Gone fishing: Phishing scams 101

ScamAlert Advisor | 05 Apr 2019

Have you ever received a suspicious-looking email or SMS asking you to provide your personal information such as your bank account numbers, One-Time Passwords (OTP) or credit card numbers? Chances are, you have been targeted in a phishing scam.

What are phishing scams, exactly? They are attempts by scammers to fool you into providing your personal information so they can access your hard-earned money. “Phishing” is a broad term that covers anything from emails and phone calls to SMS and social media messaging.

You’re probably already familiar with the estranged Nigerian prince seeking financial aid to regain his rightful throne. So let’s take a look at some of the more current phishing scams going around these days, the tools that scammers use, and how you can protect yourself from becoming an unwilling Automated Transaction Machine.

 Phishing msg

“Dear UOB customer, due to suspicious activity, we will be blocking your account. Please send your OTP to verify your identity.”

Sounds legit right? It’s not. Banks will never request for your OTP over the phone, SMS or through emails. OTPs are only used on ibanking websites and your bank’s mobile app. That’s not the only thing you should look out for, though. You’ll also have to read the message carefully and look out for red flags such as grammatical errors, abusive language and dodgy URLs.

SMS phishing (also known as SMiShing) scams used to be easy to spot by their obviously fishy (pun intended) caller ID numbers. However, scammers have grown with the times and adopted caller ID spoofing techniques that allow them to mask their real numbers.

 Two messages combined

Recently, victims have reported that they received SMSes from SingPost telling them that they had won a lucky draw and were asked to claim their “prize” by clicking on a link. Others have received similar SMSes from their “banks”.

One lady did not suspect anything when “UOB” sent her an SMS asking her to click on a link in order to prevent her account from being blocked. She assumed that it was a legitimate request as the message came from the same number that the bank had used for sending her official OTPs previously. She complied and was instantly down by $4,000.

SMSes aren’t the only platform that scammers use, though. Victims have received calls from “SingTel Customer Service Officers” telling them that their mobile lines were about to be cut due to their involvement in criminal activities. They were then intimidated into providing their personal information, which was subsequently used to clear out their bank accounts.

Phishing scams are everywhere these days, and the scammers who attempt them are getting smarter. They are adopting new methods of deception. And although these are not sure-fire ways to identity phishing scams, they are a good place to start. Let’s stay one step ahead of these scammers. Let’s educate ourselves. Let’s Fight Scams.