477 cases of PayNow phishing scams in 2021, with victims losing $3.4k each: Tharman

SINGAPORE - There were 477 cases of banking-related phishing scams involving PayNow transactions in 2021, with victims losing about $3,400 each.

In the first half of 2022, such scam cases stood at 133, with a median loss of $1,200, said Senior Minister Tharman Shanmugaratnam in a written parliamentary reply on Tuesday.

He was responding to Dr Tan Wu Meng (Jurong GRC), who asked about scams involving PayNow transactions, the median amount each victim lost and what is being done to better protect consumers.

These unauthorised transactions were perpetrated by scammers who deceived bank customers into giving them their digital banking credentials, said Mr Tharman, adding that the recovery rate for unauthorised PayNow transactions was not available.

The police previously warned of an increase in phishing scams where swindlers impersonate bank staff and target victims through phone calls or SMS messages.

In one of these scams, victims received phone calls from people pretending to be bank employees. The callers would ask for the victims' personal details, such as their Internet banking usernames and passwords, under the pretext that the bank needed them to verify transactions in their accounts.

Mr Tharman, who is chairman of the Monetary Authority of Singapore (MAS), noted that two rounds of anti-scam measures by the MAS and the Association of Banks in January and June have strengthened safeguards against unauthorised banking transactions, including those via PayNow.

One such measure is having a $5,000 or lower default transaction limit a day for online fund transfers, and the default notification threshold set at $100 or lower for PayNow transactions.

"Banks have also been adapting their anti-scam defences in response to new attack patterns, for instance, by temporarily lowering the PayNow limit to ward off attacks that may be directed at PayNow users," Mr Tharman added.

In another written parliamentary reply, Law Minister K. Shanmugam said the police will trace the flow of funds and swiftly freeze bank accounts suspected to be involved in the scammers' operations.

Mr Dennis Tan (Hougang) asked for details on whether the police reached out to banks to stop the further use of PayNow for accounts that were used in such scams.

Mr Shanmugam said suspect accounts that are frozen will not be able to accept further transactions of money, including through PayNow.

"The swift freezing of bank accounts is done at the Anti-Scam Centre, where bank staff are co-located with police," he added.

Six banks in Singapore – DBS Bank, OCBC Bank, UOB, Standard Chartered Bank, HSBC and CIMB – have staff co-located at the centre since July.

Mr Tharman said consumers need to stay vigilant and not provide their digital banking credentials to anyone, under any circumstances.

"Do not click on links purportedly sent by banks, as banks will not send you links in SMS or e-mails, and use the banks' official mobile applications for your banking needs to minimise the risk of navigating to fraudulent websites," he said.