What is a PHISHING SCAM
<Updated on 15 Jul 2021:>
Phishing/ smishing/ vishing scams is a form of fraud/ cybercrime in which an attacker masquerades as an authority, reputable entity or person using deceptive emails, websites, online advertisements, text messages, phone calls, or other forms of communication to lure victims into providing sensitive data such as personal, banking and credit card details, and passwords.
Phone calls, text messages and emails claiming to be from government authorities, banks, reputable organisations, or IT administrators are commonly used to lure the unsuspecting public. It is a form of social engineering attack to manipulate, influence, or deceive victims into making security mistakes that can result in personal identity theft and financial losses.
The key prevention is knowing how to identify phishing/ smishing/ vishing scams, learning self preventive measures and know what to do; in the event you are targeted or had fallen victim.
- Phishing uses tactics such as deceptive emails, websites and text messages to steal confidential personal and corporate information.
- Smishing uses manipulative text messages to steal confidential personal and corporate information from unsuspecting victims.
- Vishing, often referred to as voice phishing uses the phone to steal personal confidential information from victims. Vishing is combined with social engineering tactics whereby cybercriminals will incorporate the human engagement to convince victims to act, reveal private information and grant scammers access to their bank accounts.
how IT can happen
When a victim receives:
--> unsolicited calls or messages over mobile phones,
--> unsolicited calls or messages over social media platforms/ e-marketplace platforms, 0r
--> unsolicited emails.
where such calls or messages received are designed to incite a form of:
- False hope, attraction, greed, and the 'too good to be true' offer proposition, e.g. 'You have won' an attractive cash prize or lucky draw; or
- Incite a form of panic or fear, e.g. your bank account is under police investigation/ facing security issues, or your home internet is experiencing technical issues.
Phishing scams can also happen when a victim sees:
--> an online advertisement (on social media platforms like Facebook, or e-marketplaces like Carousell/ Lazada/ Shopee) that interests them
what can happen
When the victim is being deceived and believes that everything is true under the phishing scam, the victim:
- Unknowingly clicks on suspicious links in emails, websites or phone/ social media messages
- Gives away his/ her personal and financial details.
- Gives away his/ her money.
HOW TO spot a PHISHING scam
To identify phishing scams in unsolicited calls, messages (SMS, Whatsapp), emails or deceptive websites, always be suspicious if the message:
« Includes a request to verify personal information, such as financial details or a password
« Offers a deal that sounds too good to be true
« Is written to invoke a sense of urgency, fear and you feel pressurised to make quick decisions on the spot, e.g. asking you to act fast not to miss the deal or to avoid your account being suspended
« Includes hyperlinks you need to click on that leads you to suspicious URL/ websites
« Includes attachments you need to click on to download suspicious files
« Is sent by a complete stranger that uses a Gmail or other public email address, rather than a legitimate corporate email address
« Is poorly written and has spelling or grammar errors
Note: Be very cautious of 'fake' online advertisements on social media platforms that are potentially phishing scams.
PHISHING scam prevention tips
Knowing how to protect ourselves by learning to detect and avoid phishing scams is largely a self responsibility.
Below are prevention tips to avoid being a victim of scams:
« Delete all suspicious messages received.
« If in doubt, always contact the relevant organisations (or family/ friends) for verification if they contacted you.
« Ignore too good to be true online advertisements on social media platforms. There has been an increased trend in fake advertisements by scammers.
« Never feel pressured to reveal your personal information online
« Never download or open attachments in messages/ emails from unfamiliar sources
« Never input sensitive information to pop-up windows from emails or websites
« Hover mouse over the links in email to check the destination address. An address that does not lead back to the website you are expecting is highly a phishing attack
« Never give out personal information like:
- Personal details (NRIC, address, date of birth),
- Bank/ financial details (bank account and/ or credit card details)
- Login ID details (Singpass),
- Passwords / PIN codes,
- OTP codes
A legitimate government or private organisation will never ask for your personal details.
« Avoid any unsolicited and unexpected contact from any strangers. Ignore strangers from any of the following:
- Phone messages,
- Phone calls,
- Messages from social messaging platforms,
- Messages from social media platforms,
- E-market[lace/ online shopping platforms,
- Letters, or
- People knocking on your door.
« Ignore all robocalls.
« Identify red alerts when callers claim to be:
- Police officers,
- Government authorities/ officials,
- Bank staff,
- Telecommunications company staff,
- Courier staff, and/ or
- Callers who are unable to verify their identity.
It is best to REPORT and BLOCK unsolicited calls and messages received via online and over mobile phone.
ADDITIONAL SCAM PREVENTION TIPS
« Keep computer and mobile device operating system and virus protection software up-to-date.
Never ignore updates to ensure patches protect against new kinds of scams, viruses and ransomware.
« Regularly change to strong passwords for important account logins.
« Stay alert and check websites being visited are secure. Secure web address starts with HTTPS, rather than HTTP.
« Avoid using public WiFi. Use safe and secure WiFi connections. Our standard 3G or 4G connection is often more secured than those at public places.
SOCIAL MEDIA SECURITY
« Never reveal your PRIMARY email address and MAIN mobile phone number on social media platforms under the "About Me" section.
This is to avoid opportunities for any social engineering attacks.
« Create and use a SECONDARY email address for all social media/ online shopping platforms.
Keep a PRIMARY email address only for banks or government agency portal logins.
« Omit your mobile number from all social media platforms.
« Never share your personal life and whereabouts with complete strangers you have added as friends on social media platforms (i.e. ransom crime)
USE SEARCH ENGINES TO AVOID BEING A VICTIM OF SCAM
« Adopt a good habit to perform research via the search engines using the keywords <name of offer + phishing + scams + complaints> or
« Stay updated with the latest phishing scam news under SIngapore Police Force's media room news and
« Subscribe to your local community's SCAM ALERTS announcements from the official authorities/ sources.
Read how to AVOID being a victim of other scams >>
Read Singapore Police News on >>
LIKE THIS PAGE?
LIKE OUR WEBSITE?
FACEBOOK LIKE US (:
Share Your Story. Warn Others.
Ever encountered a harrowing experience related to this? Share your story to warn others not to fall victim to such crime/ scam!