity of the information with official sources by contacting the bank directly;
• Never disclose your personal particulars, bank login details, credit/debit card details and OTP to anyone;
• Always check the merchant indicated within the OTP SMS received. Never input the OTP if you do not recognise the merchant in the SMS; and
• Report any fraudulent activity in your bank account to your bank immediately.

Those with any information relating to such crimes can call the police hotline at 1800-255-0000 or submit it online. 

For more information on scams, members of the public can visit the scam alert website or call the Anti-Scam Hotline at 1800-722-6688.

A recent spate of SMS phishing scams targeting bank customers resulted in hundreds of OCBC Bank customers falling prey to online phishing scams in December 2021, with a total of S$13.7 million lost. 

In February this year, the police said they had observed at least 900 cases of phishing scams since January, and also warned of the re-emergence of phishing scams involving the impersonation of police officers.