Do Not Fall Prey to Scams

Scam Alert 1

Whenever we hear or read about people being victims of scams, our first reaction is usually ‘that won’t happen to me!’.  However, scams are becoming more widespread and sophisticated nowadays. In Singapore, a shocking S$99 million was lost to scams in 2017 alone according to the Police (Source).

What happened to the victims you read or hear about in the media could also happen to your colleagues, friends, family members and even you!

So how can we protect ourselves from scams? We can start by being aware of the types of scams out there.

 

Phishing Scam

What is a phishing scam?  It happens when a scammer tries to lure you into providing sensitive information such as your personal and financial information and passwords by pretending to be from a legitimate source.

Phishing can be done by phone calls, emails, SMS, social media and fake websites. Some examples of common phishing scams include:

  1. Fake emails that instruct you to click on a link to rectify a discrepancy with your account by providing your personal information.

  2. Fake websites that look similar to the official websites but with the wrong web address. The website will trick you into giving scammers your personal details.

  3. Email with use of urgent or threatening language. Cyber criminals hope to instil panic and fear to trick you into acceding to their requests for information. Be wary of emails with phrases such as ‘urgent action required’ or ‘your account will be terminated’.

  4. WhatsApp message from someone pretending to be from a legitimate organisation, asking you for your personal information to claim a prize or special offer.

  5. Email with your name, position, company, work phone number and other information, making you believe that the email is legitimate.

Scam Alert 2
Caption – Left: On 18 March 2018, a scammer posing as Singapore Airlines (SIA) sent WhatsApp messages to victims asking to share a link with friends and enter their personal and bank account details to receive free air tickets; Right:  On 17 March 2018, there was another scam asking victims to complete a survey on a website resembling SIA’s real website. (Source)

 

The SG Bonus SMS scam is a perfect example of a phishing scam that specifically targets Singaporeans.

As most Singaporeans are aware of the SG Bonus and expect to receive an SMS notification sent by the Government, scammers used this opportunity to send out bogus SMSes to try to extract personal information from unsuspecting individuals. If we are not vigilant, we might follow the instructions given in the fake SMS and unknowingly reveal our personal information to scammers. Here is a comparison between the fake and genuine SG Bonus SMSes:

 

Scam Alert 3

Caption –Left: The official SMS from the Government informing you about your SG Bonus sign-up. Right: A fake SMS meant to trick recipients into thinking that it was sent by GOV.SG (Source)

 

The Ministry of Finance (MOF) urges all Singaporeans to be wary of fake SMSes, calls or emails regarding government cash payouts, including the GST Voucher.

Here is a comparison between the genuine SMS from the Government and the fake SMS from scammers in the case of the SG Bonus SMS:

  1. The genuine SMS will not request for personal information from the recipient.

  2. The genuine SMS will show the last three digits and letter of your IC.

  3. The official SG Bonus web link would begin with "https://www.singaporebudget.gov.sg"

These are some ways you can protect yourself against phishing scams:

  1. Never give your personal information such as bank account, credit card details, user account IDs or passwords to untrusted sources.

  2. Cyber criminals will attempt to mislead you into believing that the information you see is genuine, so study the information you receive closely. For emails, hover your mouse cursor over links to reveal the actual URL. If the links are mismatched, it is a strong indicator that something ‘phishy’ is going on. 

  3. Cyber criminals can easily create phishing websites that are visually similar to legitimate websites. To distinguish between real and fake websites, take note of the URL. Cyber criminals often use tricks such as substituting letters in a URL, for example www.paypa1.com instead of www.paypal.com.

  4. Do not feel pressured to reveal your personal information. You can take your time to verify before you respond to any SMS or email. 

  5. Delete suspicious emails and be cautious of SMSes or phone calls from unfamiliar numbers.

If you are a victim of a phishing scam, here’s what you can do:

  • Change your password immediately. If the revealed password is used on your other accounts, change those too. Be sure to use a different password for each of your online account.

  • Alert your bank promptly if you have revealed your banking details or credit card credentials.

  • Report the phishing attempt to the organisation that was misrepresented.

  • Lodge a police report if you have suffered any losses. The police will be able to alert the public if necessary.

 

Online Shopping Scam

Do you get excited when you find a good deal for a product you’ve always wanted?  During festive seasons when sales are happening everywhere, do you have an urge to shop? Well, scammers know that too. That is why e-commerce scam is one of the most common scams in Singapore, with 1,277 cases reported and S$930,000 lost so far in 2018 (Source).

In a recent case, a 19-year-old man was arrested for his suspected involvement in a series of online scams involving the sale of Bruno Mars concert tickets and Universal Studios Singapore e-tickets on Carousell.  After the victims made payments via bank transfers, he became uncontactable. (Source) When a deal seems too good to be true, we should be extra cautious and take steps to protect ourselves:

  1. Check the reputation of the seller or website. Ensure that the seller has a proven track record and good reviews. 

  2. Check if the seller provides assistance and options for refund or dispute. A reputable seller will always provide support for problems encountered.

  3. Pay with a credit card instead of a debit card. Credit cards offer more fraud prevention and protection than debit cards. For extra precaution, you can subscribe to email or SMS notifications for your banking transactions.
  4. Enable two-factor authentication (2FA) for all online transactions. Enabling 2FA for your transactions and account logins gives you an added layer of protection.
  5. Do not perform online transactions over unsecured Wi-Fi networks as cyber criminals can capture information passing through them, including your bank credentials.
  6. Ensure the website uses HTTPS instead of HTTP. All data sent to websites using HTTPS are encrypted and not readable by any unauthorised personnel. Check the address bar of the browser to determine if the website’s address begins with “https”.
  7. Insist on cash on delivery especially if responding to online classified advertisements.

If you believe you have fallen victim to an online scam or fraud, you should:

  • Change your password for the affected account and all other online accounts where you may have used the password (be sure to use a different password for each of your accounts)
  • Inform the bank of the fraudulent transaction(s) and request for a card replacement if necessary
  • Lodge a police report

When we are unaware and uncertain, we become vulnerable to scams. Let’s keep ourselves updated, stay vigilant and share the knowledge with our friends and loved ones. Let’s fight scams together!