Authorities working on requiring all banks, telcos, SMS aggregators to join anti-spoof registry

Authorities working on requiring all banks, telcos, SMS aggregators to join anti-spoof registry

Imda, Phishing

20/1/2022 2:45:00 PM

Authorities working on requiring all banks, telcos, SMS aggregators to join anti-spoof registry

SINGAPORE — The authorities are working on getting all telcos, banks and SMS aggregators in Singapore to sign up for a national registry that allows businesses to block spoofed scam messages from being sent to customers. TODAY understands that this will be made a requirement for these companies

SINGAPORE —The authorities are working on getting all telcos, banks and SMS aggregators in Singapore to sign up for a national registry that allows businesses to block spoofed scam messages from being sent to customers.TODAY understands that this will be made a requirement for these companies and organisations, as part of a

suite of security measuresannounced earlier which were designed to combat scams such as the recent OCBC Bank phishing scam.In response to TODAY's queries, spokespersons from the Infocomm Media Development Authority (IMDA) and the Monetary Authority of Singapore (MAS) said in a joint statement on Thursday (Jan 20) that they will"roll out the registry to all telcos, SMS aggregators, and banks that use SMS services for retail customers".

Read more: TODAY »

MOH also Shouldn't financial companies like credit/debit card issuers and insurance companies be made to join too?

OCBC phishing scam: Banks should stop using SMS to communicate with customers, experts saySINGAPORE — In the wake of a recent phishing scam involving hundreds of OCBC bank customers, some cybersecurity experts are suggesting that banks here do away with communicating important information such as verification codes via SMS. Then use wat? Email? Call? Telepathy? Step 1 is wrong. It should be the bang’s useless security and failed customer service. Bank’s comm with customers should be via bank’s app only. No more sms please. This is scary.

DBS warns of SMS phishing scam 'actively targeting' customersSINGAPORE: DBS Bank warned on Wednesday (Jan 19) that a phishing scam is \u0022actively targeting\u0022 customers via suspicious login alert scams. The warning comes on the back of a recent spate of straits_times govsingapore SingaporePolice MAS_sg CPIBsg Pls investigate if the culprits are linked with FOREIGN/LOCAL SYNDICATE/TERRORISM. Many victims,many cheats, many ways for long. BIG💰. Pls check WHERE the TRANSFERS GO TO. FREEZE bank accounts & publish & punish them

OCBC announces it will pay all SMS scam victims full sum they lostSINGAPORE - All OCBC customers affected by a recent spate of SMS phishing scams will receive 'full goodwill payouts' covering the amount they lost, OCBC Bank said in a statement on Wednesday (Jan 19). More than 100 victims have already received the payouts and the bank will make arrangements for the payout with all remaining affected customers by next week,...

OCBC to make 'full goodwill payouts' to all victims of recent SMS phishing scamArrangements with all victims will be made by next week. Full good will is 10k or 500k It's nda so pay a bit still can get Away with the mistake Ocbc did the right thing! Good on you, ocbc!

DBS warns of SMS phishing scam after fake messages received by customers'DBS will never ask for your account details or OTP over the phone, email or SMS,' the bank said in a Facebook post.

OCBC to fully reimburse all victims for money lost to SMS phishing scam; arrangements to be made by next weekSINGAPORE — OCBC Bank will be making arrangements with all customers, who were victims of a recent SMS phishing scam, to be fully reimbursed them for the monies they lost by next week, said the bank on Wednesday (Jan 19). Good gesture. 👍🏻 Nice one...way to show other banks what u do is better than others

LinkedIn SINGAPORE — The authorities are working on getting all telcos, banks and SMS aggregators in Singapore to sign up for a national registry that allows businesses to block spoofed scam messages from being sent to customers. TODAY understands that this will be made a requirement for these companies and organisations, as part of a suite of security measures announced earlier which were designed to combat scams such as the recent OCBC Bank phishing scam. In response to TODAY's queries, spokespersons from the Infocomm Media Development Authority (IMDA) and the Monetary Authority of Singapore (MAS) said in a joint statement on Thursday (Jan 20) that they will"roll out the registry to all telcos, SMS aggregators, and banks that use SMS services for retail customers". "The recent surge in spoofing attacks involving banks underlines the need for robust defences at the ecosystem level against spoofing attacks," the statement said. The registry, called the Singapore SMS SenderID protection registry, had been in its pilot phase since last August. Following the OCBC phishing scam, there have been calls to make it mandatory for firms to be part of the registry. As of Thursday, more than 2,100 people have signed an online petition to get IMDA to require all organisations in Singapore to register with the authorities before being allowed to send SMS messages with sender IDs. Earlier this week, IMDA had also urged more organisations to sign up. A slew of measures were announced on Wednesday evening by MAS and the Association of Banks in Singapore to tighten the security of digital banking and protect account holders from phishing scams. These include banks removing clickable links in emails or SMS messages sent to retail customers and having dedicated customer assistance teams to deal with feedback on potential fraud cases. The OCBC phishing scam claimed nearly 470 victims who lost at least S$8.5 million in all. The bank has said it will fully reimburse all customers who lost money to the scam. Many of these victims had been tricked by fake SMS messages that appeared in the same thread as legitimate text messages from OCBC for one-time passwords and transaction alerts. The swindlers impersonated the bank by inputting their sender ID as “OCBC”, claiming that there were issues with the customer’s bank accounts or credit cards and instructing them to click on a link in the SMS message that led the customer to a fake banking website. Sender IDs are names that identify the sender of an SMS message so that a word or phrase (such as OCBC), instead of a number, is displayed on the recipient's mobile phone. To combat these forms of scams, the registry allows organisations to register their sender ID. When fraudsters try to send messages using a sender ID that is registered, these organisations may choose to block them from being sent. IMDA had previously said that"some banks" signed up when the pilot registry was started and named e-commerce platform Lazada and Singapore Post as being on it as well. OCBC Bank is understood to be part of the pilot registry project. “We urge more businesses and organisations that use SMS sender IDs to do so,” IMDA wrote in reply to a reader’s letter to The Straits Times on Monday. The SMS SenderID protection registry is run by global trade body Mobile Ecosystem Forum (MEF), which developed and ran a registry in the United Kingdom where the firm is based. Speaking to TODAY earlier, MEF’s registry project director Mike Round had