News and resources on cyber and physical threats to banks and fintechs worldwide.
OCBC Bank makes goodwill payouts to SMS phishing victims

OCBC Bank makes goodwill payouts to SMS phishing victims

OCBC Bank has announced it has begun making goodwill payouts since 8 January 2022 for customers who have fallen prey to recent SMS phishing scams.

Nearly 470 customers lost at least $8.5 million in December after scammers posed as OCBC and sent SMSes with links to phishing sites to victims. To date, more than 30 customers have received payouts after verification of each case. The bank reports this to be a “particularly aggressive and highly co-ordinated scam”, which preyed on people’s fear that there was an issue with their bank accounts or credit cards.

The bank’s investigation confirmed that victims had provided their online banking log-in credentials to phishing websites. Thereafter, the scammers were very fast in fraudulently transferring the monies out of customers’ bank accounts. The phishing scam is believed to have first surfaced in December 2021 and became increasingly aggressive over the holiday period.

OCBC Bank’s group CEO, Ms Helen Wong, said: “We strongly condemn this scam as it preyed on consumers’ fear and was a highly-coordinated one. We fully understand the concerns and anxiety of our affected customers. We have begun making goodwill payouts since 8 January 2022. I sincerely ask our customers to allow us the time to conduct a thorough review and validation before we inform them of the payouts. […] We apologise that our response fell short of our customers’ expectations during their time of distress.”

OCBC has set up a dedicated team to support victims, and has reached out to affected customers to address their concerns. However, the bank stated that due to the complexity of these cases, they may need more time to properly review and validate each case. Affected customers will be contacted as soon as the review and validation of their case is complete.

OCBC reports that it took measures from when the scam was first detected. Since 3 December 2021, the bank issued multiple alerts and warnings to its customers across multiple channels. It had also issued security alerts and advisories on its website, internet and mobile banking log-in pages, through customer e-mails, as well as through its own social media channels.

Two media advisories were issued, one on 23 December and another on 30 December 2021. SMS messages were sent to all customers on 30 December 2021 and 4 January 2022. Despite these efforts, the bank still acknowledged that its customer service and response fell short of customers’ expectations, especially at a time of stress and anxiety.

Ms Wong furthered, “I want to assure our customers and members of the public that our banking systems and digital banking platforms are safe and secure. Digital banking remains a convenient way to do banking. We do not want this scam to take that away from us. But scammers are increasing in sophistication. Therefore, I urge everyone to stay alert and do your banking only at the Bank’s official websites and on the official mobile apps. Together with the Association of Banks in Singapore and the Monetary Authority of Singapore, the industry will review to further strengthen the anti-fraud detection and prevention measures.”

Comments: (0)