Woman scammed of $4,000 after she receives phishing text | The New Paper
Singapore

Woman scammed of $4,000 after she receives phishing text

This article is more than 12 months old
Woman scammed of $4,000 after she receives phishing text
COURTESY OF MS KYAN TAN
Adeline Tan
Mar 05, 2019 06:00 am

When she received a text message from her "bank" last Thursday, Ms Kyan Tan did not suspect anything.

It came from the same number that United Overseas Bank (UOB) had used to send her genuine one-time passwords (OTPs) when she performed previous transactions.

So Ms Tan did as she was told: She tapped on the link that was supposed to verify her device, which she assumed was her bank token.

This was to prevent her account from being blocked, the message had claimed.

It was a mistake which cost her $4,000.

"I thought since it came from the number that UOB always uses, then it must have been legitimate," Ms Tan, 32, an assistant manager in the finance industry, told The New Paper yesterday.

The 39-year-old man pleaded guilty to two charges of aggravated sexual assault by penetration and one charge of outrage of modesty.
Singapore

Jail, caning for man who sexually assaulted step-niece

Related Stories

Foreigner who bankrolled house purchases worth $6m fined $45,000

Cyclist in East Coast road rage likely affected by brain tumour

Pritam Singh appoints ex-state counsel to defend him in court over his alleged lies to Parliament

The link took her to what looked like the UOB iBanking page and she signed in with her account details. Ms Tan then received a string of messages purportedly sent from UOB containing several OTPs for her to enter the system.

After she keyed in the last OTP into her token, she was given a set of numbers to input into the iBanking page.

In just seconds, Ms Tan received two new messages informing her that a new payee had been added, and that her funds transfer was successful.

Ms Tan said: "When I saw those messages, I had a sense that something was very wrong because I never intended to transfer any money." She called the bank immediately and was told that $4,000 had been transferred out of her account.

Ms Tan said: "I was in shock and disbelief. To find out that you lost $4,000 just like that was painful for me."

She rushed down to a branch and claimed a staff member told her that it was the first case of its kind. She also lodged a police report that night.

TNP understands that the bank's security system was not compromised and that it was an external phishing attempt.

BANK AWARE

A spokesman for UOB told TNP that the bank is aware of phishing attempts targeting customers via SMS.

He said: "Upon identification of the phishing attempts, we notified our customers via our mobile banking app, UOB Mighty, and Internet banking, advising them to stay vigilant.

"We have also posted information on our Facebook page on the matter."

Mr Priyesh Panchmatia, director of solutions consulting from cyber security firm i-Sprint Innovations, said attackers often focus on the weakest link - humans, in this case, the end users.

He said: "The attacker may masquerade as a legitimate source by using SMS originator spoofing, send a message that appears to come from the legitimate source and deceive the user into providing his credentials to them via a malicious website."

Get The New Paper on your phone with the free TNP app. Download from the Apple App Store or Google Play Store now

COURT & CRIME

Adeline Tan

tanpya@sph.com.sg
Read articles by Adeline Tan