Skip to main content

Advertisement

Advertisement

How a senior IT exec fell for a ‘technical support’ scam and nearly lost S$180,000

SINGAPORE — They were calm and professional, and sounded every bit like employees of a telecommunications firm offering technical support.

The transfer did not go through, thanks to a vigilant fraud risk team at OCBC Bank, which alerted the police to the transaction on Dec 18, 2020.

The transfer did not go through, thanks to a vigilant fraud risk team at OCBC Bank, which alerted the police to the transaction on Dec 18, 2020.

  • It started with a call from someone who claimed to be a Singtel technical support employee
  • The victim did not grow suspicious as he thought many employees were doing their work by phone because of Covid-19
  • He ended up authorising a transfer of S$180,000

 

SINGAPORE — They were calm and professional, and sounded every bit like employees of a telecommunications firm offering technical support. 

So an unsuspecting senior information technology executive readily fell for their ruse last month. 

The fraudsters claimed to be staff members from Singtel, Singapore’s largest telco, providing technical support over the phone.

The Singaporean victim in his 50s did not notice that something was awry, as he thought many employees like him were working from home during the pandemic and had “no choice” but to do their work over the phone. 

The victim, who spoke on condition of anonymity, wanted to be identified only as Mr KK.

He ended up authorising a transfer of S$180,000 from his bank account.

The transfer did not go through, thanks to a vigilant teller and fraud risk team at OCBC bank, which alerted the police to the transaction on Dec 18 last year. 

The victim recounted his ordeal to reporters on Wednesday (Jan 6). He hopes that it would serve as a cautionary tale, so that others do not fall for the same trap. 

The interview was facilitated by the police, which on Wednesday warned the public against scammers impersonating employees from telecommunication service providers, such as Singtel and StarHub, or officers from government agencies offering technical support. 

The police said the scammers would typically dupe victims into believing that there were issues with their internet connections and persuade them to install software applications. These apps, such as Teamviewer or AnyDesk, can then grant remote access to their computers.

An image of software application Teamviewer from a scam victim. Photo: Singapore Police Force

In other cases, the scammers would claim to be “cyber police” or from “cyber crime departments”. They would hoodwink victims into believing that they had committed a crime, similar to tactics seen in impersonation scams involving supposed “Chinese officials”, the police added.

In Mr KK’s case, the scammers sounded exactly like technical support employees — they were calm and professional, and took him through his issues slowly and patiently, he said. 

HOW THE SCAM UNFOLDED

It started with a call from an overseas number on Dec 16 last year. 

The person at the other end convinced Mr KK that he was a Singtel employee named Alex Murphy. He narrated Mr KK’s network identification number, after Mr KK provided him with an identification number on his broadband modem.

The fraudster then told Mr KK that he had detected suspicious behaviour on the latter's network, suggesting that it was hacked.

Mr KK was later referred to a “superior”, a Paul Thomas, who instructed him to install Teamviewer on his laptop to pave the way for “further investigations”.

This superior later handed over the call to a third person, this time from a supposed cyber crime department of the Singapore Government.

This person then told Mr KK that he was part of a top-secret operation and that his cooperation was needed to catch a hacker. 

Mr KK, who had spoken to the scammers for about half an hour by now, agreed to be part of the operation because he felt that he was helping the authorities. 

This “operation” went on for the next two days and involved the use of one of his three bank accounts in what he believed was a ploy to lure the hacker into a trap set by Singapore’s cyber crime authorities.

One of the scammers later got Mr KK to declare his bank balances, and said that all his accounts needed “securing” and their amounts had to be cross-checked at the end of the operation.

Soon after, one of the accounts — a dormant one at OCBC with little cash in it — saw a jump of S$180,000.

Mr KK was told that the cyber crime department had transferred the sum, which was a failed transaction made by the hacker. By monitoring people who gain access to the money, the authorities would be able to catch the culprit, the scammers told him.

DEPTHS OF DECEIT

Mr KK said he did not fully understand how the operation worked. 

“I thought I was helping the Government and I didn’t think deeper. I said ‘okay, let’s do it’.”

In hindsight, he said the fact that the scammers called him from overseas numbers should have set alarm bells ringing.

The scammers later instructed him to transfer the S$180,000 — which was, in fact, his own money — to a Hong Kong-based HSBC account. He was told to do so at the bank, without telling anyone that he was part of the operation.

“The argument (given to me) is this: This hacker may have a helping hand in the bank, so if you tell the bank that this is happening, the staff may tell the hacker and alert the guy,” he said.

He later discovered that the scammers had transferred the sum from another of his bank accounts. 

He was so trusting of the scammers’ tale that he refused to engage police officers when they visited his home on the afternoon after the transfer. 

Ms Chua Wen Xin, the bank teller who served Mr KK at OCBC’s Clementi branch, said she noticed something amiss when Mr KK, who is of Indian ethnicity, stated “family maintenance and expenses” as the purpose of his transfer to the Hong Kong account. 

The recipient had a Chinese-sounding name and, when asked, Mr KK refused to disclose how they were related. He insisted that the money be sent on the day itself.

Another telltale sign, Ms Chua said, was that it was a big sum and appeared to be all that he had in his account.

Investigations into the scam are continuing.

The police said that there were 313 cases of technical support scams in the first half of last year and S$14.9 million was swindled from victims. The biggest amount cheated in a single case was S$958,000. 

There were just 30 such cases in the first half of 2019, involving S$340,000 in total. 

The police advised the public to stay vigilant and reject callers that spoof local numbers, noting that all incoming international calls started to be prefixed with a plus (+) sign from April last year.

If they believe that they may have fallen prey to a scam, members of the public should: 

  • Log out of and turn off their computer to limit further actions by scammers

  • Report the incident to their bank to stop further activities on their bank accounts

  • Change their online banking credentials and remove unauthorised payees that may have been added 

  • Report the matter to the police

Related topics

Covid-19 coronavirus scam OCBC

Read more of the latest in

Advertisement

Popular

Advertisement

Stay in the know. Anytime. Anywhere.

Subscribe to get daily news updates, insights and must reads delivered straight to your inbox.

By clicking subscribe, I agree for my personal data to be used to send me TODAY newsletters, promotional offers and for research and analysis.