SINGAPORE - Phishing scams are in the spotlight again, with 378 people falling victim in the first two weeks of this month alone, said the police in a statement on Thursday (Nov 18).
These phishing scams typically come as text messages or e-mails from addresses impersonating trusted entities and making fake offers or claims to trick recipients into clicking on a phishing URL link.
Trusted entities include institutions like banks, government agencies, trade unions and companies such as SingPost or Grab.
An example of a known phishing scam is the SingPost parcel redirection scam.
Victims would receive an SMS - sometimes after an authentic SingPost SMS - stating: "Your parcel has been redirected to your local post office branch due to an unpaid delivery fee." This is accompanied by a phishing URL link.
Another example is the $20 commemorative note scam. Victims would receive an SMS informing them that they could receive a Bicentennial $20 note for free. The SMS carries a link to a website address which resembles that of DBS Bank.
Victims who click on such phishing URLs would be tricked into providing their credit/debit card details and a one-time password (OTP), allowing scammers to siphon money from their accounts.
"Victims would only realise they have been scammed when they discover unauthorised transactions made using their credit/debit card," said the police.
They advise the public to always verify the authenticity of information found in messages and e-mails with official sources, and to avoid clicking on URL links found in unsolicited e-mails and text messages.
Internet banking details or OTPs should never be disclosed to anyone. Any fraudulent charges to bank accounts should be immediately reported, and cards to the corresponding bank account cancelled.
Information related to scams can be provided online here or via the police hotline on 1800-255-0000.
Real or fake?
Here are some tips to avoid being scammed.
- Always check if the message is sent via an unknown e-mail address or number, even if the sender claims to be from a trusted agency. Trusted agencies have their official e-mail addresses and numbers available on their website.
- Check if URLs in messages are the same as the official websites of trusted agencies. Scam URLs tend to be modified variants of official website URLs.
- Check if the logos on the websites connected to the URL look different from the logos on official sites. Scam websites sometimes modify official logos to avoid copyright infringement.
- Avoid giving your personal banking details and OTPs to any site that you have not verified as official.
- Always cancel your credit cards and inform your banks the moment you detect a fraudulent charge.