SINGAPORE — It looks like consumers will have to rely on online banking services for a bit longer as Singapore has extended its partial lockdown measures to 1 June in an effort to curb the spread of COVID-19.
With about half of bank branches in Singapore closed during the circuit breaker period, the Monetary Authority of Singapore has urged people to minimise visits to the physical premises of financial institutions. Consumers are advised to use digital, e-mail, and telephone channels as far as possible.
So how do you protect yourself from online scammers eager to exploit the coronavirus pandemic with new tricks, including “phishing” e-mails, fake sales of medical supplies online and bogus government relief schemes?
“Although we may have not seen an increase in cybercrime strictly related to bank breaches, the number of phishing sites related to COVID-19 has risen dramatically,” said Dean Coclin, senior director of business development at DigiCert, a US-based company focused on digital security.
When it comes to online banking, cybercriminals know that if they can access your account, they can transfer funds to a third party before you realise what has happened, Coclin said. They are seeking to obtain your credentials — user name and password — to clean out your accounts.
There are multiple ways they can do this. They can make a guess: most user names are some combination of first and last names. Passwords that are not made complicated can be guessed from lists of common passwords.
Coclin cautioned that scammers can create a bank phishing site and send a carefully crafted e-mail to the user, pretending to be from the bank. These e-mails look like they are being sent from the bank but, in fact, are sent from a third party account.
For example, the e-mail will say something like, “Your account has been compromised, please log in to reset your password”. It will then provide a link which goes to the phishing site (made to look like the real banking site) where the unsuspecting user is asked to type in their user name and password. If the user types it in, the hacker now has the account information necessary to access the bank account.
Be careful as scammers can call you on the phone, pretending to be your bank, stating there is a security problem with your account and that you need to give them your password for authentication. If you’re unsure, hang up and call the bank directly.
Scammers can also create fake smartphone apps to make it look like your bank while its actual purpose is to steal your credentials. This is more prevalent on Android devices so users need to be careful when downloading apps from unknown sources, he added.
To mitigate such attacks, users should choose a complex password that is be hard to guess. Most banks now have password requirements that include letters (including capitals), numbers, and symbols.
Use two-factor authentication for banks and brokerage accounts. This usually includes a text message sent to a phone with a code or, even better, a code generator app on your smartphone.
Coclin also reminded individuals to be careful when reviewing e-mails from the banks. “When you receive a bank or financial institution e-mail, read carefully to make sure they are the real deal. If in doubt, don’t click on the link in the e-mail; rather, log into your account by typing the URL in the browser’s address bar,” he said.
He suggests placing notifications on your bank account when transactions exceed a certain threshold. Most banks allow you to set limits and alert you when those limits are breached.
Never give a password out to anyone over the phone or via email, he stressed.
Also, be wary when using your work laptop to handle personal banking matters.
“Accessing your bank account directly from a work laptop should not be a risk, as long as your company allows using your laptop for personal business,” Coclin said.
“The one risk is that the employer is monitoring all traffic between the laptop and your company’s server which may expose details of what you are doing. If this behaviour is not allowed, the employee could face discipline.