Netflix, SingPost, StarHub phishing scams spike as more rely on digital services amid Covid-19

Scammers have been sending phishing e-mails pretending to be from popular online services.
Scammers have been sending phishing e-mails pretending to be from popular online services.PHOTOS: JOEL CHAN, REUTERS, STARHUB/FACEBOOK

SINGAPORE - Did you get an e-mail or text message from Netflix asking you to update your payment details? Do not click on it as it is most likely a phishing scam, since the streaming giant does not ask for credit card or bank account details via e-mail and texts.

With more people turning to popular online services such as Netflix while they stay at home amid the pandemic, scammers have been targeting these users, leading to a spike in non-banking-related phishing scams this year.

Police told The Straits Times that there were 238 non-banking-related phishing scams reported between January and June, a huge jump from the seven reported in the same period last year. There are likely more of such scams since.

In the first half of 2020, the amount of money cheated through such scams was about $268,000, which is 67 times the $4,000 duped during the same period last year.

Besides impersonating Netflix staff, scammers also sent phishing e-mails pretending to be from SingPost, StarHub and PayPal, as more people turn to digital offerings to do everything from remote working to shopping and entertainment.

Mr Stephan Neumeier, managing director for Asia-Pacific at cyber-security firm Kaspersky, told The Straits Times: "Cyber criminals are taking advantage of this seismic shift in digital habits to launch social engineering attacks such as phishing e-mails. By including hot topics and phrases related to their online activities like shopping and streaming entertainment in their messages, the chances of an unsuspected user clicking infected links or malicious attachments increase tremendously."

Phishing scams work through impersonation that is convincing in order to trick victims into giving sensitive banking details and passwords. For example, a phishing e-mail claiming to be sent by Netflix may trick people into clicking on a Web link, which then redirects them to fraudulent websites asking them for their credit card numbers.

A spokesman for the Cyber Security Agency of Singapore (CSA) advised members of the public to stay vigilant and be wary of e-mails or text messages that use "urgent language", such as threats of being logged out of their accounts if they do not update their account details or payment information promptly, or offers that may sound too good to be true.

Users should not click on any unknown links or respond to such requests, and neither should they provide their personal details, financial information or passwords if they are unsure of the authenticity of the request, added the CSA.

 
 
 
 

Last week, the police warned in an advisory that as the year-end online shopping events approach, members of the public may be exposed to more of such phishing scams as fake online offers become more widespread.

Typically, the later half of the year sees a proliferation of popular e-commerce events across most shopping platforms, such as 9.9 on Sept 9, 10.10 on Oct 10, and the famous "singles' day" sale on Nov 11.