No less than 219 customers of DBS Bank have reportedly been duped by sophisticated phishing scams in the first two weeks of 2024, resulting in a collective loss of approximately S$446,000 (US$335,000), Channel News Asia learned from a joint statement by the Singapore Police Force and DBS on Sunday (14 Jan).
The scams, which have seen a significant rise since December last year, primarily involve SMS phishing, where scammers masquerade as bank officials or impersonate banking entities like DBS or POSB.
Victims of these scams receive unsolicited text messages, which may originate from short codes, foreign, or local numbers. These messages falsely alert them about unauthorised access to their accounts and prompt them to click on links to verify their identities and supposedly halt fraudulent transactions.
However, these links lead to counterfeit DBS websites where victims are tricked into divulging their internet banking credentials and One-Time Passwords (OTPs). Scammers then exploit this information for unauthorised withdrawals from the victims’ accounts.
In response to inquiries from Channel News Asia, a spokesperson for DBS elaborated on the bank’s response, stating that they are considering goodwill payouts for affected customers on an individual basis.
Just last year, the Monetary Authority of Singapore (MAS) has released a proposal for a Shared Responsibility Framework (SRF) which focused on a defined scope of phishing scams.
The regulator outlined that financial institutions and telcos may be expected to bear the full loss of these scams, if they fail to discharge their respective prescribed duties to mitigate phishing scams.
Additionally, DBS is partnering with counseling centers to provide emotional support to victims. The spokesperson highlighted the bank’s extensive anti-scam awareness initiatives aimed at educating the public about such fraudulent schemes.
Authorities emphasise that legitimate banks, including DBS, have ceased the practice of sending clickable links via SMS or email to retail customers since early 2022.
This change is part of a broader strategy to combat phishing scams, which also includes other protective measures like lowering the default limit for transaction notifications and ramping up scam education alerts.
The police and DBS jointly recommend the installation of the ScamShield App to safeguard against scam calls and SMSes, alongside enabling two-factor authentication for bank accounts and setting transaction limits.
They also remind the public that bank employees will never request internet banking details or OTPs. Customers who suspect scam activities are urged to contact the DBS fraud hotline or use the bank’s Safety Switch feature to block access to their funds temporarily.
The bank is also collaborating with various government agencies such as the Infocomm Media Development Authority and the Cyber Security Agency of Singapore to produce educational content on anti-scam measures.
In a broader move, the police along with DBS, UOB, OCBC, and Standard Chartered, had conducted a collaborative operation over three months until 31 December 2023 to send out more than 48,000 SMSes to over 15,000 scam victims who are customers of the banks.
By leveraging Robotic Process Automation (RPA) technology, the police had managed to successfully disrupt over 5,300 ongoing scams and prevented potential financial losses of more than S$69.43 million.
Featured image credit: Edited from Freepik