Lesser-known scams for credit cards & online shopping
From getting swindled by shady online businesses to picking up legit-looking phone calls with the +65 prefix, it’s tough to keep track of all the emerging scams these days – even with PSAs on the news and social media. Scams can vary across avenues, from fake online shopping payment forms to voice phishing, so it’s good to always have our guard up.
Here are 7 lesser-known credit card and online shopping scams you can take note of and start blasting in your WhatsApp family chats, to save your trusting folks from being scammed:
1. Random card number generator – Affects big & small transactions
Image credit: Unsplash
Scammers are getting more creative these days, tapping into technological advancements that the average person wouldn’t even know exists. This scam involves a random card number generator which fraudsters use to generate endless card numbers, of which some will eventually be valid.
Scammers will test the generated numbers by guessing the month and year combination of your credit card expiry date, using small transaction amounts.
Once they’ve hit the jackpot with the correct expiry date corresponding with the credit card number, they will use your card to commit larger-scale fraud for as long as the unauthorised transactions go undetected. By the time you realise you’ve been scammed – be it through your monthly credit card bill or through your bank statement – it would’ve been too late.
- Check your credit card statements thoroughly and frequently to detect any suspicious transactions ASAP.
- Immediately report any unauthorised transactions to your bank so they can take the necessary action and freeze your affected cards.
- Set notifications so that you’ll be alerted to any transactions that exceed a certain limit.
2. Card skimming – Malicious software intercepting payment
Card skimming IRL through ATM machines and physical payment terminals is pretty well-known. What you may not know is that it can occur digitally via online shopping platforms as well, through websites that are infected with skimmers which collect card numbers.
Especially in the current era where we shop online so often, it’s important to keep our eyes peeled for such a sneaky scam.
An example is how online skimmers can inject fake web forms disguised to look like legit payment forms from companies like PayPal, in order to steal customer payment data and use it for fraudulent purposes.
Example of a fake Paypal form.
Image credit: Formpro
- Make sure there’s a padlock icon on the address bar, next to the site name of the website you’re at – this indicates that the site is secured with a digital certificate.
- You can also apply for a separate debit card for your online shopping – it’s free. You’ll have less at stake if you use a separate card with a more controlled level of funds inside.
3. Voice phishing – Fake callers with the +65 prefix
Phishing is a type of cyber attack used to steal sensitive information such as credit or debit card details. This malicious crime can come in various forms including emails, SMSes, DMs on social media, or phone calls.
Although we may be on high alert with the rising number of scams, sometimes we may not even realise that we’re falling for this fishy scam because of how “legit” things can be, especially when scammers mask themselves as officials.
In a 2019 case of vishing, scammers called victims pretending to be Apple tech support, scaring them into thinking their devices were at risk of getting hacked lest they surrender their details.
Image credit: Apple
Since this January, at least 280 victims have reportedly lost more than $1.2 million to scammers impersonating figures of authority over the phone – that’s even more than that recently-sold Yishun jumbo flat. This is known as vishing, AKA voice phishing. Scammers take on a fake identity to try and trick you into providing your credit card details, which they will then use for fraudulent transactions.
Fake number posing as MOH.
Image credit: Joycelyn Yeow
Other more recent examples include victims receiving phone calls from unknown numbers with the +65 prefix. Scammers may even impersonate staff from government bodies such as the Ministry of Health (MOH) and resort to caller ID spoofing – manipulating their caller ID such that the call appears to be coming from a local or well-known phone number.
- Never click on suspicious links or answer unexpected overseas calls – phone numbers from SG rarely start with the +65 prefix.
- Cross-check the phone number on your mobile screen with the contact number on the official organisation’s website.
- Never disclose your personal particulars – such as banking and credit card details and OTPs – to anyone, especially over unsolicited phone calls.
4. Card misuse – Transactions made by someone you know
This kind of card misuse is done by someone known to the cardholder, such as a family member or friend who happens to know your credit or debit card details.
Apart from making one-off purchases which might alert you via OTP authorisation prompts, the card details can be used for recurring scheduled payments such as topping up digital wallets like EZ-Link or Grab. As these are legit transactions, you might not even realise that your credit card details are being exploited.
Just last month, it was reported that a dad was thrust with a $20,000 credit card bill after his daughter went on a 6-week in-game spending spree on Genshin Impact, unnoticed by her poor dad as he did not receive any payment authorisation alerts.
Another report stated that a former Miss Universe contestant memorised her friends’ card details when their cards were left unattended. Indeed, you can never be too safe!
