Source: Stephen Tay and BeeLeng Kaya Novem Facebook account.

SPF warns public of phishing website seeking to obtain sensitive personal data

Singapore Police Force (SPF) released a warning on Tuesday (16 January) on phishing websites after responding to SMSes (Short Message Service) that were purportedly sent by United Overseas Bank.

It stated in a Facebook post that the Police have received reports where victims were cheated into providing their personal information and credit card details on the websites. The victims later realised that unauthorised transactions in various foreign currencies were made to their credit cards.

According to the Police, in these cases, the victims would receive a SMS purportedly sent by the bank informing them of a new account notification. Victims were asked to click on the link provided (uob-mob.com) on the text message.

The victims were then directed to a website resembling a genuine website of the bank where they were asked to enter their personal information and credit card details, such as their credit card number, date of expiry and Card Verification Value for verification purposes.

“Without the knowledge of the victims, the scammers had actually downloaded the “UOB Mighty App” and entered all the details that the victim had provided into the application,” the Police said.

This would lead to the victims receiving a One-Time Password (OTP) on their mobile phones which they were prompted to key into the website. Subsequently, the victims received SMS notifications of foreign transactions made on their credit cards.

The Police advise members of the public to adopt the following preventive measures:

A) Be wary when you are asked to disclose your personal information and bank account details over the internet;

B) Beware of phishing websites that may look genuine. Look for signs that you are using a legitimate or secure website. These websites are generally encrypted to protect your details. Secure websites use ‘https:’ instead of ‘http:’ at the start of the internet address, or display a closed padlock or unbroken key icon at the bottom right corner of your browser window; and

C) Report any fraudulent charges detected in your credit card bills to your bank immediately.

Members of the public can seek scam-related advice by calling the anti-scam helpline at 1800-722-6688 or go to www.scamalert.sg.

On 13 January, Mr Stephen Tay wrote a post on his Facebook page regarding the matter, saying that he received an SMS and it only stated a link to uob-mob.com.

“This is a new form of spoofing to get your login information. The domain name is not owned by UOB (see third pic) and was just registered as the SMS was sent out,” he stated.

On the same day, Mr BeeLeng Kaya Novem also posted the same issue, saying that he fell onto the scam.

He wrote that he clicked on a link from an sms sent from the official UOB sms, which looked legit enough and prompted him to key in his user ID and password.

About half an hour later, another sms sent from the same official UOB sms, notifying a transaction of EUR 1189 made on Mr Novem’s UOB credit card.

Mr Novem then contacted UOB call centre and was asked to lodge in a Police report and submit the report to any UOB branch.