SINGAPORE – More people were tricked into divulging to scammers their one-time passwords (OTPs) for online transactions, resulting in 1,101 victims losing around $15.3 million in total last year.

It was more than a fourfold increase from 2018, when 244 victims were cheated of about $456,000 in total.

At a press conference on Wednesday (April 1), the police said the scammers used various platforms to target their victims.

These platforms include social media, phone calls and online chat applications. The scammers either impersonated government officials, technical support staff or the victim’s friends to access personal details and accounts.

The scammers used “various ruses to induce the victims to share their OTPs, such as helping the victim to join a contest or to resolve some technical issues, or telling the victim that he/she has won a prize”, added the police.

Once they had the OTPs – a security feature to verify a user’s identity for online transactions – the scammers used them to access the victim’s accounts and either transferred money out to another account or used the funds within the account for fraudulent online purchases.

The scammers also used other ruses such as bank phishing scams – in which fraudsters pretend to be bank officials to trick victims – and lucky draw scams, where victims are told they have won lucky draws.

Citing a real-life example, police said a 75-year-old retiree lost $74,997 to a scammer who called her pretending to be a Singtel technician.

The retiree was told that her Singtel account had been compromised by a “hacker”, and she was instructed to download an application called “Teamviewer”, for Singtel to conduct “investigations”.

The scammer then remotely accessed her computer, and asked her for her bank login details and an OTP, claiming he had to check if her account had been compromised.

The woman provided these details, but realised subsequently that the scammer had remitted some of the money in her account to Hong Kong. She lodged a police report the next day.

Superintendent of Police Chew Jingwei, head of syndicated fraud in the Commercial Affairs Department, said members of the public should remember that OTPs are meant to safeguard their transactions, and they should not reveal their OTPs to anybody.

“If someone asks for your OTP over the phone, it is a big red flag. By giving your OTPs away, you are exposing yourself to fraud,” said Supt Chew.

Banks such as OCBC and firms operating online payment platforms like Grab have included warnings of such fraudulent methods in their text messages to customers containing the OTPs, to remind users not to disclose passwords.

OCBC’s head of operational risk management Patrick Chew said bank staff will never ask the public for information like login credentials and OTPs over the phone or in any other direct communication with users.

“Do not be afraid to hang up a phone call if you suspect something is amiss.

“You can always return the call to the telephone numbers that are posted on the websites of the organisations they claim to be from, to verify if the call is genuine,” said Mr Chew.

Source: Read Full Article