Online banking: Tips to prevent cyber attacks and safeguard your money

The Internet has brought us an unprecedented level of convenience but not without new dangers.

Fraudsters are increasingly taking advantage of our online habits to run scams on unwitting victims, stripping them of millions of dollars in the process.

In the first three months of the year, scammers cheated victims in Singapore of at least $41.3 million. Of this amount, at least $1.3 million were lost through e-commerce and social media scams. 

This is against a larger trend of reported scam crimes increasing in Singapore, surging 54 per cent in 2019 over the previous year.

Police statistics show that the top 10 scam types reported in 2019 accounted for a staggering $168 million in losses with e-commerce, business email impersonation (aka phishing), social media impersonation and tech support scams among the most lucrative for fraudsters. 

The authorities, in response, have set up a new task force to deal with the issue. Established in mid-2019, the Police’s Anti-Scam Centre (ASC) focuses on disrupting scam operations and helping victims mitigate losses.

One of the ASC’s strategies is to expedite a freeze of scam-related accounts within days, effectively cutting off scammers from robbing more. 

While the authorities believe in prompt action, the single best way to avoid being scammed is to prevent any opportunity for scams in the first place.

This is especially true when it comes to cyber attacks and online scams. Their prevention, basically, boils down to being extra cautious and to approach every transaction with a healthy dose of skepticism. 

We try to detail out some common cyber attacks and online scams, and share tips on how to prevent falling victim to each. 

1. Banking scams: Preying on negligence 

Online banking has become so common that it’s easy to let our guard down. A recent SingSaver survey shows a definitive shift towards online banking that has resulted in greater concerns over data security.

A whopping 72 per cent of Singaporeans admitted that they were anxious about online data security due to increased online banking in our post-pandemic world. 

This is where scams targeting bank customers figure. Among the most common banking scams are phishing attacks, which are attempts to trick you into providing your password or credentials in order to steal your money.

This is commonly carried out through a false website or email that is set up to look like the real thing. 

[[nid:497051]]

However, look closely and you’ll spot many telltale signs — obvious typos, misspellings, wrong tenses — you know all that grammar that you learnt in primary school English lessons. 

For many phishing scammers, English is not their native language.

This means that the email that looks like it came from your bank, but is riddled with typos and grammatical mistakes, warrants much closer inspection, and probably a quick trip to your spam folder.

The same goes for dodgy websites and SMSes. In short, be a Grammar Nazi when it comes to bank correspondences — more often than not, it can protect you from falling victim to scams. 

Another common banking scam is the money mule scheme, which recruits unsuspecting individuals to send or receive money on their behalf, sometimes in exchange for receiving a small fee.

This is illegal and, by taking part, you can be implicated as an accomplice. 

A third common banking scam involves the scammer contacting you to say that your bank account has been suspended or blocked. To resolve this issue, you will be asked to provide your login credentials and OTPs.

This information is then used to clean out your account.  

How to protect yourself

• During bank correspondences, always check the source of the message. Make sure the email address, URL of the website and/or telephone number are the official bank-provided ones, and not similar-looking fakes instead. 
• Call up your bank. Remember that there’s no harm dialing in to verify the authenticity of the message or the request. 
• Don’t open any emails from suspicious unknown senders. Also, never click on any links contained therein, if you do open it. Doing so could trigger malware, which exposes your system to further attack.
• Always set up Two-Factor Authentication (2FA). Do it for all your bank accounts to prevent fraudulent transactions from going through. You can also opt for digital 2FA, which uses your mobile phone instead of a separate physical device. 
• Never give out PIN, OTP or other passwords to a third party. Genuine banks will never ask you for such information. 
• Set a bulletproof password. Remember that any change of passwords won’t be known to the bank. Only you, and no one else, should know your password at any time. Strive to use a combination of upper and lowercase alphabets, numbers and symbols for a stronger password. 
• Make sure the browser is the latest official version of your software. Be sure to update your operating system (OS) for all your devices — your mobile, tablet, laptop, etc. 
• Make use of free online antivirus scanners to check the integrity of your system. However, if your devices are infected, you’d usually have to purchase and install the paid version to cleanse any lingering malware and protect against further attacks. 

