At least 15 victims have fallen prey to a new scam that sees scammers posting ads on Google Search, which would then appear when the user searches for bank contact numbers. According to the Singapore Police Force (SPF), since December 2021, the victims have incurred losses amounting to at least SG$495,000 for such scams involving fake bank hotlines.
Google's spokesperson told MARKETING-INTERACTIVE that it is working closely with the SPF to identify and take quick action. At the same time, the spokesperson explained that it is constantly working to ensure that users' ad experiences are safe on its platforms.
In such scams, the victims would search for the banks’ contact number via Google Search as they wanted to seek the banks’ advice for various reasons. The victims would then see the scam ads appearing as the first few search results. These scam ads would provide a fake contact number for victims to contact.
Believing that these were bank hotlines, victims would call the number shown in the ad and speak to a scammer impersonating as a bank staff. After sharing the reasons for contacting the bank, victims would be informed that there were issues with their bank account, credit/debit cards or loan amount. The scammer would then instruct the victims to temporarily transfer the funds to bank accounts provided, under the pretext of resolving the bank account or credit/debit card issue, or to make a payment for the outstanding loan.
In some cases, SPF said victims would receive an SMS with headers spoofing that of the bank to appear more authentic, claiming that the bank was facilitating a reset of the victims’ bank account as part of the “Let’s Fight Scam” Campaign by the Anti-Scam Centre and SPF, or would state that the victim needed to transfer money for early loan settlement. Victims would only realise that they had been scammed when they contacted the bank via the authentic hotline to verify the new bank account number or when the bank contacted them to verify the reason for the large sum of money transferred.
Google's spokesperson said: "If we find advertisers who violate our policies or misrepresent themselves, we take quick action. To provide greater transparency and equip people with information about who is advertising to them, in 2021 the tech giant launched Google’s Advertiser Identity Verification in Singapore and continues to scale it to all advertisers across its platforms.
In 2020, Google blocked or removed about 3.1 billion ads for violating its policies and restricted an additional 6.4 billion ads globally. It is also currently verifying advertisers in over 100 countries and territories and sharing the advertiser name and location in its "About this ad" feature so consumers know who is behind a specific ad and can make more informed decisions.
Meanwhile, SPF has urged members of the public to always verify the authenticity of the information with numbers listed on official bank website or behind the cards issued by the banks; never transfer funds into bank accounts belonging to someone they do not know; never disclose your personal information or banking details and OTP to anyone; and report any fraudulent transactions to your bank immediately.
This latest scam comes after OCBC Bank and DBS Bank have also fallen prey to SMS phishing scams. Last year, hundreds of OCBC Bank customers were impacted by the scams, with losses amounting to at least SG$8.5 million. Since then, more than 100 victims have received "full goodwill payouts" from the bank covering the amount they lost. Arrangements for the payouts will be made to all affected customers by next week.
Just today, DBS Bank also warned of scammers "actively targeting" its customers via suspicious login alert messages. According to Channel NewsAsia, targeted consumers will receive a fraudulent SMS claiming their account has been suspended. They will then be asked to verify their details by logging into a phishing website. CNA added that the SMS is sent out from a generic account using sender IDs such as INFO, INFOSMS, and Notice, among others. Upon clicking on it, the victims will be redirected to phishing websites requesting for their username, password, and one-time PIN.
Following the series of SMS phishing scams, the Monetary Authority of Singapore said today that it will work with banks in Singapore to put in place more stringent measures within the next two weeks. These include the removal of clickable links in emails or SMSes sent to retail customers; threshold for funds transfer transaction notifications to consumers will be set by default at SG$100 or lower; and a delay of at least 12 hours before the activation of a new soft token on a mobile device, among other measures.