Singapore Police Force (SPF) said these phishing ads would pop up on Google when users searched for a bank’s contact number with the intention of seeking advice for various reasons. These ads would show up amongst the first few search results and contain fake contact details for the bank, the police said in its advisory note released Wednesday.  Unwitting victims who called these numbers would speak with someone impersonating as a bank employee, who then would proceed to alert them of issues with their bank account, credit or debit cards, or loans. Victims would be instructed to temporarily transfer funds to bank accounts provided by the impersonator, in order to resolve the issue or make payments for outstanding loans.  Some victims would receive SMS messages with headers spoofing the bank’s Sender ID, so these would appear as legitimate communications from the bank. The messages would either contain instructions to reset the victim’s bank account as part of Singapore’s efforts to combat scam or state that the victim had to transfer money for early loan settlement.  “Victims would only realise that they had been scammed when they contacted the bank via the authentic hotline to verify the new bank account number or when the bank contacted them to verify the reason for the large sum of money transferred,” SPF said. Since last month, at least 15 victims had lost more than S$495,000 ($367,775) to these scams, according to the police.  Its latest advisory follows a spate of phishing SMS scams that affected at least 469 customers of OCBC Bank and resulted in losses of more than SG$8.5 million. Some S$2.7 million alone was lost over the recent three-day Christmas weekend and several victims reportedly lost their life savings. The bank has since promised to make full restitution of losses to all victims of the scams.  Industry regulator Monetary Authority of Singapore (MAS) on Wednesday also introduced additional security measures that banks would have to implement, in light of the OCBC scams. These measures include the removal of hyperlinks from email or SMS messages sent to consumers and a 12-hour delay in activating mobile software tokens.  Banks also would have to set up dedicated and “well-resourced” customer assistance teams to deal with customer feedback on potential fraud cases.  MAS said the new measures, which should be deployed within two weeks, aimed to strengthen the security of digital banking. “MAS is also intensifying its scrutiny of major financial institutions’ fraud surveillance mechanisms to ensure they are adequately equipped to deal with the growing threat of online scams,” it said.

Singapore must clamp down on security inertia before digital banking era can take offSingapore pushed to introduce security measures amidst online banking scamsFirms need better breach response, clear regulatory guidelinesSingapore digital banking era will put focus on SMBs, consumer trustFew Singaporeans able to identify all phishing email: surveyAssume breach position does not mean firms get to skip due diligence in cybersecuritySingapore must return data control to users to regain public trust