Victims lost at least S $ 8.5 million in SMS phishing scams involving fake SMS masquerading as OCBC Bank, according to Singapore Police (SPF).
FPS noted crooks were texting OCBC clients, letting them know they were having problems with their bank accounts. The scammers asked customers to click on a link embedded in the text message to resolve the issues.
When they agreed, victims were redirected to a fake banking website that asked for their bank login credentials, such as usernames, PINs, and one-time passwords (OTPs). However, victims would receive notifications regarding unauthorized transactions on their bank accounts.
OCBC Warns of Rise in Fake SMS Phishing Scams
About 26 clients lost S $ 140,000 to phishing scams in just ten days between December 8 and December 17, while 186 other customers lost S $ 2.7 million between December 24 and 26.
In total, OCBC Bank customers lost an estimated S $ 8.5 million to SMS phishing scams in December 2021, much of it lost within two weeks. The bank also noticed an increase in bank phishing scams around New Years weekend.
OCBC had initiated the takedowns of 45 phishing websites in December 2021, eight times the takedowns than the average monthly figure.
According to OCBC, crooks send fake text messages by spoofing the bank’s name and shortcode. This strategy allows fake text messages from fraudsters to appear in the same discussion thread as legitimate text messages from the bank. Moreover, the fake SMS also carries the OCBC header, which makes it more believable.
OCBC skeptical of recovering stolen money from fake SMS phishing scams
The OCBC said it was working with the Singapore Police Force’s Anti-Scam Center to help defrauded customers of bogus SMS phishing scams.
However, OCBC Bank and SPF acknowledged that recovering the stolen money was very difficult once the funds were removed from the owner’s account. The bank noted that avoiding falling victim to fake SMS fraud was the first line of defense given the challenges of recovering stolen funds.
“Once the funds were fraudulently transferred from the victim’s bank account, it would be difficult and difficult to recover the stolen money,” Singapore police said.
SPF advised members of the public to generally verify the authenticity of any information from the bank’s official website. In addition, they advised citizens to avoid disclosing their internet banking information or any confidential information like passwords and OTPs to third parties. They should also immediately report any fraudulent transactions to the bank.
OCBC Bank reiterated that it does not send SMS to inform customers of an account closure or temporary suspensions. The bank also clarified that its official communication on serious account issues is through physical mail to prevent online fraud. In addition, the bank does not send activation links because the reactivation of dormant accounts can only be initiated in person at bank branches.
The bank also advised customers to avoid clicking on suspicious links in unsolicited emails or text messages. Additionally, they have to type the bank URL link directly into the browser’s address bar or use the official mobile banking app. Finally, they should not disclose confidential information to unverified web pages and unofficial websites.
