The Singapore Police Force (SPF), Cyber Security Agency of Singapore (CSA), and Monetary Authority of Singapore (MAS) would like to remind the public to be vigilant when providing credit card credentials to complete online transactions.
2 On 22 November 2024, SPF published a news release
3 After successfully taking over the victim’s card, the scam syndicate will conspire with a money mule to make unauthorised transactions by connecting the mule’s mobile device to the scammer’s Apple wallet. The money mule would then be able to make in-person purchases using the contactless payment method (also known as Near Field Communication (NFC) mobile payments) to buy goods in-store, for example, high value electronic items or luxury goods.
4 From 1 Oct to 31 Dec 2024, at least 656 reports where phished card credentials were provisioned to mobile wallets were lodged, with losses amounting to at least $1.2 million. Of these cases, at least 502 reports involved cards linked to Apple Pay.
5 The SPF, CSA, and MAS have been working with the banks, mobile wallet providers such as Apple, and card service providers to impose measures to arrest this trend. We urge the stakeholders to cooperate with us, and impose measures to protect their customers.
6 Members of the public are reminded not to share banking and card credentials with anyone, i.e. passwords or OTPs, and to check the veracity of e-commerce websites and links on which they are transacting. They should also take the following precautionary measures:
a. ADD – Add the ScamShield app to their mobile device and activate security features such as digital tokens for banking apps. Lower card transaction notification thresholds to a level adequate for daily spending for closer monitoring of spending on your bank cards, and disable the card for overseas use if you are not travelling overseas.
b. CHECK – Check your SMS OTP and notifications to ensure that your credit cards are not being provisioned to a mobile wallet without your permission. Call your card issuing bank immediately if this has happened.
Be wary of online vendors and avoid clicking on unsolicited hyperlinks and QR codes to make payments as they may be phishing for your confidential details. Check for signs of phishing (e.g., suspicious website links, messages and phone numbers) with official sources (e.g. call the ScamShield helpline (1799) or visit www.scamshield.gov.sg), or someone you trust.
c. TELL – Tell the authorities, family, and friends if or when you encounter scams. Report and block any suspected scam accounts and chat groups. If you suspect that you have fallen victim to a scam, call your bank or card issuer immediately to report and block any fraudulent transactions as well as make a police report.
7 If you have any information relating to such crimes or are in doubt, please call the Police Hotline at 1800-255-0000, or submit it online at www.police.gov.sg/i-witness. All information will be kept strictly confidential. If you require urgent Police assistance, please dial ‘999’.
8 For more information on scams, members of the public can visit www.scamshield.gov.sg or call the ScamShield Helpline at 1799.
[1] https://www.police.gov.sg/media-room/news/20241122_seven_individuals_presented_ with_community_partnership_award
