SINGAPORE: The accountant in her mid-20s received a call from an alleged acquaintance she met at a social gathering, asking for a loan of close to S$80,000 (US$58,800) to set up a new cafe.
Believing that she was doing something good by helping someone in distress, the woman transferred the sum. She never heard back from the person after that.
The incident from June last year was just the most recent of around 10 “fake friends” scam cases that Mr Rajan Supramaniam, senior criminal lawyer at Regent Law, has handled in the last two years.
Such cases typically involve scammers contacting victims through text messages or phone calls, pretending to be someone they know, and then asking for financial help.
A discussion on online forum Reddit highlighted that payment system PayNow – which allows bank users to send and receive money using mobile numbers – could be a source of information for scammers.
Simply searching for a phone number on PayNow, using banking apps, throws up the display name that the account holder uses. For many users, this is their real name.
Experts CNA spoke to agreed that scammers could be using PayNow to search for potential victims.
Associate Professor Kelvin Law from Nanyang Technological University (NTU) said: “The potential security vulnerability of PayNow is a serious concern because it allows scammers to obtain victims’ full names before calling them.”
The National University of Singapore's (NUS) Associate Professor Natalie Pang added: “My advice is to be cautious about the information we put out as much as possible. For instance, on PayNow, it is possible to change the display name.”
Assoc Prof Law, who is with Nanyang Business School's division of accounting, proposed that for non-corporate banking accounts, banks display only the account holder's initials on PayNow.
“For example, instead of showing ‘David Tan’, the display should show ‘D*** T****’, with the number of asterisks not corresponding to the actual length of the person’s name,” he suggested.
Additionally, banks operating PayNow should set an upper limit on the number of queries an individual account can make, added Assoc Prof Law.
“If the bank’s system detects an account making an extremely high number of queries in a day, for instance, hundreds, the account’s search function should be immediately frozen for further investigation.”
At least one local bank is working towards strengthening the safety of the PayNow platform. UOB said it is exploring a masking feature to limit the amount of users’ information publicly available.
“To combat such scams, UOB is actively exploring the implementation of a PayNow name masking measure, where customers’ nicknames on the PayNow platform will be replaced with a masked version of their registered account names,” a spokesperson told CNA.
This will prevent scammers from obtaining names of potential victims but still allow legitimate payers to verify recipients' names before making transfers.
Regent Law's Mr Supramaniam said the S$80,000 his client lost was quite typical of such "fake friends" scams.
“It usually ranges between S$50,000 and S$80,000. The lowest one was S$30,000,” said Mr Supramaniam, whose clients would come to him for legal advice on steps to take in the aftermath of such scams.
“They lost money because they were scammed by people who claimed themselves to be friends or someone who knew them, sometimes even using someone else’s voice.”
He said that some victims get so drawn into the ruse that they sometimes even do the transfers over multiple transactions, as they trusted and had rapport with the perpetrators.
Mr Supramaniam said that “time is of the essence” when responding to such scams. In some cases, by the time the victims realise they have been tricked, one or two months have already passed, which lowers the chances of recovery.
“They are very distressed ... it’s very heartbreaking as it’s their hard-earned money. Some of them were even actually going into depression. The impact can really be felt.”
It takes a toll on the victims’ families too, as sometimes the transactions are done without the knowledge of parents or spouses, said Mr Supramaniam.
He said there are challenges in recovering the lost money, as the caller first has to be traced. “Some people can just be third parties calling on behalf of others, so the money ultimately gets transferred out of Singapore.”
A screenshot of the profile details page on the UOB PayNow platform.
A screenshot of the profile details page on the OCBC PayNow platform.
A screenshot of the profile details page on the DBS PayNow platform.
Police statistics show that more than 6,300 victims fell prey to the "fake friends" scams from January to November last year. The losses amounted to over S$21 million.
Mr Supramaniam said that for most victims, punishment for the perpetrators is actually not at the top of their mind.
“They are not interested in having these people be prosecuted and go to jail. The legal consequences, they are secondary. They just want to regain the money as it’s their savings.”
Given how digitalised society is now, personal information could be easily found even if users mask their PayNow names, NUS' Assoc Prof Pang noted. For example, people often use their real names on social media and messaging platforms like Telegram and WhatsApp.
"Be very cautious about the kinds of personal information you put out about yourselves, such as your names, phone numbers and addresses," said Assoc Prof Pang, who is with the university's communications and new media department.
"One should also regularly review privacy settings of apps such as social media and chat apps, in order to restrict the visibility of one’s profile and who can view your information and profile."
NTU's Assoc Prof Law, who has himself received a fake friend scam call, said users must exercise caution when someone claiming to be a friend or acquaintance asks for favours or money over the phone.
Users should visually verify the person’s identity, as voice cloning technology is now advanced enough for someone’s voice to be replicated with just a few minutes of audio recording.
While scammers can still use deepfake technology to clone a friend’s appearance, it is more difficult to scale such operations due to the increased computing power required, he said.
While users should be vigilant, the responsibility to protect customers lies primarily with the banks, Assoc Prof Law said.
Under current Personal Data Protection Act regulations, organisations are required to implement security measures to protect personal data from unauthorised access, collection, use, disclosure or similar risks, he explained.
“Banks should ensure that their systems and practices comply with these regulations to safeguard their customers’ data and prevent it from being exploited by scammers,” he said.
The UOB spokesperson said that protecting customers is a priority, and it has “progressively introduced various security controls and measures” with the increasing number of scam cases reported in Singapore.
“That said, our customers remain the singular most effective defence and we strongly urge them to exercise vigilance and caution in this ever-evolving threat landscape,” said the spokesperson.
