OCBC phishing scam: Banks should stop using SMS to communicate with customers, experts say

SINGAPORE — In the wake of a recent phishing scam involving hundreds of OCBC bank customers, some cybersecurity experts are suggesting that banks here do away with communicating important information such as verification codes via SMS.

This is because SMSes have been known to be insecure for a very long time and have led to several forms of scams in the past, they told TODAY on Tuesday (Jan 18).

Many of the nearly 470 affected OCBC customers, who lost at least S$8.5 million in all to the phishing scams, were fooled by fake SMS messages that appeared in the same thread as legitimate text messages by OCBC for one-time passwords and transaction alerts.

Mr Kevin Reed, chief information security officer at cybersecurity firm Acronis, told TODAY that a much better approach would be for banks not to use SMS at all for such notifications.

If banks stopped communicating important information via SMS, customers would be more alert and wary when they receive a text message purportedly from the bank.