Banks in Singapore to remove clickable links in emails or SMS to customers: MAS

·Editorial team

19 January 2022 at 8:17 am·2-min read

SINGAPORE - JULY 21: A view of the DBS Bank headquarters (2nd L), Standard Chartered corporate office (3rd L) and HSBC Bank building at Marina Bay Financial Centre, Singapore on July 21, 2019. (Photo by Adli Ghazali/Anadolu Agency via Getty Images) — A view of the Marina Bay Financial Centre. (PHOTO: Anadolu Agency via Getty Images)

SINGAPORE — In the next two weeks, banks in Singapore will remove clickable links in emails or SMS sent to retail customers and implement other additional measures amid the spate of recent phishing scams.

The announcement by the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) on Wednesday (19 January) comes after OCBC Bank customers recently lost millions to phishing scams.

A total of 469 victims had fallen prey to SMS phishing scams involving OCBC since 1 December, with reported losses amounting to at least S$8.5 million, the police said on 30 December. The bank had begun making "goodwill payouts" to affected customers.

DBS also warned customers about an SMS phishing scam in a Facebook post on Wednesday.

In a separate statement, DBS said that starting Friday, it will send only "essential SMSes" with no clickable links to its customers including security and trade notifications, and OTP authentication.

Among the other measures announced by MAS and ABS include setting the threshold for funds transfer transaction notifications to customers by default at $100 or lower, a delay of at least 12 hours before activation of a new soft token on a mobile device, notification to existing mobile numbers or emails registered with the bank whenever there is a request to change such customer data, and a cooling-off period before implementation of requests for key account changes such as contact details.

Customers are also urged to be vigilant to avoid falling for online banking scams, MAS and ABS said. Among the precautions, they must never click on links provided in SMSes or emails, divulge internet banking credentials or passwords to anyone, and verify SMSes or emails that they receive. They should also verify that they are at the bank’s official website before making any transactions, or transact through its official mobile application.

Banks will continue to work closely with MAS, the police, and the Infocomm Media Development Authority to deal with scams including working on more solutions to combat SMS spoofing, and intensifying scrutiny of the industry’s fraud surveillance mechanisms.

MAS Managing Director Ravi Menon said, “MAS is deeply concerned about the recent spate of scams and the financial losses suffered by victims. The threat of scams will not go away, but we can reduce our vulnerabilities…We will ensure that digital banking remains secure, efficient, and trusted.”

Stay in the know on-the-go: Join Yahoo Singapore's Telegram channel at http://t.me/YahooSingapore