Maybank fake website scams the key different is a and ɑ
Published in Guang Ming Daily on 18 April 2021
In fact, one of the two URLs “maybank2u.com” and “maybɑnk2u.com” is a fake URL created by a scammer, but can you see the different?
Maybank said that today’s fraudulent methods have become more sophisticated and urge people not to click on any links provided in newsletters, emails, or social media messages.
Maybank’s Facebook post pointed out that the two URLs “maybank2u.com” and “maybɑnk2u.com” are the letters “a” and “ɑ” respectively.
Maybɑnk2u.com said that “maybɑnk2u.com” is a scammer using the special letter “ɑ” to create a similar website or link to attract people to click on it.
The bank also pointed out that the “ɑ” in the fake URL is actually a Cyrillic alphabet.
Maybank also urges customers to log in to Maybank2u account, they must manually enter maybank2u.com.my, and avoid clicking on the link provided in any message.
If you accidentally click on any link and disclose your login information, please contact the bank immediately at 03-58914744.
maybank2u.com” 和 “maybɑnk2u.com” 這兩個網址，實際上有一個是詐騙人士制造的假網址，但你看得出端倪嗎？
該銀行也指出，假網址中的“ɑ” 其實是西里爾字母（Cyrillic alphabet）。
$62,000 lost in fake Singtel e-mail phishing scams, 22 police reports lodged
PUBLISHED at The Straits Times dated FEB 17, 2021
People who clicked on the URL link were directed to a fake Singtel webpage which asked for their bank information and One-Time Passwords.
Scammers using fake e-mails purportedly from Singtel netted at least $62,000 earlier this week.
Victims of the phishing fraudsters received e-mails claiming to be from the telco saying they had won a cash prize or were eligible to claim cashback or a gift.
People who clicked on the URL link were directed to a fake Singtel webpage which asked for their bank information and one-time passwords (OTPs) in order to claim the prize, cashback or gift.
The victims – at least 22 police reports had been lodged on Monday (Feb 15) and Tuesday – realised that they had been scammed only after they spotted unauthorised transactions in their bank accounts.
These are three of the URLs impersonating Singtel’s website:
The police noted that scams like this involving companies other than banks have been on the rise.
“The number of non-banking related phishing scams increased by 1,214 per cent to 644 in 2020, from 49 in 2019. The total amount cheated increased to at least $981,000 in 2020, from at least $72,000 in 2019,” they said.
There are tried and true safeguard against such scams:
– Be wary of URL links provided in unsolicited adverts and text messages, especially those related to deals that seem too good to be true;
– Always verify the authenticity of the information with the official website or sources;
– Never disclose your personal or Internet banking details and OTP to anyone; and
– Report any fraudulent transaction involving your e-payment accounts to the e-payment service provider immediately.
Anyone with information related to these scams can call the police hotline at 1800-255-0000, or go to the Singapore Police Force’s website.
There is more information on scams at the Scam Alert website or call the Anti-Scam hotline at 1800-722-6688.
Porn website Ransom email
I received below email from email@example.com, I believe is a scam, please take note.
You don’t know me and you’re thinking why you received this e mail, right?
Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).
What should you do?
Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).
BTC Address: 1DbNfCLvwuHAfn3L9SccEpooBgc2KASpxN
(It is cAsE sensitive, so copy and paste it)
You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.
我收到以下来自 firstname.lastname@example.org 的电子邮件，我认为这是一个骗局，请注意。
好吧，我实际上在色情网站上放置了一个恶意软件，你猜怎么着，你访问这个网站是为了玩得开心（你知道我的意思）。当您观看视频时，您的网络浏览器充当 RDP（远程桌面）和键盘记录器，让我可以访问您的显示屏和网络摄像头。在那之后，我的软件从您的 Messenger、Facebook 帐户和电子邮件帐户中收集了您的所有联系人。
好吧，我相信，对于我们的小秘密来说，1400 美元是一个合理的价格。您将通过比特币向以下地址付款（如果您不知道，请在 Google 中搜索“如何购买比特币”）。
您有 24 小时的时间付款。 （我在这封电子邮件中有一个独特的像素，现在我知道你已经阅读了这封电子邮件）。如果我没有收到付款，我会将您的视频发送给您的所有联系人，包括亲戚、同事等。尽管如此，如果我得到报酬，我会立即删除视频。如果您需要证据，请回答“是的！”我会把你的视频发给你的 5 个朋友。这是一个不可协商的报价，所以不要浪费我和你的时间回复这封电子邮件。
Fake Pizza Hut website steals bank information
Translate from 8world on November 29, 2020 20:14
New scam tactics appeared on the Internet. Scammers pretense to sell cheap pizzas, fished the victim’s bank information and password, and then stole their deposits.