Continue reading...
Believing that she was doing something good by helping someone in distress, the woman transferred the sum. She never heard back from the person after that.
The incident from June last year was just the most recent of around 10 “fake friends” scam cases that Mr Rajan Supramaniam, senior criminal lawyer at Regent Law, has handled in the last two years.
Such cases typically involve scammers contacting victims through text messages or phone calls, pretending to be someone they know, and then asking for financial help.
A discussion on online forum Reddit highlighted that payment system PayNow – which allows bank users to send and receive money using mobile numbers – could be a source of information for scammers.
Simply searching for a phone number on PayNow, using banking apps, throws up the display name that the account holder uses. For many users, this is their real name.
MASKING KEY DETAILS
Experts CNA spoke to agreed that scammers could be using PayNow to search for potential victims.
Associate Professor Kelvin Law from Nanyang Technological University (NTU) said: “The potential security vulnerability of PayNow is a serious concern because it allows scammers to obtain victims’ full names before calling them.”
The National University of Singapore's (NUS) Associate Professor Natalie Pang added: “My advice is to be cautious about the information we put out as much as possible. For instance, on PayNow, it is possible to change the display name.”
Assoc Prof Law, who is with Nanyang Business School's division of accounting, proposed that for non-corporate banking accounts, banks display only the account holder's initials on PayNow.
“For example, instead of showing ‘David Tan’, the display should show ‘D*** T****’, with the number of asterisks not corresponding to the actual length of the person’s name,” he suggested.
Additionally, banks operating PayNow should set an upper limit on the number of queries an individual account can make, added Assoc Prof Law.
“If the bank’s system detects an account making an extremely high number of queries in a day, for instance, hundreds, the account’s search function should be immediately frozen for further investigation.”
Related:
At least one local bank is working towards strengthening the safety of the PayNow platform. UOB said it is exploring a masking feature to limit the amount of users’ information publicly available.
“To combat such scams, UOB is actively exploring the implementation of a PayNow name masking measure, where customers’ nicknames on the PayNow platform will be replaced with a masked version of their registered account names,” a spokesperson told CNA.
This will prevent scammers from obtaining names of potential victims but still allow legitimate payers to verify recipients' names before making transfers.
LOSS OF HARD-EARNED MONEY
Regent Law's Mr Supramaniam said the S$80,000 his client lost was quite typical of such "fake friends" scams.
“It usually ranges between S$50,000 and S$80,000. The lowest one was S$30,000,” said Mr Supramaniam, whose clients would come to him for legal advice on steps to take in the aftermath of such scams.
“They lost money because they were scammed by people who claimed themselves to be friends or someone who knew them, sometimes even using someone else’s voice.”
He said that some victims get so drawn into the ruse that they sometimes even do the transfers over multiple transactions, as they trusted and had rapport with the perpetrators.
Mr Supramaniam said that “time is of the essence” when responding to such scams. In some cases, by the time the victims realise they have been tricked, one or two months have already passed, which lowers the chances of recovery.
“They are very distressed ... it’s very heartbreaking as it’s their hard-earned money. Some of them were even actually going into depression. The impact can really be felt.”
It takes a toll on the victims’ families too, as sometimes the transactions are done without the knowledge of parents or spouses, said Mr Supramaniam.
He said there are challenges in recovering the lost money, as the caller first has to be traced. “Some people can just be third parties calling on behalf of others, so the money ultimately gets transferred out of Singapore.”
A screenshot of the profile details page on the UOB PayNow platform.
A screenshot of the profile details page on the OCBC PayNow platform.
A screenshot of the profile details page on the DBS PayNow platform.
Police statistics show that more than 6,300 victims fell prey to the "fake friends" scams from January to November last year. The losses amounted to over S$21 million.
Mr Supramaniam said that for most victims, punishment for the perpetrators is actually not at the top of their mind.
“They are not interested in having these people be prosecuted and go to jail. The legal consequences, they are secondary. They just want to regain the money as it’s their savings.”
EXERCISING CAUTION
Given how digitalised society is now, personal information could be easily found even if users mask their PayNow names, NUS' Assoc Prof Pang noted. For example, people often use their real names on social media and messaging platforms like Telegram and WhatsApp.
"Be very cautious about the kinds of personal information you put out about yourselves, such as your names, phone numbers and addresses," said Assoc Prof Pang, who is with the university's communications and new media department.
"One should also regularly review privacy settings of apps such as social media and chat apps, in order to restrict the visibility of one’s profile and who can view your information and profile."
NTU's Assoc Prof Law, who has himself received a fake friend scam call, said users must exercise caution when someone claiming to be a friend or acquaintance asks for favours or money over the phone.
Users should visually verify the person’s identity, as voice cloning technology is now advanced enough for someone’s voice to be replicated with just a few minutes of audio recording.
While scammers can still use deepfake technology to clone a friend’s appearance, it is more difficult to scale such operations due to the increased computing power required, he said.
While users should be vigilant, the responsibility to protect customers lies primarily with the banks, Assoc Prof Law said.
Under current Personal Data Protection Act regulations, organisations are required to implement security measures to protect personal data from unauthorised access, collection, use, disclosure or similar risks, he explained.
“Banks should ensure that their systems and practices comply with these regulations to safeguard their customers’ data and prevent it from being exploited by scammers,” he said.
The UOB spokesperson said that protecting customers is a priority, and it has “progressively introduced various security controls and measures” with the increasing number of scam cases reported in Singapore.
“That said, our customers remain the singular most effective defence and we strongly urge them to exercise vigilance and caution in this ever-evolving threat landscape,” said the spokesperson.
Continue reading...