SINGAPORE - The police have warned the public against falling for DBS and POSB phishing scams that trick users via SMS.
In a joint statement on Thursday (Nov 22), the police and DBS Bank said there has been a resurgence of such scams, where victims were deceived into providing their Internet banking details on fraudulent websites after clicking on phishing URLs in SMSes purportedly sent by DBS or POSB.
The police have received more than 50 reports of such incidents since Sept 20, the statement said.
After clicking on the URL, the victims discovered that a new payee had been added to their bank accounts and unauthorised transactions were made.
Some examples of fake SMSes include one that claimed suspicious activity was detected in the bank account, and another that said all transactions have been suspended.
Customers were then directed to click on a link to confirm these details.
Bank customers who clicked on the links in the SMS were redirected to a non-DBS website, such as posb.validation-details.info, dbs.account-access.info or posb.account-certification.in.
The police have also detected two other types of phishing scams since Nov 14, it said in the statement.
In the first variant, scammers would post fake job advertisements on popular classified websites, such as Gumtree, to recruit surveyors, food and beverage staff members or order assistants.
Precautions to take
The public is advised to take the following precautions:
- Be alert and always verify the details in messages from banks. Always check that the message reflects your intended actions and do not proceed or authorise suspicious transactions.
- Beware of phishing websites that may look genuine. Always type in the full URL of the bank (e.g. www.dbs.com.sg or www.posb.com.sg) into the address bar or use the official mobile banking application to ensure that you are using legitimate banking services.
- Do not disclose your Internet banking details such as account username, Personal Identification Number (PIN) or One-Time Password (OTP) to anyone through phone, e-mail or SMS - including bank staff or law enforcement officers.
- Never reply to unsolicited SMSes or e-mails. Responses to such SMSes or e-mails could be used by fraudsters to socially engineer information or trick users into performing unwanted actions.
- Call your bank using the hotline published on the bank's website if you notice unknown transactions appearing on your account or to verify if your bank account has been locked. Do not use the numbers provided in the phishing SMSes (if any), as they may be compromised.
- Ensure that your bank account is used only for your personal banking needs.
- Ignore or decline all requests by online acquaintances to use your bank account for transfer of money to purchase Bitcoins.
- If you suspect that you have received an unknown sum of money in your bank account, report it to the bank and the police immediately.
- If the unknown sum of money is still in your account, do not transact it in any way.
- Call DBS immediately on 1800-111-1111 (Personal Banking) or 1800-222-2200 (Business Banking) if you notice unknown transactions appearing on your DBS/POSB account.
Unsuspecting victims who applied for the job via the e-mail directwarehousestock @ gmail.com would then receive an e-mail reply from derbysinfo @ gmail.com, stating that they have been accepted for the job.
The scammers would then ask the victims for personal information like bank account details.
The victims would then be directed to withdraw money, supposedly transferred from the company into their bank accounts, and deposit it into Bitcoin ATMs.
However, police said the money that victims withdrew was, in fact, money from bank accounts of other phishing scam victims.
The victims had also clicked on the URLs in SMSes sent by the banks.
A second type of scam involves scammers befriending social and online gaming platform users before asking them to buy Bitcoins.
After agreeing to help buy the Bitcoins, the scammers would ask for the victim's bank account details to transfer the money to them.
The users were subsequently told that they could keep a portion of the money as commission.
However, they were required to withdraw the rest of the money and deposit it into Bitcoin ATMs to complete the purchase.
Similar to the first variant, the money that victims received were transferred from the bank accounts of other phishing scam victims.
In the statement, the police and DBS Bank warned the public that such phishing scams can target any bank customer.
The public can visit https://www.dbs.com.sg/security for latest security alerts by DBS.
The police also reminded the public to be wary of requests to receive and transfer money, as such acts may be facilitating money laundering.
Those who receive or are asked to receive funds from unknown or dubious sources should lodge a police report immediately.
By withdrawing the money and depositing them into Bitcoin ATMs, the victims in the two variants of phishing scams may also have unwittingly become money mules, and may be investigated for money laundering offences.
Anyone found guilty of money laundering may face a jail term of up to 10 years, fined up to $500,000 or both.
Those seeking scam-related advice may call the anti-scam helpline at 1800-722-6688 or go to www.scamalert.sg