How to guard your private information and hard-earned money from phishing attacks

Online scams are becoming increasingly sophisticated and "real".

Phishing attacks can happen anytime and anywhere, and their effects can cripple everyone from you, as an individual, to an entire company.

 

In a headlining incident, in December 2021, almost 470 OCBC bank customers lost an approximate S$8.5 million, to a phishing scam. The sophisticated attack was carried out via SMS, where customers were instructed to access a fake website link. They were asked to log in with their Internet banking details, and for some users, this included a one-time password (OTP). Within a short period of time, customers found their bank accounts drained of funds. Even as investigations are ongoing, there has been no guarantee that customers will be able to recover their cash and life savings.

Such attacks help stress the importance of people keeping their guard up against phishing attempts. These can come as emails, SMSes or other forms of communication. Here are some things to note, with a few steps to follow, to stay clear of phishing attacks.

So, what is phishing?
Phishing is a type of online scam where attackers ‘fish’ for personal information. This information is then used to impersonate an individual or a company. The most common forms of phishing are email and SMS phishing.

Phished, or stolen, data can include identity card and passport numbers, banking details, login IDs and passwords and one-time passwords (OTPs). With this information, scammers assume the identities of people and companies, to funnel out monetary funds and carry out other fraudulent activities. These other fraudulent activities can include taking out unauthorised loans and mortgages.

People often fall prey to scams because of the convincing appearance of scammers’ phishing tools. Perpetrators use copy-cat websites and messages that feature authentic designs, logos and details. These design elements are often lifted from legitimate websites. Unsuspecting recipients, who may think that they are taking action to secure their money or accounts, then click on URLs that serve to reveal their personal information. As the links are accessed, personal data is fed to and downloaded by scammers, in a process that is often instant, unstoppable and irreversible.

How do you stay clear of phishing attempts?
Adopt these precautionary steps and learn how to recognise the signs.

1. Take your time. Upon receiving an email or SMS, take a pause before responding or reacting to it. Approach incoming correspondence with a calm and clear mind, regardless of the urgency that is insinuated in the message.

2. Identify the sender. Is the sender a person or company that you recognise? Did you start the conversation, or does it feel like you’ve been contacted out of the blue? Cold emails should always raise your suspicions.

3. Scan for inconsistencies. Even if you do recognise the sender, make a habit of checking other details to verify their identity. Check that the sender’s name and email address correspond and are spelt correctly. Scammers make subtle changes, such as adding or removing single alphabets, to avoid raising alarm.

Email and SMS phishing messages also tend to carry urgency and cause panic. Always approach them calmly, while being sensitive to the way that they’re crafted. Spelling and grammatical errors are signs that the messages are not what they appear to be. A simple typo could clue you in immediately to an impending attack.

4. Verify URLs and avoid opening attachments. Just like spelling and grammatical errors, strange links often allude to phishing attempts. Hover your mouse over URLs to see if they are masking odd addresses. If you feel the need to explore further, open new browser windows so that you may type in the full, official addresses. This helps ensure that you are aware of the legitimacy of the links and their related web pages.

As well, avoid opening any attached files. Only do so if you are certain of the sender and the authenticity of their message.

5. Think before you click. A malicious attack can begin as soon as you act on steps that are outlined in a phishing message. Therefore, it’s important to not rush any response. Avoid clicking on anything in an email or SMS, no matter the tone of urgency.

Government agencies and financial institutions often disseminate advisories that state that they will never solicit sensitive information through email, SMS or phone conversations. This should make you extra wary of messages that ask for urgent action.

If you’ve identified a phishing attack on a personal device, delete the message and clear your trash folder. If you’ve identified such a message on a company device, follow your organisation’s protocols on reporting and escalating the issue.

Prevention is better than cure
Here are some tips to shore up your defence against phishing attacks.

  • Be more conscientious and security-minded when you use the Internet. You are your own strongest line of defence. At the first detection of anything suspicious, report it as spam or junk. If you have contact with the person or entity that is being impersonated, you may wish to notify them as well. Look for IT helpdesk channels (if available) to escalate issues in the most efficient way.   
  • Keep your system’s security software updated. If you’re on a personal device, such as a mobile phone or tablet, be sure to heed those update alerts. Delaying the installation of patches can leave you vulnerable to newer malware and scamming technology.
  • Activate multi-factor authentication (MFA). MFA, which includes OTPs, acts as additional protection for your personal information. Never reveal your MFA details to anyone.

The high cost of phishing attacks in Singapore

From January to June 2021, 20,000 cases – covering loan, e-commerce, and job and investment scams and more – leading to a total loss of S$168 million, were reported. Among the trends analysed, Singaporean police found that cyber criminals had targeted people who were feeling anxious and vulnerable in the Covid-19 situation. The scams were carried out over email, SMS and WhatsApp, as well as on social channels such as TikTok and Tinder.

The reach of scammers is wide and unlimited, affecting even the savviest users of modern technology. So, smarten up and be on the alert to keep the phishing attempts at bay. 

Enjoy reading our articles?

Subscribe to Money Banter to receive useful tips and guides on insurance and offers on products and services.

Thank you for your submission. 

By clicking “Submit”, you consent to Singapore Life Ltd. (“Singlife”) and Singlife related companies contacting you to provide you with information concerning Singlife and Singlife related companies’ products and services and special offers which may be of interest to you.
For details of Singlife's Data Protection Policy, please refer to singlife.com/pdpa. To withdraw your consent at any time, please call Singlife at +65 6827 9933.

Important Information

Money Banter (the "Portal") is for general information only and does not take into account the specific investment objectives, financial situation, health condition and needs of any particular person. The contents of this Portal are intended merely for educational purposes and should not be construed as the giving of advice or the making of a recommendation. Nothing contained in this Portal shall constitute a distribution, an offer to sell or the solicitation of an offer to buy. We recommend that you discuss any specific matters with your financial adviser representative or legal adviser before making any decision. You are responsible for your own medical care, treatment and oversight, and any health-related content on this Portal, including, text, treatments, dosages, outcomes, charts, profiles, graphics, images, messages and forum postings are strictly information to promote general understanding of certain health topics only, do not constitute the providing of medical advice, and should not be relied upon as a substitute for professional medical advice, diagnosis or treatment. Always seek advice from a physician or other qualified health care provider regarding your medical condition or treatment and before undertaking a new health care regimen. This Portal may include information sourced from third parties and links to third party websites. We are not responsible for the accuracy or completeness of, and do not recommend or endorse such information or third party websites nor recommend or endorse any specific tests, physicians, products, procedures, opinions or other information. While we have taken reasonable care to ensure that the information on this Portal has been obtained from reliable sources and is correct at time of publishing, information may become outdated and opinions may change. Except to the extent prohibited by any law, we are not liable for any loss (including direct, indirect and consequential loss, loss of profits, loss or corruption of data or economic loss of any kind) that may result from the access or use of or reliance on the information on this Portal.  | Terms of Use | Data Protection Policy

Protected up to specified limits by SDIC. This advertisement has not been reviewed by the Monetary Authority of Singapore.