The alarming increase in reports of phished credentials between October and December 2024 and the resulting losses of at least $1.2 million have driven a public reminder about the potential risks of card transactions through phishing sites or social media adverts.
The warning was issued by the Singapore Police Force (SPF) teaming up with the Cyber Security Agency of Singapore (CSA) and Monetary Authority of Singapore aiming to get the message across to banked individuals.
Providing credit card credentials for online transactions is essential but the trio reiterated the process of how fraudsters obtain data through phishing sites, sending a one-time password via text message to the victim to access the phishing website. The site is operated by the scammer giving them access to the victim’s card which is then added to the scammer’s Apple wallet.
They will then launder money into multiple accounts, or in this case wallets controlled by the fraudsters, known as money muling. The freedom to use contactless payments in-person or make simple digital payments online helps disguise the fraud.
At least 656 victims came forward reporting phished card credentials provisioned to mobile wallets, with 502 reports of cards linking to Apple Pay. The cohort have been working with the financial ecosystem of banks, big mobile wallet providers such as Apple, and card service providers to restore digital security and stop fraud amid modern complacent attitudes towards the internet, unlimited online services and easier banking methods, in the wallet or contactless.
“We urge the stakeholders to cooperate with us, and impose measures”, they said.
The public is reminded not to share banking and card credentials with anyone, including passwords or OTPs, and to verify the e-commerce websites they are using.
Precautionary measures include adding the ScamShield app, activating digital tokens for banking apps, lowering card transaction notification thresholds, disabling cards for overseas use when not traveling, and checking SMS OTPs to ensure credit cards are not being provisioned without permission. The public is also urged to report and block suspected scam accounts and chat groups, and to contact their bank or card issuer immediately if they suspect they have fallen victim to a scam.
Stay safe and vigilant.
