Police warn of new SMS scam, S$120,000 lost so far by at least 18 victims
SINGAPORE — At least 18 victims have fallen prey to a Short Message Service (SMS) scam since the start of this month, with losses amounting to at least S$120,000, the police said on Monday (Jan 31).
In its advisory, the police said that victims would receive an SMS stating that there were issues with their credit or debit cards. The scam message would prompt them to dial a number for assistance.
Over the phone, the scammers would ask victims for their card details and One-Time Password (OTP) under the pretext of assisting them.
Victims would only realise they had fallen prey to a scam after discovering fraudulent transactions made on their debit or credit card.
“Members of the public are advised to be aware of such fake SMS as they are not official SMS disseminated by any of the banks or credit or debit card issuers,” the police said.
Scam cases, particularly those involving banks, have been in the spotlight since the start of the year.
On Jan 30, OCBC bank announced that it had made arrangements for goodwill payments totalling S$13.7 million to 790 of its customers who had fallen prey to an SMS phishing scam.
DBS bank issued an alert on Jan 19 about SMS phishing scams after a screenshot of a message received by a customer about the "suspension" of his account was circulated online.
The police on Monday issued the following scam prevention advisory to members of the public:
• Always verify the authenticity of the information with the numbers listed on the official bank website or printed on the cards issued by the banks
• Never transfer funds into bank accounts belonging to someone you do not know
• Never disclose your personal information, credit or debit card details or OTP to anyone
• Report any fraudulent transactions to your bank immediately
The authority urged anyone with information relating to such crimes to call the police hotline at 1800-255-0000, or submit it online at www.police.gov.sg/iwitness. Those requiring urgent police assistance are advised to dial 999.
OCBC completes arrangements to fully reimburse all phishing scam victims, who total 790 with combined losses of S$13.7m
SINGAPORE — OCBC has completed arrangements to fully reimburse all victims of a recent SMS phishing scam with "goodwill payments" to 790 customers totalling S$13.7 million — significantly higher than the figures initially reported.
The bank had said on Jan 19 that it would be making arrangements with all customers who were victims of the scam to fully reimburse them by the end of last week.
"OCBC Bank would like to update that this has been completed," OCBC said in a statement on Sunday (Jan 30).
The bank said that of the total money lost by its customers, about 80 per cent was lost during the year-end festive period of Dec 23 to Dec 30 last year.
"During this period, the calls made to the bank’s contact centre surged by over 40 per cent," OCBC said.
At the end of last month, the Singapore Police Force said that at least S$8.5 million from 469 victims were lost due to scams involving SMSes impersonating OCBC.
OCBC said that more police reports were made and submitted to the bank since the start of this year, and that on top of those who had made police reports, the bank had also reached out to victims who were not aware they had been scammed.
Last week, OCBC said that it has stepped up its security measures, including initiating transaction notifications for fund transfers through PayNow and inter-bank payments for amounts as low as one cent.
The bank said on Sunday that there had not been any further fraudulent transactions in relation to this scam over the past few weeks.
"More than 200 customers were prevented from falling prey due to our enhanced measures following the initial wave of scams," OCBC added.
Investigations by the bank have also found that victims who fell prey had provided their online banking log-in credentials and one-time PINs to phishing websites, thereby "enabling the scammers to take over their bank accounts and make fraudulent transactions".
"Nonetheless, OCBC Bank decided to make the full payout as a one-off gesture of goodwill given the circumstances of this scam," it said.
"We also took into consideration that our customer service and response fell short of our own expectations, that could have affected loss mitigation in some of the cases."
Crybaby Helen Wong hopes those who were scammed will forgive her for her ineptness after the bank's goodwill payments. Let's all move on shall we? Till the next spate of scams explodes in our faces that is. ;)
“It was like fighting a war,” said OCBC group chief executive Helen Wong of the massive phishing scam that hit the bank.
The war escalated quickly as deposits drained from compromised bank accounts, even as bank staff scrambled to shut down transfers to mule accounts. “As we blocked the mule accounts, the fraudsters somehow managed to find new mule accounts for the money to be paid into,” said Ms Wong, in an exclusive interview with The Straits Times.
