7 arrested for alleged involvement in SMS banking-related phishing cases
There were police reports of scammers impersonating DBS Bank or the bank's staff through spoofed SMSes to phish for victims’ banking credentials. ST PHOTO: GIN TAY
Fatimah Mujibah
SINGAPORE – Seven people aged 18 to 27 were arrested for their suspected involvement in a recent spate of SMS banking-related phishing scam cases.
They were nabbed after an islandwide anti-scam enforcement operation conducted by officers from the Commercial Affairs Department on Jan 15 and 16, the police said on Jan 16.
Preliminary investigations showed that those who were arrested had allegedly facilitated the scam cases by sharing their bank accounts and Internet banking credentials, and/or disclosing Singpass credentials for monetary gains.
In January, the police received several reports of SMS banking-related phishing scams, where scammers would impersonate DBS Bank or the bank’s staff through spoofed SMSes to phish for victims’ banking credentials, resulting in unauthorised transactions made from the victims’ bank accounts.
In these cases, the victims received unsolicited SMSes – from both overseas and local numbers, or short codes – claiming to represent DBS/POSB bank.
The SMSes warned the victims of possible unauthorised attempts to access their DBS bank accounts and instructed them to click on the embedded URL links to verify their identities and stop the transactions.
The victims were directed to spoofed DBS Bank websites after clicking on the links, and were misled into providing their Internet banking credentials and one-time passwords (OTPs), which the scammers were able to use to make unauthorised withdrawals.
Six of the seven people arrested, aged 19 to 27, will be charged in court with the offence of abetting unknown persons to secure unauthorised access to the bank’s computer system.
First-time offenders can be jailed for up to two years, or fined up to $5,000, or both.
An 18-year-old male teenager will be charged in court with the offence of disclosing Singpass credentials.
First-time offenders can be jailed for up to three years, and fined up to $10,000, or both.
The police reminded the public to always reject requests by others to use their bank account or cellphone lines, as they will be held accountable if these are linked to crimes.
The police advised the public to download the ScamShield app and set up security features, such as enabling two-factor or multifactor authentication for banks, and transaction limits on Internet banking transactions, including PayNow and PayLah.
Before sharing banking credentials over the phone or on WhatsApp, people should check with authorised sources, as the police do not ask for banking credentials and OTPs via such channels, they said.
If their banking details have been disclosed, people should report it to the bank immediately.
If social media users’ accounts have been compromised, it should be reported to the respective platforms, and their friends should be informed so that they do not fall prey to scammers who may use the compromised social media accounts for impersonation purposes.
For more information on scams, members of the public can visit www.scamalert.sg or call the anti-scam hotline on 1800-722-6688.
