Overseas Scammers Exploit Telecommunication Systems to Target Singaporeans
SINGAPORE: Around S$500,000 was stolen in a fraud scheme involving diverted SMS one-time passwords (OTPs) used to authenticate credit card transactions. Authorities revealed that 75 bank customers in Singapore fell victim to the scam between September and December 2020.
Investigations by the Infocomm Media Development Authority (IMDA), Monetary Authority of Singapore (MAS), and Singapore Police Force (SPF) uncovered that overseas cybercriminals exploited vulnerabilities in foreign telecommunications systems. This allowed them to redirect SMS OTPs intended for victims in Singapore to overseas networks. With card details obtained through other means, the fraudsters successfully carried out unauthorised online transactions.
How the Scheme Worked
The perpetrators accessed the systems of overseas telecommunication operators, modifying mobile location data to intercept OTPs. These were then used alongside stolen card details to authenticate fraudulent payments.
Authorities emphasised that the banks’ systems in Singapore were secure and uncompromised. Victims reported not receiving the OTPs or initiating the transactions. The compromised overseas telecommunication networks have been identified, and investigations are ongoing to trace the criminals.
Safeguards and Waivers
Given the complexity of the attack, banks will offer goodwill waivers to affected customers who protected their credentials. Meanwhile, local telecom operators, in consultation with the Cyber Security Agency of Singapore (CSA), have implemented additional safeguards such as specialised firewalls to block suspicious OTP diversions.
Staying Vigilant
Authorities advise the public to take proactive steps to safeguard their financial and personal information:
Protect Card Details: Never share credit card numbers, PINs, or passwords.
Update Devices: Install the latest security patches and anti-virus software.
Use Trusted Platforms: Download apps only from official stores and make purchases through reputable websites.
Monitor Transactions: Set low thresholds for payment alerts to detect unauthorised activities early.
If discrepancies or unauthorised transactions occur, customers should alert their banks immediately. By staying vigilant and adhering to security recommendations, the public can help reduce the risk of falling prey to such sophisticated scams.