The police issued a statement saying that scammers posted fake advertisements selling cheap pizza on social networking sites Facebook or Instagram, attracting victims to click on the fake website link of the fake pizza chain Pizza Hut in the advertisement, tricking them into placing the order, and then fishing the victim’s bank Information and one-time password. After the victim found out that the deposits in the bank account had been illegally transferred, he was deceived.
The police remind the public to beware of providing links to websites that are too “good”, and at the same time log on to the official website to verify the facts, and not to disclose personal or bank information and one-time passwords.
2020年11月29日 20:14 八视界发布
Fake police site phishing for confidential information claims victim’s Web browser ‘blocked’
Published by The Straits Times dated 28 Jan 2020
The Singapore Police Force has warned the public of a fake police website that tries to trick people into giving up confidential information by claiming that their Web browsers have been “blocked”.
This is the latest version of similar scams that have cropped up in recent years.
In a statement on Tuesday (Jan 28), the police said that scammers are using a Web browser’s full-screen mode to show a victim a Windows 10 desktop image displaying the fake Singapore Police Force website. The image fills up the whole screen of a victim’s computer.
The fake site alleges that the victim’s Web browser has been “blocked due to (the) viewing and dissemination of materials forbidden by (the) law of Singapore”, namely pornographic material.
The victim may also be led into thinking that his computer has been locked because the scam display, being mostly an image, does not allow him to click on the “Start” menu, or close and open applications.
The fake site goes on to inform the victim that his Web browser will be unlocked after paying a $1,000 fine through a credit card. He is also told that the fine must be paid within six hours. If he does not comply, the site says bogus criminal proceedings will be initiated against him.
The victim is asked to enter his credit card details – such as the card number, his name, card expiry date, and card verification value (CVV) – on the fake site to purportedly pay the fine.
The police said that such websites are actually phishing sites in disguise that are designed to extract a victim’s personal information and banking details. This could lead to monetary losses as scammers would use these details to make unauthorised purchases and transactions.
The police added that they do not have access to lock a person’s desktop computer, and clarified that the official Singapore Police Force website address is www.police.gov.sg.
If a person encounters the latest fake police website, the police advised that he should press his computer’s Alt+Tab keys to see if it is possible for him to return back to his normal desktop display.
The victim can also try pressing the Ctrl+Alt+Delete keys to open the computer’s task manager to end any Web browser processes.
He should also refrain from giving out his personal information and bank details, such as Internet bank account user name and password, as well as one-time password codes from tokens. Such information is useful to criminals.
This is the latest variation on the fake police website scam. In November last year, the police warned of a fake Singapore Police Force website that resurfaced, and that they have been issuing advisories on the matter as far back as 2017.
For the November fake website alert, the police said then that a victim got a call from someone claiming to be from the police.
The person alleged the victim was involved in illegal activities and the call was transferred to someone claiming to be a law enforcement officer in China, who then directed her to a website resembling the Singapore Police Force website.
The victim was then instructed to key in her bank account details, password and one-time password.
After that, the victim realised money had been transferred from her bank account without her consent.
For those in doubt or have information related to the latest fake police website scam or similar crimes, they can call the police hotline on 1800-255-0000, or visit www.police.gov.sg/iwitness.
People that need urgent police assistance can call 999.
To get scam-related advice, the public can call the anti-scam helpline on 1800-722-6688 or visit www.scamalert.sg.
Members of the public can also join the “Let’s fight scams” campaign at www.scamalert.sg/fight by signing up to receive up-to-date messages and share them with their family and friends.
如果某个人遇到了最新的假警察网站，则警察建议他应按计算机的Alt + Tab键，以查看他是否有可能返回正常的桌面显示。
受害者还可以尝试按Ctrl + Alt + Delete键以打开计算机的任务管理器，以结束所有Web浏览器进程。
MOM warns of fake website phishing for personal information
Publish by Channel News Asia on 16 Jun 2020 09:17PM
How to identify fake “MOM” websites or phishing eServices
The official MOM website is at https://www.mom.gov.sg. This is where we make available MOM-related information and eServices that enable you to perform your transactions with us safely and securely.
