Bank Phishing Attack: What Happened & How To Prevent Such Attacks

Phishing attacks, especially connected to regulators and financial institutions, in Asia forced the banks to introduce new secure channels to shield users and consumers from losing their hard-earned money. However, by the time regulators introduced new panels, many bank users all across Asia had lost millions in a series of high-level scams. 

As per the official statistics, over 470 customers from Singapore’s leading bank were scammed in December 2021 alone. The users were scammed of fraud that amounted to a total of 8.5million Singapore dollars. But what was this phishing scam? 

Many people have been exploring details about the same on the internet. So let’s explore various segments of this scam and how regulators are working on security panels to avoid such scams in near future.

What was this phishing scam?

Sophisticated scammers tracked down a list of banking users and sent SMS with a link to what seemed like a banking login page. The SMS looked like this:

Scammers dealt perfectly with the behavioural analogy of users. An SMS warning you about a login attempt on your internet banking scares many. And to stop the attempt, you will do everything in your power to save your hard-earned money. The link attached with the SMS directs the user to enter the authentication code of their respective bank accounts. 

The second user entered the same, scammers and hackers hijacked their bank account page. The rest was just a nightmare for the users. The scammers will drain all the money lying in their bank account leaving nothing behind.

These scams were intensified while attacking people through text messages and email confirmations. More often, the victims of such attacks were elderly or those with little technical knowledge. 

The reason why their scammers were called ‘much sophisticated’ was that the scams shot by these people were just too realistic. For banking users, they had no reason to doubt the appearing messages as they were spotted in the thread of official messages sent by the bank.

Digital Banking Risk

When digital banking initially became popular, the concept of being able to perform transactions with a single click of a button on a smartphone or other digital device was so appealing that many people tossed their paper bank books into the storeroom without giving it any thought.

Many people have become accustomed to being able to monitor their account balance and make digital transactions daily.

Without the need for actual tokens or the hassle of physically visiting bank locations to transact, banking has become seamless and simple. But we can't help but think that digital banking's rapid advancement and growth in recent years has become a double-edged sword.

When it comes to online warnings, whether in the form of emails or SMSes, we, the customers, have let our guard down.

Online services have exposed us to cybersecurity concerns and identity theft, in addition to the recent SMS phishing scam.

The replacement of relationship managers with automation – voice calls or bots to answer your questions – has resulted in another flaw: the lack of a personal banker relationship and no one to turn to if you are a victim of a scam.

How to Keep Yourself Safe

The bank posted some mobile banking guidelines on its website to help clients avoid SMS phishing.

Customers were advised to follow the following safety precautions:

• Do not provide personal banking information to untrusted websites
• When utilising a mobile device to access a bank account, make sure you use the official banking or payment app
• Instead of utilising a link, type the bank's website address directly into the phone browser
• Before providing any important account information, double-check the website address
• Install the most recent security fixes on your smartphone
• Use distinct passwords for different websites and don't reuse them
• Keep up with the most recent fraudster methods

Lessons for both banks and customers

Who'd been wrong, whoever was at fault – we must recognise that pointing fingers will not solve any problems and that all parties must remain vigilant.

We must be pragmatic and recognise that OCBC's goodwill gesture of reimbursing victims for money lost may not continue in the future if similar frauds occur.

Customers gave over their login data and OTP on their own, so there's no guarantee that other banks will compensate them if they're duped in similar scenarios.

We look at a few strategies that may be able to help improve the current fraud situation.

• Remedy for SMS spoofing

One approach to stop these SMS frauds is to modify the medium that banks use to send alerts. Banks may decide to stop using SMS as a channel for action authentication.

The fact is that there are a plethora of free SMS spoofing programmes on the market, and their proliferation is impossible to curtail — even legal businesses rely on them for their marketing activities.

To combat the problem, banks must immediately remove clickable links from SMS or email messages delivered to clients.

This is a method of dealing with the situation so that clients are aware not to click on links.

This solution, on the other hand, is only effective for clients who are well-informed and sophisticated. It doesn't address the issue of unscrupulous actors continuing to distribute spoofing links to consumers who aren't well-informed or cautious.

• Snuffing Scams

For the time being, there is just one software option that can keep fraudsters out. Technical partners such as TransformHub can help you design a software solution to prevent fraudulent phone numbers and SMSes before they reach your smart devices.

Illegal gambling and online casino betting are two other typical scams that scammers employ to deceive victims via SMS.

To address the newest SMS bank phishing problem, the government should consider allocating funding to generate spin-offs from this deterrent tool.

This might include creating a platform that allows institutions to trade phone numbers and harmful URLs. Another strategy to keep the internet clean is to encourage more people to use the software programme.

Other Ways to Prevent SMiShing Attacks

Because of the large number of messages that mobile users get each day, hackers take advantage of their targets' weak defences to steal information. These assaults can take many different shapes, and they're frequently disguised as urgent notifications that demand rapid action. 

Passwords, security upgrades, locked credit and debit cards, and hacked bank account information are all examples of personal information. All of these have been seen in previous SMS phishing attempts, with their effectiveness relying on the victim's knee-jerk reaction. 

Users are frequently led to graphics rather than web pages when they click a link in malicious SMS messages. Images are more difficult for monitoring systems to understand than webpages, which have some built-in security, leaving people susceptible. Do the following before clicking any SMS-based link:

• Always double-check the sender of your communication – do you recognise the person?
• Keep in mind that genuine businesses will not request personal information by SMS
• Never click on any hyperlinks in the mail or give out any critical information
• Check that web filters are alerting you to potentially dangerous information if you are routed to a website
• Understand that smishing isn't only restricted to texting; WhatsApp, Facebook, and Skype messengers are also at risk

How can TransformHub help?

Since many businesses and institutions have been victims of phishing attacks. The corporates as well as the customers are advised to upgrade their network security systems. A secure and reliable scam detector software is one such solution for the same. 

TransformHub being one of the leading pioneers in the field of data security, can assist the group of people and businesses to secure their data in a tight network. Phishing attacks can be avoided in general at a user level, but heading an entire network system will require a huge network security web to avoid any phishing attack. TransformHub is here to serve the same. 

Our professionals can assist you in improving the security of your network. Please contact us for a free consultation.

For additional details on how we can elevate your company’s brand, connect with the specialists at TransformHub at sales@transformhub.com