Phishing scams have unfortunately been in the news again. Here are some simple steps you can take to avoid falling victim to common scams online.
TEXT: MELODY TAN
Imagine losing your life savings in a matter of minutes. That nightmarish scenario was reality for many victims of the recent OCBC Bank phishing scam, which saw S$13.7 million lost from the accounts of 790 bank customers.
Phishing scams are online attacks in which cybercriminals trick people into handing over their confidential information, such as bank details, passwords and credit card information by creating websites, emails and text messages that seem to come from a legitimate organisation, such as a government agency or a bank.
In the last few years, Singaporeans’ financial activity has increasingly shifted online – a trend accelerated by COVID-19 as digital finance and e-payments were encouraged to maintain safe-distancing measures. However, this has also resulted in an increase in phishing scams and hacking attempts. In the last five-and-a-half years, online scammers have stolen close to S$1 billion from people living in Singapore, with 2020 seeing the highest amount of S$268.4 million lost.
Instead of going back to the old days of stashing money in Milo tins and piggy banks under your bed, these few simple checks can help to ensure that your precious savings are safe from online criminals and their phishing methods.
LOOK FOR THE SMALL DIFFERENCES
Phishing has become more sophisticated, as cybercriminals are able to spoof the Short Message Service (SMS) Sender IDs of real banks. This means that their fraudulent text messages will be sorted into the same SMS thread as legitimate ones. This causes victims to assume the messages are real and act on them accordingly.
However, there are still some differences. Phishing messages often have errors in grammar or spelling. They may use threatening language or issue ultimatums to scare victims (“Your account will be deleted if you don’t act now!”).
If they arrive via email, their addresses won’t match those belonging to the real organisation they’re imitating – for example, a phishing email might be from firstname.lastname@example.org instead of email@example.com. For WhatsApp messages, check for a green check mark next to the organisation name. This indicates that the message is from the organisation’s official business account.
In addition, if you accidentally click on a phishing website, you might notice that it starts with ‘http’ instead of ‘https’. The latter denotes a secure version used by legitimate websites like banks and online retailers, to protect your login credentials.
DON’T CLICK THE LINK
If you receive a message that claims to be from a trusted organisation, don’t click on the link automatically. Besides, banks in Singapore have recently announced that they’ll stop using clickable links in emails and SMSes for greater security. To see where a link leads to, mouse over it on your computer, or hold it down with a finger on your phone to see the full address.
It’s safer to log in using the bank or organisation’s app on your phone, or by visiting their website. If the message is real, you should see a notification in the app or on the website. If you don’t see anything but would still like to check, it’s safer to call the organisation. Don’t use any numbers provided in the suspected message. You may end up speaking to a scammer instead!
DON’T PROVIDE CONFIDENTIAL INFORMATION
No genuine organisation will ever ask for your personal information (like NRIC number, Singpass login, bank account details or passwords) online. Should a bank or government agency require sensitive information, they would ask you to visit a branch or office in person.
TOO GOOD TO BE TRUE
Phishing messages might try to tempt victims with freebies, chances to win prizes or unusually large discounts on popular goods. Last year, NTUC FairPrice alerted customers to an email – supposedly from FairPrice Online – that offered people S$80 for answering a few survey questions. If the offer is suspiciously generous, it’s probably fake.
WHAT’S THE RUSH?
Finally, phishing attacks often rely on a victim being distracted or panicked, two emotions which override their natural caution.
For example, one victim of the OCBC Bank phishing scam was anxious when she received a fake text message claiming that her account would be suspended, as she needed to make several transactions to her children’s bank accounts. Scammers eventually took close to S$100,000 from her and her children’s bank accounts.
Instead of reacting immediately to any messages or emails, take the time to evaluate their content. Don’t perform transactions or disclose banking details when you’re in a rush, or distracted. Set aside the time to sit down and focus fully on the information presented to you. This might take a few extra minutes, but it could save you thousands of dollars in the long run.