Describing the attacks which took place as “fast and furious” and well-strategised, she said some funds were immediately remitted overseas as the scammers had fraudulently added new payees abroad.
When the first phishing scams surfaced in early December at OCBC, there were only a few cases, but a team in the bank was already investigating this, said Ms Wong on Friday.
On Dec 3, the bank posted a security advisory on its website, warning customers of the phishing attacks. As more phishing websites were detected, the bank’s anti-fraud team alerted domain providers to take them down.
Further warnings were issued to customers, but the situation worsened in the days leading up to Christmas. The bank knew it had a crisis on its hands.
The fraudsters had picked a clever time to attack, when people were winding down for the Christmas holidays, with some victims travelling overseas and not paying attention to their accounts, said Ms Wong.
OCBC issued text messages and pushed alerts to its one million customers to warn them of the attacks. A media advisory was also issued on Dec 23.
But over the Christmas weekend, another 186 customers fell prey, losing about $2.7million.
While the bank’s front-line staff tended to victims, much more was going on behind the scenes to manage the crisis.
By Christmas, more than 100 people were working to fight the scams, operating round the clock.
Staff from various departments including fraud risk, and operations and technology teams, were deployed. Leave was cancelled and staff were recalled. Some who had retired were asked to come back to help, said Ms Wong.
Besides working to detect and stop the fraudulent transactions, there were staff who spent whole days just trawling through clients’ portfolios to check if there were any suspicious transactions, said Ms Wong, who meets her top management team every day.
With all hands on deck, the anti-fraud team managed to detect and stop suspicious transactions in more than 200 customers’ accounts.
“Some customers did not even know that their accounts had been hacked when our officers called them,” she said, adding that the team also managed to trace and recover some of the lost amounts. She did not reveal further details on this.
The bank’s hotline was jammed as worried customers called to make inquiries even though they did not receive the phishing messages. The volume of calls to the bank surged by 40 per cent, she said.
Staff from other departments were also deployed to help the call centre. Even so, some customers were unable to reach the bank in time.
“We feel very sorry about it, that they could not reach us promptly to report the scams. They do expect quick answers and assistance to stop the transactions that were occurring. And we fell short of their expectations and our own service standards,” said Ms Wong.
Apologising repeatedly during the interview at OCBC Centre, she said: “This truly bothers me. I feel truly sorry for the victims, and OCBC can and will do better. This is very important.”
Ms Wong, 60, became the first female chief executive to head a Singapore bank when she took over from Mr Samuel Tsien in April last year. The veteran banker was formerly the chief executive of HSBC in Greater China.
She said the decision to pay all customers their losses as a gesture of goodwill was made early this month, and the bank had been doing so since Jan 8.
But there were several moral hazards the management team had to consider, which was why she did not announce it then.
One was whether customers might let their guard down, thinking they would get remediation if they were scammed.
The move could also invite alleged victims of past cases to call the bank now, when the focus was on the current scam.
And if scammers knew that banks in Singapore were willing to back their customers, would they focus more on Singapore banks, said Ms Wong, who felt that her decision could set a precedent for the banking industry.
With all that in mind, she said she still felt strongly about making good for the customers, knowing how many had lost their life savings. “I felt that we should help our customers,” she said.
Banks to remove clickable links in emails, SMS sent to customers as part of new security measures
SINGAPORE — Banks in Singapore will be removing clickable links in emails or SMS messages sent to retail customers and set the threshold for funds transfer notifications to customers by default at S$100 or lower. These are part of several measures to protect account holders from phishing scams.
The changes, announced by the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) in a joint statement on Wednesday (Jan 19), will be implemented within the next two weeks.
Other measures that banks will be putting in place include:
• Delaying activation of a new soft token on a mobile device by at least 12 hours
• Sending notification to a customer's existing mobile number or email registered with the bank whenever there is a request to change a customer’s mobile number or email address
• Introducing a cooling-off period before executing requests to important account changes such as in a customer’s key contact details
• Having dedicated and well-resourced customer assistance teams to deal with feedback on potential fraud cases on a priority basis
• More frequent scam education alerts
"MAS expects all financial institutions to have in place robust measures to prevent and detect scams as well as effective incident handling and customer service in the event of a scam," the joint statement read.
