Singapore introduces strong anti-scam measures after instances of attacks and scams that soared recently. Earlier the Oversea-Chinese Banking Corporation (OCBC), Southeast Asia’s second-largest bank was targeted by threat actors, who managed to steal a combined SG$13.7 million ($10.2M) from 790 customers by spoofing text messages.
Lawrence Wong, minister of finance in a video referred to it being the most serious phishing scam in Singapore and needed banks to improve security. Measures such as using more diverse machine learning algorithms to strengthen fraud detection tools to identify suspicious transactions. Suspicious transactions needed to be blocked consistently by banks, with additional customer confirmations for high-risk transactions or changes to account details. Expansive use of biometric technology, and accelerated adoption and preference for mobile banking apps.
He predicted, “These [measures] will introduce some friction to customers undergoing genuine transactions. but we will all need to adapt and get used to these inconveniences.”
Communications and information minister Josephine Teo said, “In 2020, we blocked about 500 suspected scam websites, by 2021 the net was cast much more widely and 12,000 were blocked.”
She further said, the government can block more websites, but it can turn out to be a futile game of whack-a-mole, with scammers reacting quickly and dynamically to circumvent the measures.
Pointing towards the OCBC phishing incident, where customers were lured to a website identical to the banks with incentives to them for entering their credentials. The government blocked 52 sites related to the scam in one day.
Singapore’s National Crime Prevention Council also has plans to crowdsource information from the public. This will provide them with citizens’ reports of scams and understand the ongoing scams via the WhatsApp channel which is expected to go live in the third quarter of 2022.
There are also widespread scam calls from foreign calls, which the telecommunication companies are improving with their analytic tools to block such calls. Telco in Singapore is currently blocking nearly 15 million calls per month and this figure is expected to rise up to 55 million per month, according to Teo.
To prevent the threat actors from sending out SMS, Singapore is also creating an alphanumeric ID registry, and approved businesses and organizations will be required to register their business with the government.
Teo said, “Given the implications, IMDA (Infocomm Media Development Authority) will study the matter carefully before deciding whether or not to mandate the registration of all alphanumeric IDs.”
Ms. Teo said SMS was never meant for secure communication and compared it to the postal service – which she said is “generally safe, but we would not send very valuable items even using a registered post.”
She was very clear of not calling out the OCBC incident a cyberattack or cybersecurity breach. She clearly described it as an act of deception committed at speed and scale. Teo added, “In the digital world where we have become so used to instant communications and transactions, our guard is down.”
Singapore police have frozen 121 bank accounts and recovered SG$2 million ($1.5M) in relation to the OCBC scam. While an additional SG$2.2 million ($1.6M) of victims’ funds have been traced to 89 foreign bank accounts. Around 107 Singapore and 171 overseas IP addresses were linked to unauthorized access to the victims’ accounts, according to Minister of state for home affairs Desmond Tan.
OCBC offered goodwill paybacks to all the victims of the scam bearing its name, under nondisclosure agreements, after threats of action from the Monetary Authority of Singapore. Nearly 90% of the victims have received reimbursement.