'Banks do not send SMS with links': $446k already lost to scams in 2024

SINGAPORE — Banks do not send their customers clickable links on SMS, said the Singapore Police Force (SPF) and DBS Bank in a reminder to the public on Jan 14.

Since December 2023, there have been more cases of scammers impersonating banks or bank staff to obtain victims’ banking credentials via SMSes.

The first two weeks of 2024 saw at least 219 victims suffer total losses amounting to at least $446,000, the SPF and DBS said in a joint statement.

This is the second time in January that the police have issued an alert on the issue.

On Jan 5, they said that at least 83 victims had fallen prey to DBS phishing scams since the start of 2024, with total losses amounting to at least $155,000.

Victims were misled into clicking on links in unsolicited SMSes.

In these SMSes (bearing overseas numbers, local numbers, or short codes), the scammers claim to represent DBS/POSB Bank, and warn their victims of "possible unauthorised attempts to access their DBS/POSB bank accounts".

Next, the victims are urged to click on the embedded URL links to "verify their identities and stop the transactions".

After clicking on the links, the victims are directed to spoofed DBS websites and misled into providing their Internet banking credentials and one-time password (OTP), which the scammers use to make unauthorised withdrawals.

Since early 2022, all banks have removed clickable links in e-mails or SMSes to their retail customers.

This measure is among safeguards that banks have implemented to combat phishing scams, such as lowering the default threshold for funds transfers, transaction notifications to customers and increasing the frequency of scam education alerts.

The police and DBS advised members of the public to adopt these precautionary measures to protect themselves from being scammed:

• Add – Install the ScamShield app to protect against scam calls and SMSes. Set up security features like transaction limits for Internet banking transactions, and two-factor or multi-factor authentication for banks and e-wallets.
• Check – Be wary of links in unsolicited SMSes that lead to a bank’s website. Never disclose personal or banking credentials, including OTPs, to anyone. Verify the authenticity of claims of problems with bank account or cards issued by the bank with the official bank website or sources. DBS will never send customers clickable links via SMS. Neither will its employees call customers to ask for Internet banking credentials or OTPs.
• Tell – Tell the authorities, family and friends about scams. Report any fraudulent transactions to DBS immediately.

Customers who suspect they are scam victims can call DBS’ dedicated fraud hotline on 1800-339-6963 (from Singapore) or (+65) 6339-6963 (from overseas).

Customers can also activate the Safety Switch to temporarily block access to their funds.

DBS will assist customers with follow-up actions, including replacing their cards and lodging a fraud report.

If you have information of such crimes or if you are in doubt, call the police hotline on 1800-255-0000, or visit www.police.gov.sg/iwitness to submit information online. All information will be kept confidential. If you need urgent police assistance, dial 999.

For information on scams, visit www.scamalert.sg or call the Anti-Scam Helpline on 1800-722-6688.

ALSO READ: WP's Jamus Lim proposes scam victims should bear no more than $500 in losses

This article was first published in The Straits Times. Permission required for reproduction.