Six of the accused individuals face charges under the Computer Misuse Act, for abetting unknown persons to secure unauthorised access to a bank’s computer system this month.
They are:
- Mark Lim Jun Feng, 19. The Nanyang Polytechnic student supposedly gave away his DBS or POSB internet banking login details to unknown persons in October last year, resulting in multiple unauthorised transactions.
- Ei Thin Zar Kyaw, 22. The Myanmar national allegedly handed over her POSB debit card and internet banking account credentials between Dec 26 last year and Jan 4. She was also charged with obstructing justice by deleting her Facebook Messenger chat history between her and one Kyaw Zar Wa, and giving false information to a police officer by saying she lost her debit card at her workplace in Resorts World Sentosa.
- Nur Iffah Natasha Mohamed Zazeri, 23. She allegedly handed over her DBS ATM card along with her PIN.
- Muhamad Zulhilmi Zuraini, 24. He is accused of handing over the PIN and internet banking credentials for a DBS account to someone named Khai on Mar 27 last year.
- Kingston Teo, 27. He allegedly gave away his internet banking login details and ATM cards for a DBS account and UOB account, resulting in unauthorised access to both banking systems. He is set to plead guilty on Feb 27.
- Tan Jun Liang, 27. He supposedly handed over the PIN and internet banking credentials of a DBS account last month.
The remaining accused person – Jovier Ng Junrong, aged 18 – was charged with disclosing his Singpass account details to an unknown person through a phishing link for commission in October last year, which led to the opening of two Standard Chartered Bank accounts.
First-time offenders can be jailed up to three years or fined up to S$10,000, or both.
Ng was also charged with getting commission by disclosing the user ID, password, ATM card and PIN of his DBS account to someone on the Telegram messaging app, so that transactions could be made through the account.
HOW THE SCAMS WORKED
In a press release announcing the seven arrests, the police said they received several reports of SMS banking-related phishing scams this month.
Victims would receive unsolicited SMSes bearing short codes, overseas numbers, or local numbers, from scammers impersonating banks or bank staff. They would then warn victims of “possible unauthorised attempts” to access their bank accounts.
These SMSes would urge them to click on embedded links to “verify their identities and stop the transactions”.
After clicking on the links, the victims would be directed to fake DBS websites and asked to provide their internet banking details and one-time passwords (OTPs), which scammers would then use to make unauthorised withdrawals.