It happens in minutes, even seconds. In Singapore, a man who filed a dispute over a faulty computer with the Consumers Association of Singapore reportedly lost $149,000 in a matter of minutes after he clicked on a live chat icon in an e-mail purportedly from the consumer watchdog. Mike (not his real name), who is in his early 50’s and works in the education industry, was one of at least 10 victims who fell prey to the phishing e-mails in October.
The police said the total losses amounted to at least $225,000. Case said in October that 5,095 phishing e-mails were sent to consumers after cyber attackers hacked its mail server.[1] “Mike received an e-mail on Oct 9 stating that he had been assessed by “Case” to be “eligible for compensation” after filing a dispute. “I thought the e-mail was real because I had approached Case for mediation in June 2021 after buying a Dell computer that was faulty. I dropped the complaint that same month when I got a refund from Dell,” he recalled.
When asked why he had believed the content in the e-mail despite the issue being resolved more than a year ago, Mike said: “It did raise some suspicion that the e-mail was not real, but it said ‘payment is guaranteed’. So, I was just curious to see what the compensation was.”
When Mike clicked on the live chat icon included in the e-mail, he was led to “what looked like a legitimate DBS (a legitimate Singapore bank) website.” “Everything happened quickly after that. When the site disappeared after I clicked it, I tried again. I later pressed ‘authorize’ on a notification that popped up on my mobile phone, which I was told would allow Case to look into the matter. And just like that, my money was gone,” he said. Mike, who lost most of his life savings, filed a police report that night. The police confirmed the report and said investigations are ongoing.
Authorities, who confirmed the watchdog had received feedback from Mike, said: “As the matter is currently under investigation, we are unable to comment further.”
A DBS Bank spokesman explained its systems remain secure and said: “The data leak at Case was used by criminals to successfully convince the victim to give up his banking credentials and transfer funds by carrying out multiple authorizations through a spoofed website. “This is why data breaches require quick and clear communication to victims in accordance with data protection laws and best practice, so that impacted persons can take proactive steps to prevent further harm.” More than 5,000 phishing e-mails impersonating “Case” bank officer were sent during this time frame. Victims lose $237,000 in SingPost, Singtel phishing scams.
DBS said the bank has processes in place to prevent its intellectual property from being abused, including resources to take down fraudulent websites as soon as possible. “Our customers are reminded to be mindful of the URLs of websites they are using and, if in doubt, to verify via the bank’s official channels,” said the spokesman.
Mike, who is single, said: “It feels terrible. The money was a huge chunk of my life savings. I need it as my parents are in their late 80s and depend on me, there are medical fees and medicine to think about. I’m very concerned that I’ll be unable to support them. I’m not earning a lot and it is a large sum of money. I’m just desperate to somehow get my money back.”
Mike recently sought help from the Financial Industry Disputes Resolution Centre (Fidrec), which specializes in the resolution of consumer financial disputes. It was reported last month that fraud and scams accounted for nearly a third of claims handled by Fidrec for the financial year spanning 1 July 2021, to 30 June 2022.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://www.straitstimes.com/singapore/man-who-lost-149k-after-clicking-on-phishing-e-mail-among-at-least-10-victims-in-case-cyber-attack
Comments