Especially useful features include temporarily locking cards you do not use, and disabling online transactions.
Image adapted from: DBS
- Always keep your cards securely with you and never share your credit or debit card details with anyone, not even your besties.
- Set notification alerts on your e-wallets. For example, you can customise your card using Payment Controls on the DBS digibank app.
5. Wireless identity theft – Diversion of SMS one-time passwords
Also known as Radio Frequency Identification (RFID) theft, wireless identity theft involves compromising an individual’s personal identification information using wireless mechanics. A common type of RFID theft is the diversion of SMS one-time passwords – a tactic which has reportedly led to about $500,000 being stolen in fraudulent card payments.
Image credit: Singapore Police Force
A more recent SMS-phishing scam involved fake SMSes appearing in the same thread as legit text messages previously sent by banks for OTPs and transaction alerts. Scammers are able to abuse software to manipulate their sender IDs to be identical to that of the bank, thus causing their SMS to appear in the same message thread.
These messages claimed that there were issues with the customer’s bank account, instructing them to click on a link which led them to a website requesting for their banking details. It’s hard to spot phishing links in these SMSes as they are often shortened to disguise the actual URLs. And to be fair, not many of us have the time and care to zone in on such minute details.
- Use secured devices and complex passwords.
- Enable two-factor authentication (2FA) for an added layer of security in addition to your username & password. Common 2FA methods include SMS verification codes or biometric verification like fingerprint scanning or facial recognition.
6. Internet merchandise scams – Pay for shipping only & get freebies
It’s easy to fall prey to Internet merchandise scams because, well, some are really too good to pass up.
Being tempted by what seems like a good deal, customers transfer payment to the “seller” who promises delivery of the item. Sometimes, “sellers” make their deal extra attractive by stating that only the shipping fee has to be paid for. In other cases, they demand payment for delivery charges after the first payment is made. Ultimately, customers won’t receive the item.
Image credit: Joycelyn Yeow
Another similar scam is the cash-on-delivery shopping scam. Imagine this: a parcel comes. Your family member helps to receive your parcel and, without QC-ing the item, pays cash to the delivery personnel who informs you that the parcel requires Cash on Delivery (COD). When you get home, you open your parcel to realise that it’s a cheap replica of what you ordered.
Many of these fake sellers pose as legit online sellers on popular marketplaces such as Carousell and Instagram, casting a wide net of potential victims who are eager to go on an online shopping spree.
- Avoid falling for deals that are way below market price, disguised as flash deals.
- Always do your market research on the brand before purchasing something online. You can immediately suss out scams when there’s a lack of information on the products listed, or unstated terms & conditions.
- Don’t be afraid to insist on bank transfers instead of cash payment – you’re the one paying here, so you’re the boss.
7. Fake bank hotlines – Scammers impersonating bank staff
Just this January, it was reported that victims lost $495,000 from fake bank hotlines listed in Google search advertisements.
Image credit: Pexel
In such cases, victims wanting to seek advice from banks would search for the banks’ contact numbers. The first few search results that popped up on Google are scam advertisements’ fake contact numbers but, not thinking too much about it, they dial those numbers and unknowingly play into the scammer’s scheme of impersonating bank staff.
Fraudsters would inform victims that there are issues with their bank account, credit or debit cards or loans, then instruct them to temporarily transfer their funds to fake bank accounts. This can also occur in the form of SMS-phishing.
Image credit: DBS
- Always verify information with numbers listed on official bank websites.
- Never transfer funds into bank accounts belonging to a stranger – especially since even besties can misuse your card, much less strangers.
- Lastly, not to be naggy, but any fraudulent transactions should be reported to your bank ASAP. Remember to lodge a police report as well so that the bank and police can work together in retrieving your stolen funds.
E-commerce scams in Singapore and how to avoid them
It’s better to be safe than sorry. We should always keep our eyes peeled and be on the lookout for any suspicious e-commerce scams which may disrupt our shopping spree – meant for de-stressing in the first place – and even potentially burn a hole in our e-wallet.
Besides the tips shared above, you can easily up the security of your online transactions by enabling and customising your DBS card payment control features on the DBS digibank app.
For more advice from the bank pros themselves, check out the DBS online security page initiative for more security tips to protect yourself online. It’s frequently updated to guide you on how to siam sneaky scams, even the new and emerging ones that may be lesser-known.
Find out more about DBS’s features here
This post was brought to you by DBS.
Cover image adapted from Unsplash.