SINGAPORE, April 27 — At least 154 people have fallen prey to a “recurring tech support scam” since January this year, with losses amounting to at least S$7.1 million (RM22.4 million), the authorities said yesterday.
In a joint announcement, the Singapore Police Force and the Cyber Security Agency of Singapore (CSA) warned the public of scammers who approach victims under the pretext of assisting them with computer or Wi-Fi network issues.
The agencies said they have observed two main methods that the tech support scam has been carried out.
In the first method, victims would receive a pop-up alert while using an internet browser on their computer, they said.
The alert would indicate that their computer has been compromised, and include instructions for them to contact the software provider, such as Microsoft, at a stated number for assistance.
The agencies said the number would usually appear as variants of +653159(XXXX), leading victims to believe that it was a valid local help desk contact number.
Victims who called the number provided would speak to scammers impersonating tech support personnel.
The second method involves victims receiving an unsolicited call from scammers, who would claim that they are working for internet service providers such as Singtel.
The agencies added that the scammers would indicate that the victims’ Wi-Fi network had been compromised by hackers and they were calling to assist in resolving the issue.
In some instances, the agencies said the scammers would claim that there were fraudulent transactions made from the victims’ bank account and that an investigation officer purportedly from government agencies such as the CSA or the police was investigating the incident.
In such cases, the scammers might also send fake verification emails from spoofed email accounts such as “[email protected]“ to the victims, said the agencies.
Regardless of the above two methods, the agencies said scammers would then request the victims to download a remote access application, such as Teamviewer, Ultraviewer, or AnyDesk.
Under the pretext of resolving the issue, the agencies said the scammers would instruct the victims to log into their internet banking account, and provide their credit or debit card details and One-Time Password.
After that, using the remote access, the scammers would then transfer funds from the victims’ bank accounts or make fraudulent charges to the victims’ credit or debit card.
The agencies also highlighted a third method used by the scammers where victims would be directed to scan a Singpass QR code on a phishing website with their Singpass app, claiming it was part of the verification process.
The agencies said that by scanning the QR code and authorising the transaction, the victims would unintentionally give the scammers access to create cryptocurrency wallets with their details.
These cryptocurrency wallets would later be used by scammers to facilitate the flow of illicit proceeds.
In their advisory, the agencies reminded members of the public that “no telecommunications service provider or government agency” will request an individual’s personal details, access to their online bank account over the phone or through automated voice machines, or ask for payment for services rendered.
In the event someone has fallen prey to such scams, the agencies advise them to uninstall any software they may have installed on the instruction of the scammers.
They should then turn off the relevant devices and “limit any further activities that the scammers can execute”.
Aside from changing their Internet banking credentials and removing any unauthorised payees who may have been added to their bank accounts, these victims should also inform both their banks and the police of the incident.
To prevent themselves from falling victim to such scams, members of the public should ignore such calls and instructions from the scammers, the agencies said.
They also said that the ‘+’ sign prefix indicates that it is an international incoming call, and that domestic calls will not display such signs.
When logging into a digital service with a Singpass app, members of the public should also ensure that the domain URL displayed on the Singpass app’s consent page matches that on their browser before proceeding.
“If not, do not tap on the ‘log in’ button on the consent screen,” said the agencies.
Members of the public who wish to provide any information related to such scams can call the police hotline at 1800-255-0000, or submit it online at www.police.gov.sg/iwitness.
For more information on scams, they can call the National Crime Prevention Council’s Anti-Scam Helpline at 1800-722-6688 or visit www.scamalert.sg. — TODAY
