Skip to main content

Advertisement

Advertisement

Banks to remove clickable links in emails, SMS sent to customers as part of new security measures

SINGAPORE — Banks in Singapore will be removing clickable links in emails or SMS messages sent to retail customers and set the threshold for funds transfer notifications to customers by default at S$100 or lower. These are part of several measures to protect account holders from phishing scams. 

New measures for digital banking are to be rolled out for banks in Singapore, after a recent spate of SMS phishing scams affected at least 469 of OCBC's customers.
New measures for digital banking are to be rolled out for banks in Singapore, after a recent spate of SMS phishing scams affected at least 469 of OCBC's customers.

Singapore

Follow us on Instagram and Tiktok, and join our Telegram channel for the latest updates.

SINGAPORE — Banks in Singapore will be removing clickable links in emails or SMS messages sent to retail customers and set the threshold for funds transfer notifications to customers by default at S$100 or lower. These are part of several measures to protect account holders from phishing scams. 

The changes, announced by the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) in a joint statement on Wednesday (Jan 19), will be implemented within the next two weeks.

The new measures came after at least 469 customers were affected by an SMS phishing scam targeting OCBC bank customers, with losses totalling at least S$8.5 million.

The fraudsters had sent out fake bank alerts that spoofed the bank's official SMS channel, duping many of them into clicking on web links and giving up their personal account information last month.

In the joint statement, MAS and ABS said that these measures will bolster the security of digital banking, given that it will lengthen the time taken for certain online banking transactions and also provide an added layer of security to protect customers’ funds.

Other measures that banks will be putting in place include:

  • Delaying activation of a new soft token on a mobile device by at least 12 hours 
  • Sending notification to a customer's existing mobile number or email registered with the bank whenever there is a request to change a customer’s mobile number or email address
  • Introducing a cooling-off period before executing requests to important account changes such as in a customer’s key contact details
  • Having dedicated and well-resourced customer assistance teams to deal with feedback on potential fraud cases on a priority basis
  • More frequent scam education alerts

"MAS expects all financial institutions to have in place robust measures to prevent and detect scams as well as effective incident handling and customer service in the event of a scam," the joint statement read.

"The growing threat of online phishing scams calls for immediate steps to strengthen controls, while longer-term preventive measures are being evaluated for implementation in the coming months."

The banks will continue to work closely with MAS, the police and the Infocomm Media Development Authority to deal with these scams, including coming up with more permanent solutions such as getting all relevant stakeholders to register SMS sender IDs of individuals they wish to protect, MAS and ABS said. 

Sender IDs are names that identifies the sender of an SMS message so that a word or phrase (eg. OCBC), instead of a number, is displayed on the recipient's mobile phone.

"MAS is also intensifying its scrutiny of major financial institutions’ fraud surveillance mechanisms to ensure they are adequately equipped to deal with the growing threat of online scams," they added.  

MAS and ABS also reminded customers that they should be vigilant and must:

  • Never click on links provided in SMS messages or emails
  • Never reveal their internet banking passwords to anyone
  • Verify SMS messages or emails received by calling the bank directly on the hotline listed on its official website
  • Verify that they are looking at the bank’s official website before making any transactions
  • Transact through the bank’s official mobile application
  • Closely monitor transaction notifications so that any unauthorised payments are reported as soon as possible to increase the chances of recovery

Mr Ravi Menon, managing director of MAS, said that the threat of scams will not go away, but there are ways to reduce vulnerabilities of online banking. 

"MAS, together with the police, IMDA and other relevant government agencies, is working closely with the financial industry, the telco industry, consumer groups and other stakeholders to strengthen our collective resilience against scam attacks. We will ensure that digital banking remains secure, efficient, and trusted," he added. 

Related topics

OCBC phishing Scam SMS MAS bank digital banking

Read more of the latest in

Advertisement

Popular

Advertisement

Stay in the know. Anytime. Anywhere.

Subscribe to get daily news updates, insights and must reads delivered straight to your inbox.

By clicking subscribe, I agree for my personal data to be used to send me TODAY newsletters, promotional offers and for research and analysis.