Phishing scams are not new. Every day, we’re constantly reminded to be careful whenever we click on links, download attachments, update our phones and computers’ security and be mindful of how and with whom we share our personal data.
One of the most common types of online scams, phishing is when scammers try to “fish” sensitive information from consumers by sending them an e-mail seemingly coming from a reliable source, say, a mortgage company, service provider as well as banks.
Just this month, especially in the last two weeks of December when people have been busy preparing and enjoying the holidays, at least 469 people have become victims of phishing scams that involve OCBC Bank. This has resulted in losses totalling at least S$8.5 million according to reports.
During Christmas weekend alone, 186 OCBC customers have lost about S$2.7 million.
Victims of the scam have reported that they received SMS supposedly from OCBC, which claimed that their banking accounts have issues and in order to fix it, they would have to click on the link provided in the SMS.
Trusting that the messages were from OCBC, unsuspecting clients of the bank clicked on the link which they reported led to a bank website wherein they were asked to provide their internet banking account login details.
OCBC clients who clicked on the link which led to the fake website, became suspicious once they started receiving notifications that showed several unauthorized transactions using their bank accounts.
As the search is on to trace the hackers of this scam as well as recover the money lost by OCBC clients, the bank continues to be firm regarding the importance of staying vigilant against online scams. OCBC has sent out warnings through its different communication channels such as online banking platforms, social media page and media advisories.
OCBC clients were not the only ones to have fallen prey to such phishing scams. According to police records, victims of such scams has more than doubled this year compared to last year resulting in a loss of $168 million in the first half of 2021 alone.
Given the persistent nature of phishing scams along with its ability to adopt more sophisticated means to target consumers, many have been asking if it’s really possible to receive a scam text from an official number?
Here are two terms you need to be wary of – “smishing” and “SMS Spoofing”. Smishing is when scammers make use of deceptive messages sent to your phone to trick you into sharing your personal information. Meanwhile, SMS Spoofing is a technique used to change the sender’s details – ID/phone number. This is usually used for marketing purposes by companies when they’re sending out promotional messages to their clients. Instead of receiving SMS from an unknown number, which consumers may find unappealing, SMS Spoofing will replace the number with a different ID, say, “Dad”, “Bank” and so on.
Convenient for marketing but highly problematic when used by ill-meaning individuals, SMS Spoofing can also be used for spoofed texts that may contain phishing site links as well as malware downloads. What’s equally troubling is that SMS Spoofing is not hard to do but can be challenging to detect and trace.
For purpose of information, SMS Spoofing can be done either through an SMS gateway or through an online service. It’s fairly easy to do and messages will look like the real thing.
Hence, it’s always important to be extra vigilant as phishing scams have become a worldwide problem, affecting not only Singapore and is seemingly becoming more problematic and troublesome as time passes.