SINGAPORE: Over the past four months, at least 154 victims have lost S$7.1mil (RM22.47mil) to tech support scams, the police said in a joint statement with the Cyber Security Agency of Singapore (CSA) on Tuesday (April 26).

This scam, which is not new, involves scammers pretending to assist victims with computer or WiFi network issues in order to gain access to their funds.

One method saw victims receive a pop-up alert while using the Internet on their computers.

The alert states that their computer has been compromised, with instructions to contact the software provider, such as Microsoft.

“The number usually appears as variants of +653159(XXXX), leading victims to believe that it is a valid local help desk contact number,” said the police and CSA.

Victims who called the number spoke to scammers who impersonated tech support personnel.

The second method saw victims receive unsolicited calls from scammers who claimed to be working for Internet service providers such as Singtel.

The scammers would tell the victims that their WiFi network has been compromised by hackers and were calling to assist with the issue.

In some instances, the scammers claimed there were fraudulent transactions made from the victim’s bank account and that government officers were investigating the issue.

To make their claims seem legitimate, the fraudsters sent fake verification emails from spoofed accounts such as “investigation@csa.gov.sg” to the victims.

In both methods, scammers told victims to download a remote access application, such as TeamViewer, UltraViewer or AnyDesk, which gave the scammers control of the victims’ devices.

“Under the pretext of resolving the issue, the scammers would instruct victims to log into their Internet banking account and provide their credit or debit card details, as well as one-time password,” the authorities said.

Using remote access, the scammers would then transfer funds from the victim’s bank accounts or make fraudulent charges to the bank cards.

The police and CSA also highlighted a third method used by scammers where victims were directed to scan a Singpass QR code on a phishing website. Scammers claimed that this was part of the verification process.

When victims did so, scammers could create cryptocurrency wallets with their details, which could be used to facilitate the flow of illicit proceeds.

The authorities clarified that no telecommunications service provider or government agency would request an individual’s personal details, access to their online bank account over the phone or through automated voice machines, or ask for payment for services rendered.

Should anyone fall for a scam, they should uninstall any software that was downloaded under the scammer’s instructions and then turn off the device to limit the scammer’s illicit activities.

Apart from changing their Internet banking credentials and removing any unauthorised payees that may have been added to their bank accounts, victims should also inform their banks and the police of the incident.

To avoid getting scammed, the authorities reminded people to ignore calls with the ‘+’ sign prefix as it indicates that it is an international incoming call or spoofed call.

They added that when logging into a digital service using the Singpass app, it is important to ensure that the domain URL displayed on the Singpass app’s consent page matches that on the browser before proceeding.

“If not, do not tap on the ‘Log in’ button on the consent screen,” the authorities said. – The Straits Times (Singapore)/Asia News Network