Banks and financial institutions in Singapore will have to implement new security measures that have been mandated following a series of phishing SMS scams that wiped several victims of their life savings. These measures include the removal of hyperlinks from email or SMS messages sent to consumers and a 12-hour delay in activating mobile software tokens.
The Monetary Authority of Singapore (MAS) and Association of Banks in Singapore (ABS) said in a statement Wednesday that the additional measures aimed to strengthen the security of digital banking, in light of the recent scams targeting bank customers.
The SMS-phishing scams involving at least 469 customers of OCBC Bank and resulted in losses of more than SG$8.5 million, with S$2.7 million alone lost over the recent three-day Christmas weekend. Several of the victims reportedly lost their life savings, including a 43-year-old man whose account was wiped of S$500,000, a 38-year-old software engineer who lost S$250,000, and 33-year-old finance executive who had her account emptied of S$68,000.
In these cases, scammers manipulated SMS Sender ID details to send messages that appeared to be from OCBC. These SMS messages prompted the victims to resolve issues with their accounts, redirecting them to phishing websites and instructing them to key in their bank login details,