#BeAProAgainstCons with OCBC's security measures and anti-scam tips
This scam usually sees targets being contacted by someone claiming to be a member of a legitimate business, bank, or government official. The scammer will ask them to reveal personal details to resolve a supposedly urgent issue, with the intent of stealing those details to commit fraud.
They might threaten their targets, demanding that funds be transferred to them.
The common approach:
Pretend to be someone they are not
Scammers prey on people’s fears and have been found to impersonate bank staff, Singapore civil servants – including police officers, court officials and staff of the Ministry of Health or the Monetary Authority of Singapore (MAS) – and overseas government officials.
Make unsolicited approaches
They will contact their targets – unsolicited – via phone, email, SMS or other messaging apps. They will ask for personal details, bank account details, digital banking login credentials, One-Time Passwords (OTPs) and more.
Common scam tactics to look out for:
Use urgency and fear to demand action
They will use scare tactics to get their targets to act quickly. These may include:
- Claiming that a bill is overdue and that it must be paid immediately to avoid a court summons.
- Claiming their target has committed an offence and that he/she must confirm their personal, banking or Singpass details for the ‘case’ to be processed and/or before they can reveal further information.
- Claiming that there is an issue with the target’s bank account (or other accounts where financial details are stored) and that their account/funds are frozen or at risk of being compromised – unless the target gives them their details and/or grants them access.
- Claiming that they need to transfer the call to the police or a government official for further investigation.
- Threatening their targets by saying that they will escalate the matter if the victim does not cooperate.
Pretend to be there to help the target
On the pretext of resolving the issue, the scammers may ask their target to provide their digital banking login credentials, credit/debit card details and/or OTPs – this will allow them to make fraudulent transactions and/or electronically set up GIRO arrangements to get funds without the target’s authorisation.
Under the guise of foreign police or government officials who are supposedly investigating offences in Singapore or overseas, the scammers may ask their target to apply for an Internet banking service or reveal their login credentials. This will allow them to take control of their target’s banking account(s) and move the target’s funds to their own (sometimes untraceable) accounts.
On the pretext that they need the target to verify their identity, the scammers may ask the target to scan a Singpass QR code placed on a phishing site – enabling them to steal the target’s personal details to commit a variety of fraudulent and criminal activities.
Impersonation scams come in many forms and can include:
Bank impersonation scams
The victim will receive a call from someone pretending to be from a bank asking to discuss certain ‘issues’ with financial transactions made on their accounts or cards. When victims respond that they are not aware or made such transactions, scammers will then tell them they need to ‘transfer’ the call to a police or government (e.g. MAS) officer for investigation. The call is then forwarded to another scammer, part of the same criminal network, who will identify themselves as the officer and trick the victim into providing their personal information and bank account details under the guise of solving their issue.
Some scammers may even use the names of real police or government officers to gain the trust of the Victims.
Social media impersonation scams
Scammers will often use compromised or spoofed social media accounts to impersonate their target’s friends or followers on Facebook or Instagram. They use this to ask their targets for personal details such as mobile number, internet banking account details and OTP on the pretext of helping their targets sign up for (fake) contests or promotions. Victims later discover that fraudulent transactions have been made from their bank accounts and mobile wallets.
Fake friend call scams
Victims of this scam usually receive calls from unknown numbers, where the scammers will ask them to guess who they are. Believing that they were acquainted, victims would then reveal the name of the person who they thought most resembled the caller’s voice. The scammers then assume the identity of that friend and claim to have lost their handphone or changed their contact number. Other times, they will claim to be a long-lost friend and use vague details about themselves and their supposed past relationship to trick their victims into believing them. They will then often proceed ask their victims for urgent financial assistance, with the promise of paying them back soon, and get them to transfer money to unknown bank accounts. Victims then only discover that they have been scammed after contacting their actual friends or trying to contact the original caller back and never getting an answer.
