As phishing scams surge, banks are urged to enhance security protocols to protect customers.
Text: SINGAPORE – The primary responsibility for preventing phishing scams continues to rest with banks and financial institutions, according to cybersecurity expert Mark Goudie, Asia Pacific and Japan services director at CrowdStrike, an international cybersecurity company.
Goudie emphasized the need for immediate improvements to digital banking controls, echoing recent statements from the Monetary Authority of Singapore (MAS) in response to a rise in phishing scams.
For customers affected by recent SMS-phishing schemes, who asked “How immediate is immediate?”, MAS responded with a timeline of two weeks, setting February 2 as the date by which banks must implement critical security measures.
With the proper security protocols in place, phishing scams can be quickly identified and reported, Goudie told The Independent Singapore.
“MAS expects all financial institutions to have robust security measures to prevent and detect scams, as well as effective incident handling and customer support in case of an attack,” MAS stated on January 19, in light of reports revealing that millions of dollars had already been stolen from Singaporean bank accounts through such scams.
As e-banking and digital financial services grow in Singapore, phishing scams have increased. More and more customers have reported their accounts being wiped out, sometimes losing their entire life savings within minutes, all due to clicking on seemingly legitimate SMS links from banks like OCBC and DBS.
While MAS’s latest measures are expected to add a layer of protection, Goudie stressed that the burden remains on banks to ensure their systems are strong enough to prevent and respond to cyberattacks.
On January 19, MAS announced new security measures aimed at curbing phishing scams, including the removal of clickable links in messages sent to retail customers, a default S$100 or lower threshold for transaction notifications, and a 12-hour delay before activating new soft tokens on mobile devices. These changes must be in place by February 2, during the Chinese New Year holiday.
Clients will also receive alerts if their contact information is changed, and banks will introduce a cooling-off period for significant account modifications.
Goudie highlighted that quick detection and remediation are essential for preventing similar incidents. According to CrowdStrike’s Global Security Attitudes Survey, Singaporean organizations take nearly twice as long as their regional counterparts to address security breaches, citing resource limitations and outdated systems as key obstacles.
“Cybercriminals are constantly evolving, and a combination of cutting-edge technology and expert threat detection is essential to stop sophisticated attacks, including phishing,” he said.
CrowdStrike uses a cloud-based platform to help businesses stop security breaches, detecting and responding to both malware and malware-free attacks.
Since phishing scams began dominating the news, banks have been increasing their alerts, advising customers to avoid clicking on links in unsolicited messages and to never share banking credentials with anyone.
MAS continues to advise customers to monitor transaction notifications and report any suspicious activity immediately to maximize the chances of recovering lost funds.
