Financial crime is on the rise in Singapore and other major cities around the world. Over the last few months, almost 470 customers of OCBC bank reported losing money to SMS phishing scams, with total losses coming to at least USD 8.5 million. DBS, UOB and other banks have recently also warned the public about a spate of fraudulent calls in which scammers impersonate bank employees.
Most anyone can become the target of a phishing attack and run the risk of having their hard-earned money or sensitive personal information stolen. This is especially true nowadays, as scammers develop more sophisticated techniques and gain access to more advanced technology. It’s more important than ever to know the identifying signs for phishing scams, as well as to familiarise yourself with the places or government agencies that can help you. Often, it’s as simple as typing “report spam calls Singapore” into a search engine, and you’ll discover numerous resources online.
Read on for a quick look at the most common scams people in Singapore fall for, how to spot a phishing operation and what to do in response.
Contains Misleading or Inaccurate Information
The most common kinds of phishing scam make use of fake emails, SMS messages, webpages and other media to steal victims’ personal information. These are most often designed to look like official communications from banks, service providers and other organisations and at first glance can be very convincing to the less-than-vigilant user. To avoid being scammed, it’s imperative that you study the information you’re presented with closely before taking any action.
If you receive something that you think may be a phishing email or SMS message, look first at the email address or phone number it comes from. Cybercriminals often substitute letters in domain names and email addresses with similar-looking characters, such as switching a letter I or L with the numeral 1, a letter O with the numeral 0, and so on. If the message contains any links to external websites or pages, be sure to check these closely as well.
Scam texts and emails may also contain official-looking links that, when clicked, redirect you instead to fraudulent websites that can infect your device with malware or spyware. Instead of clicking any links you see immediately, hover your mouse cursor over each link and examine the small window that pops up for the actual destination URL. Mismatched links are strong signs a particular message might be a scam.
Uses Coercive or Urgent Language
Phishing scams generally work by tricking victims into taking quick and impulsive action without thinking critically about the situation. One way scammers do this is by peppering their calls or messages with threatening language that’s meant to induce panic or fear. Be wary of texts or emails that tell you your online accounts are at risk of termination, that your immediate response is required or anything similarly forceful. If these messages claim to be from a bank or service provider you actually use, you can always call the organisation to verify their legitimacy.
Promises Unreasonably Good Rewards
Sometimes cybercriminals encourage immediate action by promising generous deals or rewards in return for completing a purportedly easy, simple task. Be wary of messages that promise you a large cash prize or a trip overseas in exchange for completing a short survey or clicking on a particular link. Exercise extra caution if these messages were sent to you unsolicited or arrived from an unknown sender. It’s generally safe to assume that offers that sound too good to be true probably are.
Asks for Confidential Details
Treat messages or emails that ask for details like passwords, payment information or personal data with caution, especially if these messages arrive unexpectedly or from an unfamiliar sender. No reputable bank, for example, will ask its customers to provide them with such sensitive information over SMS or email. If the message contains a link to a login page, bear in mind that this may be a dummy login page designed to look like an official webpage and programmed to steal your login details.
As mentioned above, if you receive a message telling you a payment is due and you’re unsure how legitimate it is, the best thing to do is contact your bank or service provider for confirmation.
Contains Dubious Attachments
Email attachments are another means by which scammers can infect your device with spyware and steal your data. In these instances, cybercriminals are relying on the fact that it’s habitual for many people to immediately download and open any attachments they receive.
As always, it helps here to exercise caution and think before you click. Check the attachment’s name and file type before downloading. If the attachment extension is an uncommon file type, like .exe, it may be safer to delete it. The same goes for attachments you didn’t expect to receive or have no recollection of needing.
Phishing is widely considered one of the most insidious cybersecurity threats facing organisations today, with some studies now estimating that it accounts for as much as 90 per cent of data breaches worldwide. Cybersecurity experts generally agree that vigilance is key to averting this danger and protecting individuals and organisations in digital spaces. By keeping these telltale signs in mind, you and your colleagues can avoid falling victim to even the most sophisticated scams.