A simple, effective and well-known global phishing trick, but it still worked to ruin Christmas in Singapore …
In recent months, a bank in Singapore has been used in a phishing scam causing losses totaling S$8.5m.
According to their local media, 186 customers had lost about S$2.7m to the scam, which started with spoofed SMS messages that incited victims to visit spurious websites linked within the text message.
Subsequently, the victims fell for the ruse to obtain their internet banking account log-in details.
In total, at least 469 people have been duped in this simple, widely-reported scam.
According to James Forbes-May, a spokesperson from Barracuda Networks (APAC), opening unverified links in phishing SMS messages and emails could result in the criminals capturing contact information, login credentials, and a malware infection on the PC or mobile phone that leads to further attacks. “To avoid falling victim to scams, individuals should be suspicious of unsolicited phone calls, SMSs, or email messages asking about personal information or sensitive credentials, and do not reveal personal or financial information. This includes following links sent in messages. If an unknown individual claim to be from a legitimate organization, try to verify his identity directly with the company.”
Businesses should educate staff with regular security awareness training to make sure they can identity attacks and customer reports and enquiries related to such threats. “It is also important to set up strong internal policies to prevent fraud and ensure that personal and financial data is handled properly. By creating guidelines and procedures to verify all requests for wire transfers and payment changes—for example, requiring in-person or telephone confirmation from multiple people for all financial transactions—such businesses can help people avoid making costly mistakes.”
CybersecAsia readers and email newsletter subscribers would by now be familiar with the routines for handling phishy emails and SMSes.