Even with precautions taken above, online scammers are still getting smarter.

There is online banking protection insurance out there that can cover you for cyber attack incidents which compromise your credit cards, debit cards and bank accounts. 

2. E-commerce scams: Preying on anxiety 

Scams related to online shopping or e-commerce are becoming more common, especially amidst the challenging backdrop of Covid-19.

From January to March this year, the Police stated that transactions involving face masks, hand sanitisers and other Covid-19-related items made up 25 per cent of all reported e-commerce scams.

These scams involved victims failing to receive the products they paid for, or receiving shoddy or fake goods instead. 

Cases like these demonstrate a hallmark widely employed by scammers — they prey on people’s anxieties, whether real or imagined — causing them to make rash decisions. 

This tactic is also featured prominently in many other types of scams, such as the kidnap scam in which victims receive a phone call or message claiming that their loved ones were kidnapped and asking for money to be transferred to secure their release. 

How to protect yourself

• Seek buyer’s protection. When making an e-commerce purchase, make sure you have buyer’s protection. A great example is Carousell Protection, which protects both buyer and seller by holding the money in escrow until both parties are satisfied with the transaction. 
• Be extra careful if you’re asked to pay the buyer directly. Or when ordering from an unknown website. If you’re asked to wire or transfer the money to an unknown bank account, run. In such transactions, it is virtually impossible to recover your money, even if you can prove the fraud.
• Pay through recognised payment gateways. For example, PayPal has a robust buyer protection policy for added protection. 
• Familiarise yourself with your credit card’s fraud protection policy. This includes any deadlines for chargebacks and dispute resolutions. Taking action within the deadline can increase your chances of getting your money back. 
• When in doubt, stop interacting or browsing the website. This will give you a chance to reset and think rationally about the purchase. Browse ScamAlert.sg or call the Anti-scam Hotline at 1800 772 688 to seek advice if you’re worried about a potential scammer. 

3. Social media impersonation scams: Preying on your friendship

A very popular type of scam, social media impersonation involves a fraudster mimicking (or, in some cases, outright hijacking) the social media account of one of your contacts. They might contact you with a seemingly innocent request, which later turns out to be a scam. 

A typical case goes like this: you receive a DM in one of your social media accounts, likely on Instagram or Whatsapp, from an individual you thought to be your friend.

This person then asks for a small favour, usually involving some sort of password or verification, such as a One-time Password (OTP) or gift card codes. 

The info you provide is then used to illegally gain access to your banking account or digital wallets (such as GrabPay) to make purchases and payments. 

How to protect yourself

• Always verify the identity of the requestor. Before you hand over any codes or OTP, contact the friend who has supposedly made the request to establish authenticity. 
• Call it quits. If the other party tries to threaten or guilt you into sharing the info or applies pressure tactics, end the conversation immediately. 

4. Tech support scams: Preying on trust

Scams of this type preys on our innate willingness to trust the expert, a cognitive bias known fittingly as the Authority Bias. 

Consider this. You’re merrily browsing for the latest blockbuster to stream when a pop-up appears on your screen. It says there’s a problem with your account or computer, and asks you to call a number in order to resolve it.

Some clever programming prevents you from closing the window, which further convinces you the problem is real. Calling the number puts you in touch with a ‘tech support centre’, which fixes the problem for you. For a fee. 

The reality is there was nothing wrong with your computer to begin with, and you’ve just been taken for a ride.  

How to protect yourself

• Avoid visiting dodgy, illegal or unofficial websites that usually lack proper cyber security. They make a prime target for hackers to harm vulnerable users. Often, these websites are not even aware that their servers are being used for spam or malware attacks. 
• Make sure all the software and operating systems are up-to-date. This prevents hackers and scammers from exploiting security vulnerabilities in outdated software. 
• Install a reputable anti-virus suite. They provide early warning against scams or suspicious links. Be sure to install the same suite across all devices that you use to access the Internet for all-round protection.

This article was first published in SingSaver.com.sg.