Picture this – a man wearing a jacket bearing the name of your bank turns up at your door, declares there is a problem with your account and asks you to hand over your details so he can fix the issue.
And all without showing a bank identification card or even seeming to know your name.
Pretty much everyone would spot this as a scam and laugh at the notion of handing over important bank details to a guy with “crook” written all over his face.
Even the idea that a bank would send an employee door to door to ask for customers’ details is preposterous in itself. The reality is no bank would ever approach customers and ask for banking details outside of a branch.
This applies even to online banking.
Remember those times you call the bank for assistance? They ask for personal details only to verify your identity; the staff do not ask for your account details because a real bank knows everything about you. Only scammers want such information because they don’t know who you are and what accounts you hold.
Most people would not hand over bank details to strangers who show up at their doors even if they wear a shirt with the bank’s name.
But how come such vigilance disappears when you receive an SMS or e-mail asking you to hand over your banking details by logging into a site? And instead of wearing a bank’s name on their shirts, online scammers spoof the bank’s name via electronic messages to say your account has a problem and that you must key in your account details by clicking on the attached link.
The message still does not identify you by your name or IC number, and if you pause to think for a moment, why would a bank ask you to log into your account to verify a banking problem when it could resolve such issues at its end?
Yet scores of bank customers have fallen victim to such phishing scams, which lure them to part with critical data by setting up fake bank sites. In the latest phishing scam involving OCBC bank customers, 790 of them lost a total of $13.7 million to the crooks.
Such scam tactics have been around for years, so it is worrying that many of the recent victims were young and tech-savvy; some even worked in tech-related jobs.
Cyber-security and corporate governance expert Anthony Lim, who is a fellow at the Singapore University of Social Sciences, believes that the pervasive use of social media and online services has made many people impatient – they yearn for instant results because they are used to getting answers with a tap of their phones.
“It is common knowledge that no bank will ask its customers to log into their accounts via SMS or e-mails whatever the circumstances and yet many people continue to do so. Scammers are counting on their behaviour of always clicking on links without checking and they have succeeded yet again.
“It is time for all of us to take a step back and pause… if there appears to be a problem.”
Mr Lim notes that scammers always use “fear tactics” to push their victims into doing their bidding. Some of these ruses include claims that their accounts have been hacked, their relatives were hurt or kidnapped, and more recently, being in contact with Covid-19 patients.
He says people can avoid being ripped off if they take the time to make their own checks instead of following the instructions that come with such calls and messages.
Here are four good practices that can prevent you from being the next scam victim.