In December, Singaporeans lost over S$8.5 million to scammers. Of this sum, about S$2.7 million was lost to phishing scams masquerading as OCBC over the Christmas weekend alone.
Some scammers are even worse than scum, and continue to prey on the same victims by running a “recovery room” scam. This basically exploits our feelings of loss and shame, and how the scammers do it is that they pretend to be someone who can help you get back your money, such as a “bank officer”, the “police”, or the “CIA”, or even the “FBI” (don’t laugh – that’s exactly what happened to my mom).
READ NEXT
It is sad but this will continue to happen if we’re not careful. And while this time the scammers pretended to be OCBC, it could very well be DBS or UOB tomorrow, or even SingPost, the police, the Ministry of Health, or any other institution.
When you click on suspicious links or input your login details into fraudulent websites, it is extremely difficult for the bank / PayPal / financial institution to be able to verify whether that particular transaction is authentic or not.
It’s not really possible to point fingers and say, “SingTel should have been more careful!” “OCBC / DBS should have warned us!” – the truth is, scammers are always changing tactics.
Once a number has been flagged as a potential scam number, they can easily just buy a new SIM card and use a new contact to continue cheating more victims.
Once a scam tactic has been exposed, they can easily change their story.
So if you don’t learn how to be careful and protect yourself, you may very well become the very next victim.
And the worst thing is, you’re not likely to get any of the money back. By the time you realised you’ve been scammed, the scammers would have likely already made multiple transactions and transfer to hide their digital footprints, making it extremely difficult to trace it back to them.
Based on what we’ve seen so far, there are more than one type of scams:
- Parcel / Delivery scam
- E-commerce scam (cash on delivery)
- Tech support scam
- Pretending to be government e.g. “police” scams, “MOH” covid-19 scams
- Job scams
- Love scams
- Investment scams
- Phishing scams
One can only imagine that more versions and scams will evolve and we’ll be adding to that list as the years go on. Here’s a quick summary of (updated) tips on how you can try to keep safe:
Do not pick up any calls from a number that starts with a +65. That’s just an overseas scammer masking their identity as a local line to cheat you.
If you are using an iPhone, download the ScamShield app here which should help to protect you against known scam numbers that have been reported to the police.
And my mantra is, if someone needs to reach you urgently, they can always find other ways to contact you.
No decent institution or organisation will ever send you a bit.ly link! (and any that does is being very unprofessional so you can ignore them).
It will only take a few seconds for you to run a Google search to verify if a link is legitimate.
Earlier this year, even my husband nearly fell prey to a Singpost SMS scam where the URL was singpost.sg. While it looks legit, a quick search online will show you that the URL is fake.
I also almost got fooled by a Singpost scam SMS a few months ago which contained a perfectly legitimate-looking URL (of which I can no longer recall, because I’ve deleted the SMS). The SMS was supposedly for tracking the status of a delivery, and coincidentally, I was indeed expecting a registered parcel from Singpost at that point in time as well.
The website also looked exactly like Singpost’s, but when I scrolled down and tried clicking around to confirm, I realized that the “Investor Relations” link did not work. Which makes no sense, because any listed company will definitely make sure their IR page is working.
That little error by the scammers saved me from putting in my personal details into that dodgy-but-perfectly-legitimate-looking website.
But now that this has been shared, I won’t be surprised if future scammers make sure their IR links is working. They adapt fast, you see.
Before you fill in and submit any personal details, make any payments or even right before you click any links, it never hurts to check with someone you trust.
A second eye might very well spot something that you’ve overlooked.
If you’re lazy and don’t even want to double-check, then the fault is entirely on you.
If you tried checking but the official source(s) aren’t responding / are slow to respond, you can always just ignore the link / payment request / verification request.
If you give scammers your login details, that’s on you.
If you give scammers your OTP, then that’s on you too.
So…just don’t.
An OTP could be a sign that someone has logged in with your online banking credentials (or credit card/account details) and is trying to make a payment, which triggered the OTP SMS. So if you’re not doing any transactions then, this would be one red flag to check.
Sometimes, it could be a genuine error – this happened in my case where someone transacted on a platform and accidentally keyed in my phone number while setting up their 2FA. I immediately called DBS to check when I received the OTP SMS.
It never hurts to double check.
Text: SGBudgetBabe