"The growing threat of online phishing scams calls for immediate steps to strengthen controls, while longer-term preventive measures are being evaluated for implementation in the coming months."
The banks will continue to work closely with MAS, the police and the Infocomm Media Development Authority to deal with these scams, including coming up with more permanent solutions such as getting all relevant stakeholders to register SMS sender IDs of individuals they wish to protect, MAS and ABS said.
Sender IDs are names that identifies the sender of an SMS message so that a word or phrase (eg. OCBC), instead of a number, is displayed on the recipient's mobile phone.
"MAS is also intensifying its scrutiny of major financial institutions’ fraud surveillance mechanisms to ensure they are adequately equipped to deal with the growing threat of online scams," they added.
OCBC phishing scam: 'Goodwill payouts' for 30 victims to date, all cases to be 'reviewed and validated thoroughly'
SINGAPORE — OCBC has started reimbursing customers who were affected by the recent SMS phishing scam, the bank announced on Monday (Jan 17).
More than 30 customers have already received "goodwill payouts" since the bank began giving them out on Jan 8, while the validation process is still ongoing for the others affected by the scam, OCBC said in a statement.
"The payouts to this group of customers are made on a goodwill basis after thorough verification, taking into account the circumstances of each case," the bank added.
OCBC did not say whether the victims will be fully or partially reimbursed, or how many of the victims will not be eligible for these payments. TODAY has asked the bank for more details.
The bank also "acknowledged that its customer service and response fell short of our customers’ expectations, especially at a time of stress and anxiety", and added that it has set up a dedicated team to support the victims.
"As the investigations into these cases are complex and extensive involving multiple checks and parties, the bank needed more time to get back to affected customers to address their concerns," it added.
"The bank seeks the patience and understanding of all affected customers to allow it the time to properly review and validate each case thoroughly.
"Affected customers will be contacted as soon as the review and validation of their case is complete."
The fraudsters had sent out fake bank alerts that spoofed the bank's official SMS channel with the victims, duping many of them into giving up their personal account information last month.
Several victims previously described to TODAY about their heartbreak and anxiety over suffering such towering financial losses during the holiday season.
Some also said that their OCBC bank accounts were hijacked and emptied by the scammers even though they did not provide the scammers with their one-time password or security token information.
Piyush Gupta must be overwhelmingly grateful to OCBC for making 'em DBS/POSB digital banking services going belly up look like a mere ant bite. At least no monies were lost then.
Jamie Yeo gifted S$1,000 to one of the victims of the OCBC scam saga!
One of the biggest local news stories from the past few weeks was the OCBC scam saga, where hundreds of people lost millions of dollars over Christmas.
Eager to do her part to help, Jamie shared that she will be gifting S$1,000 to one of the victims, the father of a special needs boy who lost his entire savings worth S$250,000, and said that anyone who is keen to lend a hand as well may contact her for his mobile number that’s linked to his PayNow account.
The former radio DJ also urged others who were affected to “fight this” by taking their cases to the Monetary Authority of Singapore (MAS), and highlighted a few more victims’ stories on her page.
I reckon OCBC should temporarily suspend sending out advertising-related SMSes with embedded links in them, as they would just add to the confusion of what is bona fide and what isn't.
Police warn of new SMS scam, S$120,000 lost so far by at least 18 victims
SINGAPORE — At least 18 victims have fallen prey to a Short Message Service (SMS) scam since the start of this month, with losses amounting to at least S$120,000, the police said on Monday (Jan 31).
In its advisory, the police said that victims would receive an SMS stating that there were issues with their credit or debit cards. The scam message would prompt them to dial a number for assistance.
Over the phone, the scammers would ask victims for their card details and One-Time Password (OTP) under the pretext of assisting them.
Victims would only realise they had fallen prey to a scam after discovering fraudulent transactions made on their debit or credit card.
“Members of the public are advised to be aware of such fake SMS as they are not official SMS disseminated by any of the banks or credit or debit card issuers,” the police said.