Listed some examples of fake websites that it has found:
These looked very similar to our official URL, but do not have ‘.mom.gov.sg’.
Some may even try to embed ‘.mom.gov.sg’ into their URLs but their domain name won’t end with ‘.mom.gov.sg’,”.
Some browser also shows warning signs before access.
How to report fake “MOM” websites, phone scams or email scams
Call the anti-scam helpline at 1800 722 6688 if you notice:
Any websites that you suspect to be fake versions of the official MOM website.
Any calls or emails that you suspect to be scams.
Scam Alert: Advisory On Fake Instagram Account Impersonating NTUC And Soliciting Information For NTUC’s COVID-19 Support
Publish by NTUC on 22 Apr 2020
We’ve been alerted by members of the public that there is a fake Instagram account (handle: __ntucsingapore) claiming to be from NTUC Singapore and soliciting information for NTUC’s COVID-19 support. This is a fake account. Our real official Instagram handle is @ntucsingapore. We do not have two underscores before our account handle. Only trust pages and accounts with a blue tick, because these are verified.
If you encounter the account trying to follow you, please block the account and report it to Instagram. Do not engage with this account.
We take such incidents seriously, as they undermine public trust in NTUC.
We’ve lodged a police report.
DBS Phishing website
Always access DBS services through DBS official website https://www.dbs.com/.
Avoid clicking on links in unsolicited emails and SMSs.
Sample Websites are below:
Go directly to DBS website at https://www.dbs.com/security to view the latest alerts.
Call DBS immediately at the hotlines below if you suspect you’re a victim of fraud or notice any unexpected banking or card transactions.
Singapore: 1800-339-6963 or 6339-6963
Hong Kong: 2290 8888
Indonesia: 0804 1500 327
Taiwan: (02) 6612 9889 / 0800 808 889
Fake govt websites phishing for personal data
Published by Straits Times on APR 24, 2016, 5:00 AM SGT
How to spot a fake government website
The Infocomm Development Authority (IDA) said there is a growing number of fake government websites over the past few years. This is part of a larger upward trend in the number of phishing websites on the Internet. Phishing sites try to trick users into giving their personal or financial information, such as credit card numbers, identity card or passport numbers, or usernames and passwords, through the use of fake websites or e-mail masquerading as official sources.
What are the risks?
The risk of landing on a fake government website can be serious. Divulging personal information to dubious sources can lead to a compromise of your bank accounts, or even identity theft. The latter poses worse problems as criminal activities can be conducted in your name.
Here are 5 ways to spot a fake government website or email:
- Emails that uses a public internet account
Take a look at the sender’s e-mail address before clicking on any link sent to you via email. Do not trust the email if it was sent via a public account as emails sent by the government will not be sent via a public account. Singapore government email addresses will end with @[agency name].gov.sg. Additionally, do not trust any email or website that asks you to “confirm” sensitive account information as it is surely a scam.Incorrect URL
A tell-tale sign of a fake website is the usage of incorrect suffixes in the URL of the website. ALL government websites will end with ‘www.(agency name).gov.sg’. All Singapore government websites end with gov.sg. Only government websites are allowed to use .gov domain names. Many fake government websites will use domain names such as .org or .net. Below is an example of a fake website with a comparison of the real one.Is not a secure site
Legitimate websites will use encryption to help ensure that your payment information remains safe. You can see if a site uses encryption by looking for a lock symbol in the browser window. You should also check that the address starts with “https://” rather than just “http://”. Do not enter payment information on any site that isn’t secure.Grammatical errors
Watch out for poor English or grammatical errors as it could mean that the site is not genuine and was put together quickly by someone looking to make a quick profit. Before divulging any personal information, take a few moments to browse the website. Read through the ‘About Us’ or ‘Contact Us’ page and see if you see anything suspicious.Low resolution images
Scammers usually put up fake sites quickly, resulting in poor quality websites. If the ministry logo or text appears to be in poor resolution, this might be an important clue that this website should not be trusted.
How to protect yourself against such phishing scams?
Avoid clicking on links in suspicious or unsolicited e-mails. Ignore suspicious call-to-action e-mails such those claiming that “your account will be terminated”. Victims who shared their passwords or usernames should change their passwords immediately and those who have given out personal information should make a police report. Practice common sense and remain vigilant at all times.
Disclaimer: Please practice discretion while encountering such situations, vigilance is key. The list above is not exhaustive and does not guarantee that you will not fall prey on an online scam.