More than 1,200 sign petition to get organisations to register their SMS sender IDs to thwart bank scams

Nearly 470 customers lost at least $8.5 million in SMS phishing scams involving OCBC last month. ST PHOTO: CHONG JUN LIANG

SINGAPORE – An online petition to get the Infocomm Media Development Authority (IMDA) to enforce pre-registration for SMS sender IDs has received more than 1,200 signatures on Change.org.

The petition comes in the wake of a scam which saw syndicates send almost 470 OCBC customers spoof SMS messages which appeared to victims as SMSes sent by “OCBC”.

It resulted in customers losing at least $8.5 million in total in December last year.

It is currently not mandatory for anyone to pre-register their SMS sender IDs.

But those who started the petition note that 51 countries around the world has such a requirement, including Thailand, the Philippines and Indonesia. 

The person who initiated the petition wrote: “All we need to do is require people and companies to register with authorities before they are allowed to use the sender ID. 

“We can stop many SMS phishing attempts in Singapore with this.”

IMDA had launched a pilot programme in August 2021 to allow organisations to register SMS sender IDs they wish to protect.

The Singapore SMS SenderID protection registry pilot scheme was launched in collaboration with the Monetary Authority of Singapore. By registering, it said unauthorised use of the protected sender alphanumeric IDs will be blocked.

The Straits Times visited OCBC’s main branch at Chulia Street on Monday (Jan 17) afternoon to speak to customers. Of the 50 polled, 35 said they were worried about becoming victims of scams themselves.

Mr Joey Lim, 53 and the owner of an automobile company, said: “We’re very worried as we have a few business accounts with OCBC and most transactions are done over the Internet.”

But Ms Alice Jessica Pratjino, 19, said she only opens OCBC SMSes to enter a one-time pin after an online purchase.

“Otherwise, I don’t react to them,” she added.

Ms Sarah Ong, a 21-year-old student, had received a spoof SMS on Dec 29 last year. 
The message claimed that an unknown payee had been added to her account.

“I clicked on the link and was keying in my account details because I was panicking,” she said. However, while entering her bank account details, she decided to check her bank app instead.

There was no pending payee listed, and Ms Ong realised that the SMS she received might have been a scam. A few days later, she read the news reports about OCBC customers losing their money in SMS phishing scams.

Victims include a young couple in their 20s who lost $120,000, and a 38-year-old software engineer who lost about $250,000 of his savings.

Ms Ong said she is sticking with OCBC.

“I’m hoping for the bank to take corrective action regarding their internal security,” she added.

Join ST's Telegram channel and get the latest breaking news delivered to you.