GlobalSign Blog

21 Mar 2019

When Hackers Invade Singapore’s Financial Institutions

It’s not a secret that Singapore is the third richest country in the world per capita. That’s because the country excels in almost all industries they venture in, from technology to tourism. And out of all them, the one that’s always the target of cyberattacks is their strong banking industry. The hackers’ favorite tool? Email phishing scams.

According to a 2018 press release from the Singapore Police Force, hackers already walked away with at least SGD 30 million from over 200 reports of email phishing scams. That’s an increase from 2017’s SGD 13 million loss, which is saying something about how great the threat of email phishing really is. It became such a threat that banks and government were obligated to release public advisories.

Around October of last year, the Monetary Authority of Singapore (MAS) stepped up to caution the public about a certain phishing scam. This came after reports of fake emails using @mas.gov.sg accounts started targeting clients with phishing emails. Hackers used subjects like “Fund Transmittal” and “Singapore Compliance Information” to entice the victims into opening the email and clicking the phishing link inside.

“Members of the public should not respond to the emails, open the email attachments or divulge any personal information including login IDs or passwords,” MAS noted in their advisory. “Under no circumstances will MAS ask members of the public to provide their personal or bank account information.”

And just last month, a new set of phishing emails started targeting the public. This time, the hackers are pretending to be representatives from OCBC Bank. The emails also use subjects like “Secure your account from unauthorized users” to alarm the victims into opening the email. The thing is, it wasn’t even the first time their company was used as a front for hackers.

“These emails contain a hyperlink directing you to a phishing website, which will require you to provide your personal or banking details. For example, full name, NRIC/ passport numbers, Bank account numbers, card numbers, expiry date, CVV number, Personal Identification Number (PIN), One Time Password (OTP) and even in some instances to provide the OTP generated from their hardware token. Once this is done, fraudulent transactions may be effected from your accounts,” OCBC noted on their advisory.

Email scams have become a common nuisance to all Singaporeans. It’s only appropriate that we shed light to this problem and help minimize the phishing email cases. Financial institutions and the general public alike should always be vigilant when it comes to their email habits. Just remember to step back and consider the four nevers when dealing with phishing emails.

  • Never open any email from someone you don’t know or recognize.
  • Never click any link or download any attachment from suspicious emails.
  • Never interact with an email that doesn’t contain an email signature.
  • Never keep suspicious emails on your inbox. Delete immediately!

One way to minimize the damage of phishing emails is for financial institutions to install Secure Email Certificates from GlobalSign. Using S/MIME technology, GlobalSign’s Secure Email Certificates secure the content of your emails and authenticates your identity to your clients with trusted security indicators. Learn more about Secure Email Certificates on our official website.

Share this Post

Connect with us

fb_icontw_iconin_icon