Five lessons learnt from the OCBC phishing scam

Scams are aplenty in Singapore now, so how do you protect yourself?

Just in December, phishing scams involving OCBC Bank customers saw at least 469 people losing about $8.5 million in total. 

The phishing method saw scammers altering the “SenderID” field on SMS services, allowing bank names to show up as the sender’s name. This causes their spoof messages to appear under legitimate existing SMS threads of the bank.

The SMS will then prompt users to provide their login details via a page that looks like the bank’s login page. Once users provide their details, money is then transferred out to foreign accounts.

Here are five lessons we can learn from the scams, to avoid being scammed in the future.

It is a fallacy to think that youth are immune to being scammed. December 2021 showed that more youth in Singapore aged 16 and below are falling prey to cyber scams.

In this OCBC phishing scam, a couple in their 20s lost about $120,000 which they took five years to save.

Everyone, including youths, should not be complacent and must stay vigilant against potential phishing scams. 

There is the old saying, “Don’t put all your eggs in one basket,” from the idea that if a farmer were to stumble while bringing the basket of eggs back from the henhouse, they could end up with a messy situation. 

This encapsulates the idea of not losing all your money in just one fraudulent transaction, in the unfortunate event that you fall prey to phishing scams.

Keeping your savings in multiple bank accounts across different banks offers a safeguard that if you get scammed, you will at least have a portion of your wealth left.

Going through your bank’s official channels is one of the best ways to avoid being scammed.

The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) said on Jan 19 that additional measures will be put in place within the next two weeks to bolster security of digital banking services, including the removal of clickable links in SMSes or emails sent to customers. 

This is another safeguard against phishing scams and a way to reiterate accessing bank accounts through official channels.

Once scammers gain access to a victim’s bank account after the victim enters their credentials on a fake lookalike OCBC website, daily withdrawal limits can be raised and money can be transferred out.

It is important to remember that OCBC or any other banks will never ask you for this information.

Scammers prey on the fear of the victims and one should always check with their bank before acting on any information they receive. 

Call the official bank hotline or email its customer support team to clarify any claims in the SMSes received.

The victims of this OCBC scam were fortunate as it was announced on Jan 19 that OCBC will give “full goodwill payouts” to the victims of this scam, covering the amount they lost.

However, this might be a rare exception.

Should you think you have been scammed, here are some actions you can take to have a chance to recover your money.

Make a police report and make sure that you keep every piece of evidence stored somewhere to help the police with investigations.

Find out if your bank has a fraud protection policy as the bank might be able to freeze or hold the funds transferred out. This could lead to a recovery of the funds.

Visit here for more information on scams and above all, stay vigilant always as scammers can be crafty!