DBS, POSB customers targeted in new SMS phishing scams

In a press statement yesterday, the Singapore Police Force and DBS Bank said since September last year, the police have received more than 90 reports from victims who were deceived into providing their Internet banking details on fraudulent websites.

This, after clicking on phishing website addresses in SMSes purportedly sent by DBS or POSB.


Photo: DBS Bank 

The victims later discovered a new payee had been added to their bank accounts and unauthorised transactions made.

After receiving the money, the scammers lured unsuspecting netizens into becoming their money mules.

One of the two new methods used by the scammers was posting fake job advertisements on popular classified websites such as Gumtree to recruit surveyors, food and beverage staff or order assistants.

Unsuspecting job applicants would then receive an e-mail, saying they got the job.

The scammers would ask for their personal information, including bank account details.

The victims were told to withdraw money, supposedly transferred from the company into their bank accounts and deposit it into Bitcoin automated teller machines (ATMs).

In the second variant, the scammers befriended users of social and online gaming platforms, requesting help to purchase Bitcoins.

The scammers would then ask for their bank account details to transfer money to them.

The users were told they could keep some of the money as commission but had to withdraw the rest of the money and deposit them into Bitcoin ATMs.

The police said in both methods, by withdrawing the money and depositing them into Bitcoin ATMs, the victims may have unwittingly become money mules. And they could be investigated for money laundering offences.

The police and DBS warned the public that such phishing scams could be targeted at any bank customers.

The police advised the public to always verify the details in messages from banks, and to refrain from disclosing Internet banking details such as account username, personal identification number or one-time password to anyone.

Police said in an advisory yesterday that they have received at least four reports of such scams in the year thus far and warned the public against falling prey to them. There have been two different variants of the scam.

The first involves victims seeing a pop-up message indicating their computers have been infected with a virus, or that their passwords and personal information have been leaked.

A toll-free telephone number will be provided, and when victims call it to resolve the purported issue, they are connected to operators claiming to be employees from tech firms.

The operators then advise them to download an application or enter commands into the computers, which allows the scammers to gain remote access to the victims' computers.

In the second variant, victims get unsolicited calls from individuals informing them their bank account details have been compromised. The victims are asked to download software so they can get help, which gives the scammer control of the victims' computer.

In most cases, victims are told to purchase "anti-virus software" to fix their computers. They will then be asked to transfer money or provide personal particulars and credit or debit card details for the purchase.

In other cases, the victims allowed the scammers to access their e-mail accounts by giving up their passwords, which in turn allowed the scammers to misuse these e-mail accounts to commit other scams.

The police have advised the public to be wary of unsolicited calls, to ignore the pop-up messages and close them and call a trusted person before acting on the instructions. They should not give out personal details.

Those who wish to provide information on such scams should call the police hotline on 1800-255-0000, or submit it online at www.police.gov.sg/iwitness. The public can call the anti-scam helpline on 1800-722-6688 or visit www.scamalert.sg for scam-related advice.

This article was first published in The New Paper. Permission required for reproduction.