OCBC begins making ‘goodwill payouts’ to phishing scam victims

·3-min read
Over 30 SMS phishing victims have received goodwill payouts so far, OCBC says. (PHOTO: REUTERS/Edgar Su)
OCBC begins making ‘goodwill payouts’ to scam phishing scam victims. (PHOTO: REUTERS/Edgar Su)

(UPDATE: OCBC Group CEO'S comment on 19 January on making full goodwill payouts added.)

SINGAPORE — OCBC Bank has begun making goodwill payouts to its customers who had fallen prey to the recent SMS phishing scam impersonating the bank.

The affected customers started receiving the goodwill payouts from 8 January, OCBC said in a statement on Monday (17 January). The payouts were "made on goodwill basis after thorough verification, taking into account the circumstances of each case", the bank added.

In an update on Wednesday (19 January), OCBC Group CEO Helen Wong said all OCBC customers affected by the recent SMS phishing scam will receive "full goodwill payouts". The payouts have gone to more than 100 victims so far, and arrangements with all affected customers will be made by next week.

"We seek the understanding and patience of our customers as thorough validation of each case requires time to ensure accuracy. This process is necessary so that every case is fairly and properly treated," Wong said.

The bank has also proactively reached out to customers who might not be aware that their banking activities were susceptible to the phishing scam, Wong added. "This has helped to prevent another 200 and more customers from falling prey to the scam."

At least 469 victims have fallen prey to SMS phishing scams involving OCBC since 1 December, with reported losses amounting to at least S$8.5 million, according to a statement by the police issued on 30 December.

The scams happened when the bank’s customers received unsolicited SMSes claiming that there were issues with their banking accounts, and asking them to click on links to resolve the issues.

After clicking on the links embedded in the text messages, victims would be redirected to fake bank websites and asked to key in their iBanking account login details. Victims would discover that they had been scammed when they received notifications informing them of unauthorised transactions charged to their bank accounts.

"This scam was particularly aggressive and highly co-ordinated. It also preyed on people’s fear that there was an issue with their bank accounts or credit cards. Past cases of SMS phishing scams largely targeted consumers with ‘too good to be true’ deals," OCBC said.

A dedicated team had been set up to support the victims, the bank added. "OCBC Bank acknowledged that its customer service and response fell short of our customers’ expectations, especially at a time of stress and anxiety."

In a separate statement on Monday, the Monetary Authority of Singapore (MAS) said it takes a serious view of the recent phishing scams involving OCBC.

"They have significantly impacted several customers. OCBC has acknowledged that its incident response and customer service should have been better. MAS has been following up with the bank on these and broader issues relating to the incident," said Ho Hern Shin, MAS's Deputy Managing Director (Financial Supervision).

Ho said MAS expects all affected customers to be treated fairly and noted OCBC has begun to make payouts to the victims of the phishing scam.

"OCBC will conduct a thorough probe to identify the deficiencies in their processes and implement the necessary remedial measures."

MAS will consider "appropriate supervisory actions" after the review, according to Ho.

In a joint statement issued by MAS and the Association of Banks in Singapore on Wednesday, banks in Singapore will remove clickable links in emails or SMS sent to retail customers and implement other additional measures amid the spate of recent phishing scams over the next two weeks.

Stay in the know on-the-go: Join Yahoo Singapore's Telegram channel at http://t.me/YahooSingapore