OCBC Bank again warns customers of SMS scams attacks with expected surge in attacks over the New Year weekend
OCBC Bank has again warned customers about the recent ‘smishing’ (phishing via SMS) scams impersonating the Bank this month, given the potential surge in attacks this New Year weekend.
On 23 December 2021, OCBC Bank had issued its first media advisory to warn of a surge in these scams and advised customers that these SMSes were not sent from the Bank and not to click any link in these messages.
Between 8 and 17 December 2021, 26 customers reported a loss of about $140,000 to phishing scams. However, scammers’ phishing attacks have become particularly aggressive in recent weeks, especially during the Christmas weekend.
As of 29 December, 469 customers had reported a total loss amounting to $8.5 million to these scams. Over the Christmas weekend (24-26 December), there were 186 customers affected, with about $2.7 million lost on these three days alone.
Once the funds have left the customer’s account, the possibility of recovery is very low. As such, customers remain the first line of defence against such scams.
The Bank would like to alert and remind its customers and members of the public on how the scams operate, so they can avoid falling victim to these scams.
How the scams work
Members of the public receive SMSes purportedly from the Bank claiming there are issues with their bank accounts or credit cards. Scammers typically impersonate the bank through “spoofing” – cloning a legitimate sender’s name and short code (in this case, “OCBC”) via SMS. This enables the scammer’s SMS to appear as if it is originated from a legitimate sender, thus enabling their message to appear in the same thread as legitimate SMSes from the bank. These SMSes contain a link to a fraudulent website disguised as a legitimate bank website requesting for banking information and passwords.
The scam messages usually claim there are issues with the customer’s bank accounts or credit cards and directs customers to a link embedded in the SMS to resolve these issues. Upon clicking the link, customers would be redirected to an illegitimate website and asked to key in sensitive bank account log-in information like their username, PIN and One-Time Password. Using this information, scammers can then transfer monies out of the affected customers’ accounts.
They often reroute the monies through various accounts, making it difficult to track their movement and even harder to recover the cash.
How customers can prevent falling victim to the scams
Here are some reminders on what customers can do to protect themselves: