The ongoing COVID-19 pandemic has significantly altered the way people carry on with their lives, with many staying at home while working, communicating, and transacting online. However, this has also seen an influx of online scams in Singapore.
According to figures released by the Singapore Police Force, online scams involving e-commerce, social media impersonation, online banking, and loans have made up 71% of the top 10 scams reported in the first half of 2020.
Banking-related phishing scams alone have seen the largest increase by more than 2,500%, as compared to the same period in 2019, with the largest sum cheated in a single case amounting to S$506,000.
Despite continued efforts by the police in educating the public about such scams, many victims have fallen prey to banking-related scams by revealing their internet banking usernames, passwords, and OTP to scammers posing as bank staff.
We share some tips on how you can prevent yourself from becoming the next victim of a phishing scam.
What Is Phishing And How To Spot Them
Pronounced as “fishing”, phishing is a common technique employed by syndicates to trick unsuspecting victims into giving away their personal information. The sensitive data that syndicates often prey on include bank account details, personal identification number (PIN), as well as passwords and OTPs. This can be done through the use of emails, SMS, or even phone calls.
Victims may receive fake emails or SMS that look like it is sent from banks to trick unsuspecting victims into believing that the messages are authentic. However, such messages often contain weblinks that mimic those of legitimate ones but will redirect to spoof websites.
Besides sending out en masse and using generic greetings, phishing emails and texts messages often contain the following stories to put victims into unease and getting them to release their information:
- Verifying of identity
- Suspension of transaction or bank accounts and requiring immediate action
- Update of bank account details
In addition, syndicates may also contact victims via regular phone calls or instant messaging applications such as WhatsApp or Viber. Calls may either originate from local or overseas numbers, and perpetrators would often use Caller ID spoofing to mask the actual number.
The modus operandi of such calls would often include telling the victim that his or her bank account had been locked or suspended, followed by an offer to assist in resolving the matter.
Victims who are not vigilant against such scams may give out sensitive credentials, which will then be used by criminals to access online banking accounts and perform unauthorised transactions.
Tips To Protect Yourself And Your Information
While the thought of losing your hard-earned money to scammers can be scary, it is actually easy to prevent yourself from falling victim to phishing.
Here are some steps you can take immediately to protect yourself:
#1 Check The Source of Message or Phone Call
Be sure to be vigilant by checking the source of any message sent through emails or SMS before clicking on any links or opening any attachments.
Do not open emails from dubious or unknown sources. Emails or texts from dubious sources often contain links and attachments may either lead you to phishing pages or to install malware onto your device without your knowledge.
Unless if you are expecting calls from overseas, be vigilant when you spot a “+” prefix on the phone number. Banks will never call you from an overseas phone number with a “+” prefix when you are in Singapore. In addition, reject any calls from instant messaging apps that resemble someone calling from a bank.
If in doubt, contact your bank to check the authenticity of any message or calls.
#2 Protect Your Information
Be aware of the information you share with and how it can be used by the receiving party.
For instance, you should avoid sharing personal details such as your NRIC number, address, phone number, bank account, and other personal information unnecessarily.
In addition, be sure to secure your online accounts with a strong password to prevent unauthorised use, and secure it with second-factor authentication 2FA whenever possible. Remember to use different sets of PIN or passwords for web-based services such as email, online shopping, or subscription services.
Never disclose your account User ID, PIN, and OTPs to anyone, even when under pressure. Do note that bank staff will never request for your PIN, password, or OTP.
Lastly, avoid providing your account details such as passwords and PIN over email, when visiting third-party financial aggregator applications, or pop-up windows from emails or websites.
#3 – Secure Your Devices Properly
Besides staying vigilant to phishing messages and avoid sharing of personal information recklessly, securing your device properly and keeping it protected with the latest operating system or anti-virus software is also essential in addressing vulnerabilities and help prevent unauthorised access to your data.
For instance, you should install the latest anti-virus software and avoid jailbreaking or rooting your devices to avoid making it vulnerable to viruses and malicious software.
Always install apps from official app stores (such as Apple App Store or Google Play Store), as apps from other sources may modify and insert malware onto your devices. In addition, you should configure the operating system of your device and apps/programs to perform automatic updates to ensure that any vulnerabilities are addressed timely.
Lastly, do backup critical data and avoid registering other people’s biometrics such as facial or fingerprint registration on your devices.
#4 Practice Good Online Surfing Habits
Whenever you surf the web, be sure to look out for the secure symbol in the address bar.
Legitimate websites are generally encrypted to protect your details. Such websites will show “https” rather than “http” at the start of the address. Alternatively, a closed padlock or unbroken key icon at the bottom right corner of your browser window should appear.
When visiting a website, do make it a habit to type the URL on the address bar of your browser, instead of clicking on it from an email or another site.
In addition, avoid accessing websites that require you to log in to your account when using public wi-fi network, and consider deferring sensitive activities until you have access to a secured network.
What Should You Do If You Have Shared Personal Information In An Alleged Scam
In an unfortunate event where you have provided any personal bank details to an alleged scam or fraud, call your bank and make a police report immediately.
When making a report, you should provide information on the alleged scam, such as the approximate time and date of the alleged scam, the channel used to contact you, and a copy of the fraud message if available.
Listen to our podcast, where we have in-depth discussions on finance topics that matter to you.