Five lessons learnt from the OCBC phishing scam

Staying vigilant is key as scammers are now more sophisticated with their phishing techniques.

Naren Sankar

Nostalgic man, never giving up. Loves cartoons.

Published: 25 January 2022, 10:59 AM

Scams are aplenty in Singapore now, so how do you protect yourself?

Just in December, phishing scams involving OCBC Bank customers saw at least 469 people losing about $8.5 million in total. 

The phishing method saw scammers altering the “SenderID” field on SMS services, allowing bank names to show up as the sender’s name. This causes their spoof messages to appear under legitimate existing SMS threads of the bank.

The SMS will then prompt users to provide their login details via a page that looks like the bank’s login page. Once users provide their details, money is then transferred out to foreign accounts.

Here are five lessons we can learn from the scams, to avoid being scammed in the future.

1. Youth can be scammed

It is a fallacy to think that youth are immune to being scammed. December 2021 showed that more youth in Singapore aged 16 and below are falling prey to cyber scams.

OCBC launched its fraud surveillance system in 2016 which uses machine learning to assist in detecting and immediately flagging fraudulent transactions, which are then reviewed by a fraud analyst. PHOTO CREDIT: GOOGLE MAPS

In this OCBC phishing scam, a couple in their 20s lost about $120,000 which they took five years to save.

Everyone, including youths, should not be complacent and must stay vigilant against potential phishing scams. 

2. Diversify where you keep your money

There is the old saying, “Don’t put all your eggs in one basket,” from the idea that if a farmer were to stumble while bringing the basket of eggs back from the henhouse, they could end up with a messy situation. 

This encapsulates the idea of not losing all your money in just one fraudulent transaction, in the unfortunate event that you fall prey to phishing scams.



Diversification of your wealth could also include owning stocks as well as other investments such as bonds, commodities and real estate. PHOTO CREDIT: ANTONI SHKRABA VIA PEXELS

Keeping your savings in multiple bank accounts across different banks offers a safeguard that if you get scammed, you will at least have a portion of your wealth left.

3. Access bank accounts using the official banking or payment app

Going through your bank’s official channels is one of the best ways to avoid being scammed.

The scam SMSes came in the same SMS thread as legitimate OCBC SMSes. PHOTO CREDIT: YOUTHOPIA/NAREN SANKAR

The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) said on Jan 19 that additional measures will be put in place within the next two weeks to bolster security of digital banking services, including the removal of clickable links in SMSes or emails sent to customers. 

This is another safeguard against phishing scams and a way to reiterate accessing bank accounts through official channels.

4. Do not respond to messages asking for personal credentials, passwords or PINs

Once scammers gain access to a victim’s bank account after the victim enters their credentials on a fake lookalike OCBC website, daily withdrawal limits can be raised and money can be transferred out.

An example of a phishing SMS. PHOTO CREDIT: OCBC

It is important to remember that OCBC or any other banks will never ask you for this information.

5. Do not act in a hurry

Scammers prey on the fear of the victims and one should always check with their bank before acting on any information they receive. 

Call the official bank hotline or email its customer support team to clarify any claims in the SMSes received.

The victims of this OCBC scam were fortunate as it was announced on Jan 19 that OCBC will give “full goodwill payouts” to the victims of this scam, covering the amount they lost.

However, this might be a rare exception.

Should you think you have been scammed, here are some actions you can take to have a chance to recover your money.

Make a police report and make sure that you keep every piece of evidence stored somewhere to help the police with investigations.

Find out if your bank has a fraud protection policy as the bank might be able to freeze or hold the funds transferred out. This could lead to a recovery of the funds.

Visit here for more information on scams and above all, stay vigilant always as scammers can be crafty!

You may like these