Only 9 of 120 suspected money mules in OCBC phishing scam could be charged; 790 victims lost $13.7m

There were around 120 money mules suspected of helping scammers in the phishing scams targeting OCBC Bank customers from December 2021 to January 2022.

But due to limitations in current laws, only nine could be charged.

This was revealed by Second Minister for Home Affairs Josephine Teo in Parliament on Monday, during her opening speech on the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Bill and the Computer Misuse Bill.

She said there were about 790 victims who lost a total of $13.7 million in the scam, with more than 120 local bank accounts used to receive the victims’ monies.

Mrs Teo said limitations in current laws make it difficult to take money mules to task, as the authorities must prove the suspect knew or believed the monies transacted through his bank account were linked to criminal activity.

She added that similarly, it had been challenging to prove the wrongful intention of those who gave up their Singpass credentials for abuse.

“Clearly, there is a gap that has allowed money mules to continue abetting scammers at little cost to themselves. Why should they be deterred if they can evade prosecution by simply claiming ignorance?”

She said there have been cases of Singpass users who sold their accounts, then fabricated stories about how these accounts were abused by others.

Mrs Teo added: “This situation favours the scammers, and it is highly unsatisfactory.”

But ignorance will no longer be an excuse if Parliament passes tougher laws to clamp down on money mules and those who sell their bank or Singpass accounts.

The changes propose the new offences of rash and negligent money laundering, and disclosing or dealing in Singpass credentials for criminal activities.

Rash money laundering is when the money mule knew or had some idea what he was doing involved a criminal element.

Negligent money laundering is when he did not find such transactions suspicious, even though a reasonable person would have noticed red flags.

The proposed laws will also make it an offence for anyone to disclose his Singpass credentials while knowing, or suspecting, that these will be used to commit an offence.

The user will be presumed to have known, or had reason to know, if he received any gain for doing so.

The user may also be liable if he did not find out the identity and physical location of the person he is disclosing the details to.

The amendments were introduced in Parliament in April.

The Ministry of Home Affairs (MHA) and Smart Nation and Digital Government Office (SNDGO) revealed that between 2020 and 2022, more than 19,000 money mules were investigated by the police.

But only fewer than 250 were prosecuted, due to gaps in the law.

Mrs Teo said since 2018, nearly $2 billion has been lost to scams here.

Victims lost $660.7 million in 2022, up from $632 million in 2021.

Globally, $77.2 billion was lost to scams in 2021.

An emerging trend of Singpass users selling their accounts was one of the reasons behind the proposed changes, said MHA and SNDGO.

The trend has led to a larger problem of criminals using these accounts to register companies, open bank accounts and sign up for new phone lines, facilitating scams and other offences.

This is because Singpass accounts are the digital equivalent of a Singapore resident’s identity, which can be used to engage more than 2,700 services from over 800 government agencies and businesses.

Mrs Teo said the proposed changes to the law are not meant to criminalise situations where there is a genuine need to share credentials for legitimate transactions, such as when seniors need help from their family to make Singpass transactions.

It will also not implicate those who were genuinely tricked into giving up their Singpass credentials, she added.

The proposed amendments to the laws will also allow Singapore’s courts to have jurisdiction over the offences even if they are committed abroad.

Mrs Teo said: “The nature of scam syndicates is that they operate mostly from overseas. Regardless of where these offences are committed, it is critical for us to prevent conduct that amounts to an abuse of Singpass to facilitate scams and other criminal activities, and to protect Singpass as Singapore’s national digital identity service.”

The debate on the Bills was adjourned, and is expected to continue on Tuesday.

MAS to combat tech-enabled scams like using deepfake calls in unauthorised bank transactions

Tactics employed by scammers are constantly evolving and becoming more sophisticated, and now include the use of deepfake audio and video calls in scams involving unauthorised bank transactions, Parliament heard on Monday.

Minister of State for Trade and Industry Alvin Tan said the Monetary Authority of Singapore (MAS) aims to strengthen Singapore’s defence against such scams by working with banks to allow customers to verify if calls are genuine, among other measures.

He added that banks are also planning to expand the use of biometric technology – in addition to passwords and one-time passwords – as a means of authentication.

Biometric technology uses physical characteristics unique to an individual, such as fingerprints or facial features, to verify the person’s identity.

For those who have already fallen victim to scams, MAS expects banks to treat customers fairly in disputes over unauthorised transactions.

Mr Tan said: “The banks must consider whether they have fulfilled their obligations and whether customers have done their part to protect their accounts. Depending on the outcome of the bank’s investigations, they may offer goodwill payment to customers.”

If they wish to, bank customers may file the dispute with the Financial Industry Dispute Resolution Centre for mediation and adjudication. If the customers are not satisfied with the outcome, they can also consider seeking legal advice on whether to pursue the case in court.

When a customer suspects that he has fallen for a scam or is alerted by a bank to an unauthorised transaction involving his account, he should immediately contact the bank or activate the kill switch provided by the bank to freeze his account. He should also report the fraudulent activities to the police.

Members of the public can play their part to prevent scams from occurring. They should install ScamShield and not divulge their Internet and banking credentials or passwords to anyone.

The ScamShield app enables incoming calls from unknown numbers to be checked against a database maintained by the Singapore Police Force. These numbers will be blocked if ScamShield determines that they have been used for scams.

Mr Tan stressed: “Be suspicious of unsolicited messages or calls that you receive and also verify calls received by calling the bank directly on the hotline listed on the official websites.”

Source: Straits Times © SPH Media Limited. Permission required for reproduction.

New law to deter those who breach maintenance orders will improve access to justice: Shanmugam ADV: SUSS School of Law – Apply by 15 July