Scam cases, particularly those involving banks, have been in the spotlight since the start of the year.
On Jan 30, OCBC bank announced that it had made arrangements for goodwill payments totalling S$13.7 million to 790 of its customers who had fallen prey to an SMS phishing scam.
DBS bank issued an alert on Jan 19 about SMS phishing scams after a screenshot of a message received by a customer about the "suspension" of his account was circulated online.
The police on Monday issued the following scam prevention advisory to members of the public:
• Always verify the authenticity of the information with the numbers listed on the official bank website or printed on the cards issued by the banks
• Never transfer funds into bank accounts belonging to someone you do not know
• Never disclose your personal information, credit or debit card details or OTP to anyone
• Report any fraudulent transactions to your bank immediately
The authority urged anyone with information relating to such crimes to call the police hotline at 1800-255-0000, or submit it online at www.police.gov.sg/iwitness. Those requiring urgent police assistance are advised to dial 999.
https://www.todayonline.com/singapore/police-warn-new-sms-scam-s120000-lost-so-far-least-18-victims-1804391
Beware of latest OCBC credit/debit card scam message!
OCBC completes arrangements to fully reimburse all phishing scam victims, who total 790 with combined losses of S$13.7m
SINGAPORE — OCBC has completed arrangements to fully reimburse all victims of a recent SMS phishing scam with "goodwill payments" to 790 customers totalling S$13.7 million — significantly higher than the figures initially reported.
The bank had said on Jan 19 that it would be making arrangements with all customers who were victims of the scam to fully reimburse them by the end of last week.
"OCBC Bank would like to update that this has been completed," OCBC said in a statement on Sunday (Jan 30).
The bank said that of the total money lost by its customers, about 80 per cent was lost during the year-end festive period of Dec 23 to Dec 30 last year.
"During this period, the calls made to the bank’s contact centre surged by over 40 per cent," OCBC said.
At the end of last month, the Singapore Police Force said that at least S$8.5 million from 469 victims were lost due to scams involving SMSes impersonating OCBC.
OCBC said that more police reports were made and submitted to the bank since the start of this year, and that on top of those who had made police reports, the bank had also reached out to victims who were not aware they had been scammed.
Last week, OCBC said that it has stepped up its security measures, including initiating transaction notifications for fund transfers through PayNow and inter-bank payments for amounts as low as one cent.
The bank said on Sunday that there had not been any further fraudulent transactions in relation to this scam over the past few weeks.
"More than 200 customers were prevented from falling prey due to our enhanced measures following the initial wave of scams," OCBC added.
Investigations by the bank have also found that victims who fell prey had provided their online banking log-in credentials and one-time PINs to phishing websites, thereby "enabling the scammers to take over their bank accounts and make fraudulent transactions".
"Nonetheless, OCBC Bank decided to make the full payout as a one-off gesture of goodwill given the circumstances of this scam," it said.
"We also took into consideration that our customer service and response fell short of our own expectations, that could have affected loss mitigation in some of the cases."
https://www.todayonline.com/singapore/ocbc-completes-arrangements-fully-reimburse-all-phishing-scam-victims-who-total-790-combined-losses-s137m-1803146
NO SHIT!
'It was like fighting a war': OCBC group CEO on dealing with recent phishing scams
SINGAPORE - In early December, staff at OCBC Bank started getting calls from frantic customers saying they appeared to be victims of a phishing scam.
As employees from Singapore’s second-largest bank worked to get to the bottom of this, more and more cases started popping up.
By Dec 30, nearly 470 customers had lost at least $8.5 million. Some had savings in the six figures wiped out.
“It was like fighting a war,” said OCBC group chief executive Helen Wong of the massive phishing scam that hit the bank.
The war escalated quickly as deposits drained from compromised bank accounts, even as bank staff scrambled to shut down transfers to mule accounts. “As we blocked the mule accounts, the fraudsters somehow managed to find new mule accounts for the money to be paid into,” said Ms Wong, in an exclusive interview with The Straits Times.
Describing the attacks which took place as “fast and furious” and well-strategised, she said some funds were immediately remitted overseas as the scammers had fraudulently added new payees abroad.
