Singapore banks decide to remove all clickable links from emails sent to customer to avoid phishing attacks

After a huge increase in phishing case reports, banks in Singapore will begin implementing a new set of security mechanisms, including removing all links attached to emails sent to their customers in the next two weeks.

Among the new security measures are a delay of 12 hours before the activation of a new software token on a mobile device, notifications via email or SMS messages each time the client requests to change their contact details, and a new team dedicated exclusively to analyzing potential cases of electronic fraud.

In addition, banking institutions will try to ensure that customers receive frequent educational messages about the various types of electronic fraud, either in their visits to branches or by means of digital communication.

The breaking point for the implementation of these measures was the phishing campaign directed against OCBC Bank customers, an incident that generated losses equivalent to more than $8.5 million USD at the end of 2021. The most affected users lost up to $220,000 USD, severely affecting their financial stability.

Affected users reported receiving unsolicited messages apparently sent by the bank. In these messages, users were told that there was a problem in their accounts, requesting that they go to the attached link to correct the flaws; this link redirected users to a malicious website where the user’s confidential information was stolen.

In a statement, OCBC Bank assured affected customers that all their lost funds would be restored over the next few days. At the time of writing, the bank had already paid more than 100 victims.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.