Amid the persistence of SMS bank phishing scams, the Police and DBS Bank would like to alert and remind members of the public that banks will never send clickable links via SMS. Since December 2023, there has been a surge in cases where scammers would impersonate banks or bank staff to phish victims’ banking credentials via SMSes. In just the first two weeks of January 2024, at least 219 victims have fallen prey, with total losses amounting to at least S$446,000.
In these cases, victims would be misled into clicking on links in unsolicited SMSes, before losing monies. In the SMSes from the purported scammers (bearing overseas numbers, local numbers, or short codes), they claimed to represent DBS/POSB bank and warn victims of “possible unauthorised attempts to access their DBS/POSB bank accounts” before urging them to click on the embedded URL links to “verify their identities and stop the transactions”. After clicking on the links, the victims were directed to spoofed DBS bank websites and misled into providing their internet banking credentials and OTP, which the scammers would use to make unauthorized withdrawals.
Since early 2022, all banks have removed clickable links in emails or SMSes to retail customers. This measure is among several other safeguards that banks implemented to combat the spate of phishing scams in 2022, such as lowering the default threshold for funds transfer transaction notifications to customers and increasing the frequency of its scam education alerts.
Scammers are constantly evolving their technology and operations. As banks continue explore measures to protect customers, customers must remain vigilant against scammers.
The Police and DBS advise members of the public to be on heightened alert and to follow these crime prevention measures:
ADD – ScamShield App to protect yourself from scam calls and SMSes. Set security features (e.g. set up transaction limits for internet banking transactions, enable Two-Factor Authentication (2FA), Multifactor Authentication for banks and e-wallets).
CHECK – DBS bank will never send you clickable links via SMS. Neither will its employees call you to ask for your internet banking credentials or OTPs. Be extremely wary of any unsolicited links in SMSes which leads you to a bank’s website. Never disclose your personal or banking credentials, including OTPs to anyone. Always verify the authenticity of claims of problems with your bank account or cards issued by the bank with the official bank website or sources.
TELL – authorities, family, and friends about scams. Remember to spread the word to your loved ones that banks do not send clickable links via SMS. Report any fraudulent transactions to DBS bank immediately.
Customers who suspect they are a victim of a scam can call DBS’ dedicated fraud hotline at 1800-339-6963 (from Singapore) or (+65) 63396963 (from overseas) and speak to a DBS Customer Service Officer, or activate the Safety Switch to temporarily block access to their funds. DBS would assist those customers with necessary follow-up actions including replacing their cards and lodging the fraud report.
If you have any information relating to such crimes or if you are in doubt, please call the Police Hotline at 1800-255-0000, or submit it online at www.police.gov.sg/iwitness. All information will be kept strictly confidential. If you require urgent Police assistance, please dial ‘999’.
For more information on scams, members of the public can visit www.scamalert.sg or call the Anti-Scam Helpline at 1800-722-6688. Fighting scams is a community effort. Together, we can ACT Against Scams to safeguard our community!