Police investigations are ongoing, and OCBC has said it will pay all victims their losses out of goodwill.
When the first phishing scams surfaced in early December at OCBC, there were only a few cases, but a team in the bank was already investigating this, said Ms Wong on Friday.
On Dec 3, the bank posted a security advisory on its website, warning customers of the phishing attacks. As more phishing websites were detected, the bank’s anti-fraud team alerted domain providers to take them down.
Further warnings were issued to customers, but the situation worsened in the days leading up to Christmas. The bank knew it had a crisis on its hands.
The fraudsters had picked a clever time to attack, when people were winding down for the Christmas holidays, with some victims travelling overseas and not paying attention to their accounts, said Ms Wong.
Between Dec 8 and 17, 26 customers lost a total of $140,000 to phishing scams sent by SMSes impersonating the bank.
OCBC issued text messages and pushed alerts to its one million customers to warn them of the attacks. A media advisory was also issued on Dec 23.
But over the Christmas weekend, another 186 customers fell prey, losing about $2.7million.
While the bank’s front-line staff tended to victims, much more was going on behind the scenes to manage the crisis.
By Christmas, more than 100 people were working to fight the scams, operating round the clock.
Staff from various departments including fraud risk, and operations and technology teams, were deployed. Leave was cancelled and staff were recalled. Some who had retired were asked to come back to help, said Ms Wong.
Besides working to detect and stop the fraudulent transactions, there were staff who spent whole days just trawling through clients’ portfolios to check if there were any suspicious transactions, said Ms Wong, who meets her top management team every day.
With all hands on deck, the anti-fraud team managed to detect and stop suspicious transactions in more than 200 customers’ accounts.
“Some customers did not even know that their accounts had been hacked when our officers called them,” she said, adding that the team also managed to trace and recover some of the lost amounts. She did not reveal further details on this.
The bank’s hotline was jammed as worried customers called to make inquiries even though they did not receive the phishing messages. The volume of calls to the bank surged by 40 per cent, she said.
Staff from other departments were also deployed to help the call centre. Even so, some customers were unable to reach the bank in time.
“We feel very sorry about it, that they could not reach us promptly to report the scams. They do expect quick answers and assistance to stop the transactions that were occurring. And we fell short of their expectations and our own service standards,” said Ms Wong.
Apologising repeatedly during the interview at OCBC Centre, she said: “This truly bothers me. I feel truly sorry for the victims, and OCBC can and will do better. This is very important.”
Ms Wong, 60, became the first female chief executive to head a Singapore bank when she took over from Mr Samuel Tsien in April last year. The veteran banker was formerly the chief executive of HSBC in Greater China.
She said the decision to pay all customers their losses as a gesture of goodwill was made early this month, and the bank had been doing so since Jan 8.
But there were several moral hazards the management team had to consider, which was why she did not announce it then.
One was whether customers might let their guard down, thinking they would get remediation if they were scammed.
The move could also invite alleged victims of past cases to call the bank now, when the focus was on the current scam.
And if scammers knew that banks in Singapore were willing to back their customers, would they focus more on Singapore banks, said Ms Wong, who felt that her decision could set a precedent for the banking industry.
With all that in mind, she said she still felt strongly about making good for the customers, knowing how many had lost their life savings. “I felt that we should help our customers,” she said.
More at https://www.straitstimes.com/tech/tech-news/it-was-like-fighting-a-war-ocbc-group-ceo-on-dealing-with-recent-phishing-scams
Banks to remove clickable links in emails, SMS sent to customers as part of new security measures
SINGAPORE — Banks in Singapore will be removing clickable links in emails or SMS messages sent to retail customers and set the threshold for funds transfer notifications to customers by default at S$100 or lower. These are part of several measures to protect account holders from phishing scams.
The changes, announced by the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) in a joint statement on Wednesday (Jan 19), will be implemented within the next two weeks.
