In spite of widespread awareness surrounding the proliferation of e-commerce scams, a considerable number of individuals still find themselves ensnared by these cunning social engineering tactics.
According to Gary Gardiner, Head of Security Engineering for APAC and Japan at Check Point Software Technologies, there are several contributing factors. He points out, “Many, especially the younger demographic, harbor an overconfidence in their tech-savviness, believing they are impervious to scams. It’s also common for users to harbor a false sense of security, placing undue reliance on e-commerce platforms and anti-virus solutions for protection.”
Furthermore, Gardiner highlights a concerning trend. “Check Point Software has observed an uptick in the utilization of AI by scammers. This empowers them to craft content that appears more genuine and personalized. Unlike in the past, scams are now harder to detect due to improved grammar and spelling.”
OCBC’s new security protocol
In response to the persisting success of e-commerce scams, OCBC took proactive measures, implementing a robust security protocol. This protocol prevents bank customers from accessing their accounts if potentially harmful applications are present on their phones.
Although this move initially garnered some criticism online, the tangible effectiveness of this security measure has silenced skeptics. According to OCBC, in its inaugural month, they successfully thwarted potential losses amounting to over S$2 million.
Woman lost S$76,000
However, not all bank customers have been as fortunate. In a recent incident reported by Mothership, a 51-year-old woman fell prey to an e-commerce scam involving discounted mooncakes, resulting in the loss of S$76,000. These funds were intended for use as a down payment for her new home and renovation.
The scammer coerced her into downloading an unofficial mobile app for payment, subsequently barring access to two of her banking apps. Despite deleting the unofficial app, she eventually succumbed to the scammer’s persuasion and redownloaded it.
Distressingly, she only discovered the loss the following day when substantial sums were withdrawn from her account without her knowledge. To exacerbate matters, no notifications were sent to her, even though she had requested them. This hints at a potential malware scam.
Gary further explained, “Based on various news sources, it appears the woman was a victim of a malware scam. Her banking credentials may have been compromised through a concealed key-logging function within the downloaded app.”
Politicians debate
With the escalating prevalence of these scams and the growing number of victims, Member of Parliament (MP) Sylvia Lim, representing the Workers’ Party, has called on the government to compel banks to take more substantial measures in aiding the victims. She argues that banks should bear full responsibility and reimburse all lost funds.
However, Alvin Tan, Minister of State for Trade and Industry and MP, urged caution. In an article by Today, he emphasized, “Full restitution without due consideration of culpability is neither fair nor desirable. Doing so can erode vigilance and personal responsibility, and lull users into complacency.”
What can you do?
As the Parliament engages in this debate, the pivotal question remains: “What additional measures can we adopt to safeguard ourselves from falling prey to such scams?”
To this, Gary advised, “It is never advisable to download any unknown or unofficial applications. Users should always ensure to only download applications from authorized app stores.”
Should the need arise, take heed of Gary’s following recommendations:
- Practice good cyber hygiene: Only trust communications from known and verified sources. Avoid clicking on links or providing sensitive information without confirming the sender’s authenticity.
- Enable two-factor authentication whenever possible: Implementing this additional layer of security ensures enhanced protection for your accounts and personal information.
- Consider installing security software on your devices: This proactive measure helps safeguard against suspicious websites, malware, and potential data theft, providing a safer online experience.
