SINGAPORE - When 65-year-old Madam Lee picked up a call on her land line on Wednesday (Nov 13), she thought it was a Singtel customer service personnel who was contacting her about problems with her broadband connection.
The caller said he would rectify any problems with her Wi-Fi connection if she followed his instructions, and Madam Lee believed him.
This resulted in her staying on the call for over two hours, following the man's detailed instructions on what to do on her computer.
This included her having to give the man - who she said did not sound Singaporean - remote access to the computer.
Over a two-hour period, the caller also had Madam Lee open her Internet banking account and give him some very personal information - including a one-time password and her latest transactions.
The caller even told Madam Lee that he would connect her to the "cyber police". She was then connected to another scammer, who told her that her IP address was being used in various countries.
Little did she know that these were scam callers, who later made off with over $300,000 from three different bank accounts. No part of this sum was recovered.
"Throughout this process, they kept telling me not to talk to anybody, not to inform anybody, and to keep the land line on and my hand phone switched off," Madam Lee said.
"Not knowing anything, I just followed through. That's when it all happened."
The scammers went so far as to tell Madam Lee that her Singtel IP address was being used by people from other countries: and they convinced her to believe them by sending her a world map and a message from the "Interpol" with a picture attached of a Russian man who was supposedly using her account.
"They even told me to write down some codes - and that the cyber police would come to my home and I should pass the codes to them," she said.
After she hung up, she tried to call the official Singtel customer service number on another line, but could not get through.
Feeling uneasy, she called her bank - and found out that various transfers were made from her account to a local account and foreign accounts as well.
It turned out that the scammers had also raised the withdrawal limit on her accounts in order to make a bigger transfer at once.
"It was very traumatising because it didn't only affect me - it affected my family members who had joint accounts with me too," Madam Lee said.
The Singapore Police Force (SPF) warned that a significant number of such scams has been reported recently.
From January to October this year, at least 156 reports of these scams were lodged, with victims losing at least $6 million in all. In October alone, at least 50 victims fell prey to scams similar to what Madam Lee encountered, in which the scammers impersonate personnel from local telecommunication service providers such as Singtel and StarHub, or even police officers, to gain remote access to the victims' computers.
"The scammers would deceive victims into believing that there were issues with their modem or Internet connection and would direct the victims to download and install software applications such as TeamViewer or AnyDesk onto their computers, on the pretext that doing so would give them remote access to the victim's computers in order to help resolve the issues," said the SPF.
In other cases, the scammers even would claim to be from the "Cyber Crime Department of Singapore" or the "Cyber Police of Singapore" to deceive victims into believing that they had committed a criminal offence.
The scammers would then direct the victims to download and install remote desktop software on their computers, on the pretext that doing so would assist in the investigations.
The scammers would then use the software applications to access the computers remotely. After the victims were logged into their bank accounts, on the scammers' instructions, funds would be transferred out of their bank account.
SPF advises members of the public who have fallen prey to such scams to immediately turn off their computers, report the incident to their bank to halt further activities on their accounts, and make a police report. One-time passwords for banking transactions should never be given to other parties.