Resurgence Of Phishing Smses Targeting Bank Customers And Emergence Of Two Variants Of Phishing Scams
The Police and DBS Bank would like to alert the public on a resurgence of phishing Short Message Service (SMSes) purportedly sent by DBS/POSB. Since September 2018, the Police have received more than 90 reports from victims who were deceived into providing their internet banking details on fraudulent websites, after clicking on phishing URLs in SMSes purportedly sent by DBS/POSB. Subsequently, the victims discovered that a new payee was added to their bank accounts and unauthorised transactions were made.
If a customer clicks on the link, they will be redirected to a non-DBS website, such as the following:
The Police would also like to reiterate that since 14 November 2018, two other variants of phishing scam have been observed.
In the first variant, the scammers would post fake job advertisements on popular classified websites such as Gumtree to recruit surveyors, food & beverage staff or order assistants. Unsuspecting victims who applied for such jobs via the email address directwarehousestock[@]gmail.com would then receive an email from derbysinfo[@]gmail.com, stating that they have been accepted for the job. The scammers will then follow up with the victim to ask for their personal information like bank account details. As part of their job, the victims were then directed to withdraw money, supposedly transferred from the company into their bank accounts, and deposit them into Bitcoin Automated Teller Machines (ATMs). Unknown to these victims, the monies that they have withdrawn were transferred from the bank accounts of other phishing scam victims who had clicked on phishing URLs in SMSes purportedly sent by the banks.
In the second variant, the scammers would befriend users of social and online gaming platforms, requesting for their assistance to purchase Bitcoins. After agreeing to help purchase the Bitcoins, the scammers would request for the victim’s personal information like bank account details to transfer the money to them. The users were subsequently told that they could keep a portion of the money as commission, instructed to withdraw the rest of the money, and deposit into Bitcoin ATMs to complete the purchase of Bitcoins. Similar to the first variant, the monies that they have received were transferred from the bank accounts of other phishing scam victims who had clicked on phishing URLs in SMSes purportedly sent by the banks.
The Police and DBS Bank would like to caution members of the public that such phishing scams can be targeted at any bank customers. Members of the public are advised to take the following precautions with regard to such scams:
a. Be alert and always verify the details in messages from banks. Always check that the message reflects your intended actions and do not proceed with or authorise suspicious transactions.
b. Do not click on the URL links in the phishing SMSes and beware of phishing websites that may look genuine. Always type the full URL of the bank (e.g. www.dbs.com.sg or www.posb.com.sg) into the address bar or use the official mobile banking application to ensure that you are using legitimate banking services.
c. Do not disclose your Internet Banking details such as account username, Personal Identification Number (PIN) or One-Time Password (OTP) to anyone through phone, email or SMS � including bank staff or law enforcement officers.
d. Never reply to unsolicited SMSes or emails. Responses to such SMSes or emails could be used by fraudsters to trick users into providing information or performing unwanted actions.
e. Call your bank using the hotline published on the bank’s website if you notice unknown transactions appearing in your account or to verify if your bank account has been locked. Do not call the numbers provided in the phishing SMSes.
f. Ensure that your bank account is used only for your personal banking needs.
g. Ignore or decline all requests by online acquaintances to use your bank account for transfer of money to purchase Bitcoins.
h. If you suspect that you have received an unknown sum of money in your bank account, report it to the bank and the Police immediately. If the unknown sum of money is still in your account, do not transact it in any way.
i. Please call DBS immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking) if you notice unknown transactions appearing on your DBS/POSB account. For the latest security alerts by DBS, please refer to https://www.dbs.com.sg/security.
The Police would also like to take this opportunity to remind the public to be wary of requests to receive and transfer monies, as such acts may be facilitating money laundering. If you receive or are asked to receive funds from unknown and/or dubious sources, please lodge a police report immediately, and do not deal with the funds. By withdrawing the monies and depositing them into Bitcoin ATM, the victims in the two variants of phishing scams may also have unwittingly become money mules, and may be investigated for money laundering offences. Anyone found guilty of money laundering under Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act, shall be punished with an imprisonment term which may extend up to 10 years, fined up to $500,000/- or both.
If you wish to provide any information related to such scams, please call the Police hotline at 1800-255-0000, or submit it online at www.police.gov.sg/iwitness. If you require urgent Police assistance, please dial ‘999’.
To seek scam-related advice, you may call the anti-scam helpline at 1800-722-6688 or go to www.scamalert.sg. Help spread the word and share this advisory with your family and friends to prevent them from becoming the next victim of scam.
Source: Singapore Police Force