The IMDA urges more businesses to sign up in its anti-SMS spoofing registry

IMDA urges more businesses to sign up upon the launch of its anti-SMS spoofing registry

The Infocomm Media Development Authority (IMDA) has urged more businesses to participate in a government trial program that was launched in August 2021 to allow organizations to register SMS sender IDs that they want to safeguard.

According to IMDA in a letter published in The Straits Times ForumSMS on January 17, 2022, communications will be stopped if the protected sender IDs are used in an unauthorized manner. It went on to say that some banks had already signed up for the registration, but it didn’t say which ones or when they did so.

OCBC Bank, whose clients have been subjected to various SMS frauds from smishing, has indicated that it will take part in the pilot scheme. However, it did not specify when it signed up.

Also Read: What is Smishing? How Can We Prevent It? Explained.

Smishing, defined

Smishing is a type of phishing in which mobile phones are used as an attack platform. The perpetrator conducts the assault to obtain personal information, such as social security and/or credit card numbers. Smishing is carried out by text messages or SMS, hence the name “SMiShing.”

Smishing attacks make use of SMS, or short messaging service, which is more generally known as text messages. This type of assault has grown in popularity because consumers are more inclined to believe a message provided through a messaging app on their phone than a message delivered via email.

Although many victims do not associate phishing scams with personal text messages, the truth is that threat actors are more likely to find your phone number than your email address.

Sharp rise in phone scams impersonating OCBC

OCBC Bank has warned clients and the general public to be on the watch following several surges in phone frauds mimicking the bank. In OCBC’s media statement on July 18, 2021, the bank stated that it got 1,081 calls about the subject from customers and the general public between July 1 and July 17, 2021, compared to 16 for the entire month of April.

According to OCBC, a phone scam often begins with an individual receiving an automated voice call that requests a response. It was reported that these calls impersonated delivery businesses and banks.

Following the instruction to enter a number, the individual would be transferred to a Mandarin-speaking individual with a non-local accent. This person would then ask for the individual’s personal or banking information, including their account number and contact details.

At least S$8.5 million was lost in December to phishing scams involving OCBC Bank

On December 30, 2021, the Singapore Police Force (SPF) reported that at least S$8.5 million was lost in phishing scams employing SMSes spoofing OCBC Bank. According to a police press release, at least 469 people have fallen victim to such scams since December 1, with the majority of the money lost in the last two weeks.

According to SPF, victims received unsolicited SMSs alleging that there were problems with their banking accounts and instructing them to click on a link to rectify the problem.

After clicking, victims will be routed to bogus bank websites and prompted to provide their banking account login information. They’d realize they’d been duped when they received warnings about unauthorized transactions charged to their bank accounts.

According to the police, it is “challenging and difficult” to recover the funds once they have been “fraudulently transferred out of the victim’s bank account.” It added that the “OCBC Bank has warned its customers about the phishing SMSes using several different channels including its online banking platforms, a social media page, and media advisory.” 

The general public is urged not to click on “dubious” URL links contained in unsolicited SMS messages. According to SPF, OCBC will not deliver SMS messages containing Bitly URLs.

Also Read: PDPA compliance for Singapore schools