After the most recent outbreak of SMS phishing scams in Singapore, which affected at least 469 local OCBC bank customers and resulted in losses of more than S$8.5 million, authorities have decided it's time to introduce strict new security measures.
Within the next two weeks, banks in Singapore will have to remove all clickable links in emails and SMS messages for retail customers and set a new threshold for notifications at S$100 or less when transferring funds. This is just the beginning of a long list of security measures created to protect account holders from phishing scams – which are, once again, on the rise. These changes were announced in a joint statement from the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) on January 19th, 2022.
Bleak December
2021 had the worst cybersecurity results to date, especially the last quarter, with malware and phishing scams lurking around every corner of cyberspace, and online scams are predicted to increase. Among many other channels of attack, we’ve seen a record 40% increase in emails containing malware and a 23% increase in phishing emails, and that’s only in the second and third quarters of 2021. The COVID-19 pandemic, which prompted an increase in the number of contactless payments, certainly didn’t help these disheartening statistics.
December was particularly hard for Singapore. Threat actors had been distributing fake bank alerts after they hacked the official OCBC bank's SMS channel. This led many customers to click on bogus links that collected their personal account information. The phishing attack was only discovered after at least 469 customers were scammed and losses exceeded S$8.5 million. That’s when the authorities introduced these drastic new measures.
New rules: Security over convenience
Aside from the removal of clickable links and a reduced threshold for transfer notifications, the following measures will be introduced to bolster the security of digital banking in Singapore:
The above measures are intended to lengthen the administration time of online transactions and provide an added layer of security for online banking in Singapore. We can only hope that other countries will follow Singapore’s example and look to implement similar strategies, as this would significantly improve the safety of global online banking.
The joint statement from MAS and ABS read: The growing threat of online phishing scams calls for immediate steps to strengthen controls, while longer-term preventive measures are being evaluated for implementation in the coming months.
Reminder to our readers
In the joint statement, it was promised that the banks will continue to work closely with MAS, while the police and the Infocomm Media Development Authority deal with these threats. However, there are some good habits each of us should adopt to promote a safer online banking environment, such as:
- Never click on links embedded in an email or SMS, especially if the message comes from an unknown contact.
- Try memorizing your internet banking passwords instead of writing them down, and never reveal them to anyone, no matter who they claim to be. If you can’t remember all of your passwords, then try using a password manager.
- Always verify emails and SMS messages you receive from your bank by calling the bank directly.
- Make all your transactions through the bank’s official mobile app.
- Make a habit of closely monitoring your transaction notifications. In case of any unauthorized actions, report the issue as soon as possible. This will increase the chances of your money being recovered.
And while the threat may never fully disappear (with fraudsters getting more and more creative by the day), taking these steps will certainly make you less vulnerable to any potential scams.