Other measures that banks will be putting in place include:
• Delaying activation of a new soft token on a mobile device by at least 12 hours
• Sending notification to a customer's existing mobile number or email registered with the bank whenever there is a request to change a customer’s mobile number or email address
• Introducing a cooling-off period before executing requests to important account changes such as in a customer’s key contact details
• Having dedicated and well-resourced customer assistance teams to deal with feedback on potential fraud cases on a priority basis
• More frequent scam education alerts
"MAS expects all financial institutions to have in place robust measures to prevent and detect scams as well as effective incident handling and customer service in the event of a scam," the joint statement read.
"The growing threat of online phishing scams calls for immediate steps to strengthen controls, while longer-term preventive measures are being evaluated for implementation in the coming months."
The banks will continue to work closely with MAS, the police and the Infocomm Media Development Authority to deal with these scams, including coming up with more permanent solutions such as getting all relevant stakeholders to register SMS sender IDs of individuals they wish to protect, MAS and ABS said.
Sender IDs are names that identifies the sender of an SMS message so that a word or phrase (eg. OCBC), instead of a number, is displayed on the recipient's mobile phone.
"MAS is also intensifying its scrutiny of major financial institutions’ fraud surveillance mechanisms to ensure they are adequately equipped to deal with the growing threat of online scams," they added.
More at https://www.todayonline.com/singapore/banks-remove-clickable-links-emails-sms-sent-customers-part-new-security-measures-1794446
Looks like Citibank customers also kenna targeted.....
OCBC phishing scam: 'Goodwill payouts' for 30 victims to date, all cases to be 'reviewed and validated thoroughly'
SINGAPORE — OCBC has started reimbursing customers who were affected by the recent SMS phishing scam, the bank announced on Monday (Jan 17).
More than 30 customers have already received "goodwill payouts" since the bank began giving them out on Jan 8, while the validation process is still ongoing for the others affected by the scam, OCBC said in a statement.
"The payouts to this group of customers are made on a goodwill basis after thorough verification, taking into account the circumstances of each case," the bank added.
OCBC did not say whether the victims will be fully or partially reimbursed, or how many of the victims will not be eligible for these payments. TODAY has asked the bank for more details.
The bank also "acknowledged that its customer service and response fell short of our customers’ expectations, especially at a time of stress and anxiety", and added that it has set up a dedicated team to support the victims.
"As the investigations into these cases are complex and extensive involving multiple checks and parties, the bank needed more time to get back to affected customers to address their concerns," it added.
"The bank seeks the patience and understanding of all affected customers to allow it the time to properly review and validate each case thoroughly.
"Affected customers will be contacted as soon as the review and validation of their case is complete."
At least 469 customers had been affected by the SMS phishing scam, with losses totalling at least S$8.5 million.
The fraudsters had sent out fake bank alerts that spoofed the bank's official SMS channel with the victims, duping many of them into giving up their personal account information last month.
Several victims previously described to TODAY about their heartbreak and anxiety over suffering such towering financial losses during the holiday season.
Some also said that their OCBC bank accounts were hijacked and emptied by the scammers even though they did not provide the scammers with their one-time password or security token information.
A lot more at https://www.todayonline.com/singapore/ocbc-phishing-scam-goodwill-payouts-30-victims-date-all-cases-be-reviewed-and-validated-thoroughly-1792411
Another Sinkie's dad lost 50K in the scam :(
Jamie Yeo gifted S$1,000 to one of the victims of the OCBC scam saga!
One of the biggest local news stories from the past few weeks was the OCBC scam saga, where hundreds of people lost millions of dollars over Christmas.
Eager to do her part to help, Jamie shared that she will be gifting S$1,000 to one of the victims, the father of a special needs boy who lost his entire savings worth S$250,000, and said that anyone who is keen to lend a hand as well may contact her for his mobile number that’s linked to his PayNow account.
The former radio DJ also urged others who were affected to “fight this” by taking their cases to the Monetary Authority of Singapore (MAS), and highlighted a few more victims’ stories on her page.
Wah this John Paul Tan should consider himself damn lucky given 2 out of 5 of the illegal transactions could be lee-versed
I reckon OCBC should temporarily suspend sending out advertising-related SMSes with embedded links in them, as they would just add to the confusion of what is bona fide and what isn't.
DAMN STRAIGHT!