Skip to main content

Scam Sign: OTP Requests – Phishing Scam

Updated

What is it?

You receive a call, text or email soliciting personal information in order to claim a prize, secure your online accounts or to help investigate fraudulent transactions.

Fake websites are created to look identical to the official sites of organisations or banks, but with a slightly different web address. If you input your personal details, PINs or OTPs in these fake websites, your information and money are at risk of being stolen by criminals.

How to stay safe? 

  • Look out for “+” numbers
  • Don’t give anyone confidential information
  • Identify and verify
  • Don’t access suspicious links

Case Study: Development Bank of Singapore (DBS) Phishing Scam 

During the first two weeks of 2024, about 219 customers of the Development Bank of Singapore (DBS) fell victim to Phising scammers. They lost approximately S$446,000 (US335,000) in total. 

The victims received SMS or WhatsApp messages informing of unauthorised withdrawal / PayLah transaction, with a clickable URL to verify the transaction. 

The URLs directed the victims to lookalike DBS/POSB websites (i.e. stopsg.dbsnowsg.cloud; paylah.dbsbanksg.cc; sgs.dbsnowsg.work stop) where victims are deceived into providing their banking credentials in the fake websites. 

 

Scam Type Key Scam Signs Accompanying Advisories
Phishing Scam

Common signs of phishing are:

  1. Clickable links from unsolicited/random emails, messages, images, or advertisements
  2. Spoofed website addresses (e.g. www.m1cr0soft.1234.com.co)
  3. Unsecured website images (e.g. websites without lock icon and https:// in the address bar)
  4. Requests for your one-time passwords (OTPs), personal, or banking details
  5. Prompts you to download attachments or third-party apps outside official app stores

[For bank phishing] Victims will receive SMS alerts about potential unauthorised access to their bank accounts, prompting them to click on embedded URLs to verify their identity and stop the transactions. 

 

[For e-comm/parcel delivery phishing] Messages or emails are designed to look like they were sent by postage and eCommerce logistics companies such as Singapore Post (SingPost) and contains phishing link. 

ADD

  • Add and use only official banking apps downloaded from official app stores (Google Play Store or Apple App Store) to make transfers or payments
  • Add ScamShield app and set security features such as 2FA for banking apps, social media and Singpass accounts. Set transaction limits on internet banking transactions, including PayNow and PayLah

CHECK 

  • That you do not use clickable links or QR codes provided by unknown persons to make payments/transfers, as these lead to fake bank websites that phish for your banking credentials
  • Never disclose your personal information, internet banking, social media account details, and one-time passwords (OTPs) to anyone
  • Always verify the authenticity of unsolicited clickable links you receive and check the webpage addresses for discrepancies 

TELL

  • Warn your friends and family about your scam encounter
  • Call your bank immediately and make a police report if you think you have fallen victim

[For bank phishing] 

  • Banks will never send you any clickable links via SMS
  • Legitimate SMSes from banks will reflect their officially registered SMS Sender ID

[For e-comm/parcel delivery phishing] 

  • Verify the authenticity of the information with company or e-commerce platform directly
  • Use only official banking apps downloaded from official app stores (Google Play Store or Apple App Store) to make transfers or payments
  • Set transaction limits on internet banking transactions, including PayNow and PayLah. 

 

Related to

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk