SINGAPORE - There has been a resurgence of phishing SMSes purportedly sent by DBS or POSB, the police said in a joint statement with DBS Bank on Tuesday (Jan 22).
The authorities have received more than 90 reports of these incidents since September last year.
After clicking on URLs on these phishing SMSes, victims were deceived into providing their Internet banking details on fraudulent websites.
Victims later found that new payees were added to their bank accounts and unauthorised transactions were made.
Bank customers who clicked on the links in the SMS were redirected to a non-DBS website, such as posb-dbs-sg.org, posb-dbs-protect.com, posb-dbs-firewall.com, posb-dbs.com and dbs-posb.com.
In the statement, the police reiterated that two other variants of phishing scams have been observed since Nov 14 last year.
In the first variant, the scammers would post fake job advertisements on popular classified websites such as Gumtree to recruit surveyors, food and beverage staff members or order assistants.
Those who applied for these jobs via the e-mail address directwarehousestock @ gmail.com would receive an e-mail from derbysinfo @ gmail.com, stating that they were accepted for the job.
Victims would then be asked to provide personal information like their bank account details.
Precautions to take
- a) Be alert and always verify the details in messages from banks. Always check that the message reflects your intended actions and do not proceed with or authorise suspicious transactions.
- b) Do not click on the URL links in the phishing SMSes and beware of phishing websites that may look genuine. Always type the full URL of the bank (e.g. www.dbs.com.sg or www.posb.com.sg) into the address bar or use the official mobile banking application to ensure that you are using legitimate banking services.
- c) Do not disclose your Internet Banking details such as account username, Personal Identification Number (PIN) or One-Time Password (OTP) to anyone through phone, e-mail or SMS - including bank staff or law enforcement officers.
- d) Never reply to unsolicited SMSes or e-mails. Responses to such SMSes or e-mails could be used by fraudsters to trick users into providing information or performing unwanted actions.
- e) Call your bank using the hotline published on the bank's website if you notice unknown transactions appearing in your account or to verify if your bank account has been locked. Do not call the numbers provided in the phishing SMSes.
- f) Ensure that your bank account is used only for your personal banking needs.
- g) Ignore or decline all requests by online acquaintances to use your bank account for transfer of money to purchase bitcoins.
- h) If you suspect that you have received an unknown sum of money in your bank account, report it to the bank and the police immediately. If the unknown sum of money is still in your account, do not transact it in any way.
- i) Please call DBS immediately on 1800-111-1111 (Personal Banking) or 1800-222-2200 (Business Banking) if you notice unknown transactions appearing on your DBS/POSB account.
As part of their jobs, victims would be directed to withdraw money which was supposedly transferred from the company into their bank accounts. The money would be deposited into bitcoin ATMs.
However, the money withdrawn was transferred from the bank accounts of the victims who had clicked on the URLs in the phishing SMSes.
The second variant of phishing scams involves scammers who would befriend users of social and online gaming platforms before asking them to purchase bitcoins.
After agreeing to help buy the bitcoins, the scammers would ask for the victim's bank account details to transfer the money to them.
The users were subsequently told that they could keep a portion of the money as commission. They were instructed to withdraw the rest of the money and deposit it into Bitcoin ATMs to complete the purchase.
Similar to the first variant, the money that victims received were transferred from the bank accounts of other phishing scam victims.
In the statement, the police and DBS warned members of the public that any bank customers can be subject to such phishing scams.
Members of the public can refer to https://www.dbs.com.sg/security for the latest security alerts by DBS.
The authorities also reminded the public to be wary of requests to receive and transfer money, as such acts may be facilitating money laundering.
Those who receive or are asked to receive funds from unknown or dubious sources should lodge a police report immediately and should not deal with the funds.
By withdrawing the money and depositing them into bitcoin ATMs, the victims in the two variants of phishing scams may also have unwittingly become money mules, and may be investigated for money laundering offences.
Those found guilty of money laundering may face a jail term up to 10 years, a fine of up to $500,000, or both.
The public can call the anti-scam helpline on 1800-722-6688 or visit www.scamalert.sg for scam-related advice.