-
Be sceptical
Impersonation scams usually start from unsolicited calls or requests.
Do not trust lofty promises, deals that seem too good to be true, or individuals who call or message you – unsolicited – to ask you to divulge personal information over the phone.
Banks will never transfer calls to external parties like the Police or government officials. Neither the Police, government (e.g. MAS), nor bank officers will ever ask you to transfer money or disclose your online banking credentials. -
Do not give in to pressure
Never make financial decisions, give away sensitive details about yourself or anyone you know or sign any documents under pressure. -
Ignore, block and report
When contacted, hang up immediately if the caller cannot properly identify themselves.
Do not call any numbers or click on any links in SMSes that claim to be from OCBC. OCBC will never send you SMSes or emails with clickable URLs. Block and report the number used to contact you. -
Do your checks
Always verify the authenticity of the information shared with you, or requests made to you, by contacting the organisation directly (e.g. at their website or email address, or via their app or hotline).
To ensure you are on the correct website, personally enter the URL of the organisation’s website that you intend to visit into your browser’s address bar. View a list of OCBC’s official contact and banking channels.
If in doubt, seek a second opinion from someone you trust. -
Be alert
Enable transaction alerts for your bank accounts and credit cards. Learn more about transaction alerts from OCBC, discover how to set up transaction alerts for card and deposit transactions via the OCBC app, and select your preferred notification channels and threshold limits.
To ensure you receive OCBC alerts and notifications, let us know immediately if you change your mobile number or email address. Learn how to update your contact details.
Always read your bank notifications carefully and notify us immediately if any transactions shown are not made by you. -
Keep your accounts secure
Do not key your personal information and banking details into unverified webpages.
Stay vigilant and never give out your Online Banking login credentials (i.e. Access Code and PIN), card details or One-Time Password (OTP) to anyone, including people claiming to be from OCBC. OCBC employees will never ask you to reveal your PIN/OTP or transfer funds to personal accounts.
Log in to OCBC Internet Banking by typing out www.ocbc.com directly into your browser, or via the OCBC app to make sure that your log in is secure. If you suspect that your account has been compromised, call us at 1800 363 3333 (or +65 6363 3333 if you are overseas) and press 8 to report fraud or temporarily freeze all your accounts. You can also activate the emergency kill switch via the OCBC app and selected OCBC ATMs. -
Protect your money
Do not send money to someone whom you have not met.
Be responsible for all banking transactions involving your account and do not allow others to perform transactions on your behalf. You may be unknowingly laundering money for criminals – this is a criminal offense that carries hefty fines and prison time.
Never authorise a transaction or login unless you know its purpose.
Set daily transaction limits for payments and transfers according to your preference via OCBC Internet Banking or the OCBC app. -
Take precautions
Enable two-factor authentication (2FA) for each of your online accounts for services such as email, social media, and online shopping, to list a few. This provides your accounts and personal data with an additional layer of protection.
Be wary of any calls with the ‘+65’ prefix and of international calls with the ‘+’ prefix where the caller claims to be from a legitimate business, government, or organisation such as your bank, especially if you are not expecting an international call. When in doubt, verify the identity of the person(s) and the organisation(s) by calling their hotline numbers.
The +65 prefix was implemented by Singapore’s Ministry of Communication and Information with telcos in 2020. The purpose is to alert the public that these are calls coming from overseas and that the public should not pick up such calls if they are not expecting anyone calling from overseas. -
Keep yourself up to date
Visit the National Crime Prevention Council’s website at www.scamshield.gov.sg to learn – and take a short quiz – about the latest scams and how to avoid being a victim.
Witnessed something suspicious and unsure if it’s a scam? Call and check with the ScamShield Helpline: 1799
Call us
Contact the Police and file a report
Find out what information you will need to share if you have fallen prey to a scam.
Contact the platforms involved
Spread the word
Unsure if it's a scam? Call and check with the ScamShield Helpline: 1799