BEFORE YOU GO...
Check how Shufti Pro can verify your customers within secondsRequest Demo
Singapore is taking steps to introduce additional security measures to detect suspicious transactions after a total of SG$13.7 million was lost to SMS phishing scams.
The country is looking to develop “more versatile” AI-based algorithms in order to monitor suspicious transactions and prevent such big losses. Additional security measures include the requirement for SMS service providers to verify senders’ numbers before sending messages.
Singapore is looking to improve the local banking and communications infrastructures with improved security measures. Banks and financial institutions are also urged to incorporate robust transaction monitoring systems.
These improvements in security safeguards originated as a result of the recent losses due to SMS phishing scams, where $10.17 million were stolen from the accounts of 790 OCBC Bank customers.
The scammers had fiddled with the details of SMS sender IDs to send messages that were seemingly sent by OCBC, tricking victims to resolve the said issues with their bank accounts.
The victims were redirected to phishing websites that asked them to enter their bank account credentials, including usernames, PINs, and one-time passwords (OTPs).
This was described as Singapore’s most serious phishing scam which involved spoofed SMSes that impersonated banks. The Minister of Finance, Lawrence Wong, said that several steps will be taken to improve the risk mitigation process for such scams.
“These would span the entire ecosystem, including banks, telecommunications, law enforcement, and consumer education,” Wong said Tuesday during his ministerial statement in parliament. The minister is also the Deputy Chairman of the Monetary Authority of Singapore (MAS).
The OCBC phishing scam led the Monetary Authority of Singapore to introduce new security measures last month, which required banks to delete hyperlinks from emails and SMS messages sent to customers and add a delay period of 12 hours for activating mobile software tokens.