OCBC has fully reimbursed S$13.7M to scam victims - why this scam will go down in history

OCBC has just announced that it has made "full goodwill payments" to all victims of the recent SMS phishing scam that impersonated the bank. Most have received their payouts, while some others have arranged with the bank to collect at a later date.

This fateful OCBC scam will definitely go down in Singapore's history books as for several reasons:

• a record number of customers were cheated, in record time
• the victims included financially literate and IT-savvy professionals
• it helped us learn about SMS spoofing technology
• it is the first time a bank has fully compensated scam victims

But it might be a blessing in disguise, considering how it helped the whole Singapore wake up to the idea that scammers are outsmarting us even faster than before, and raised awareness of how we can better protect ourselves. What's more, this was an incident that could have happened to any other bank or financial institution - OCBC was just unlucky - but it has resulted in MAS stepping in to help roll out more stringent measures across all our banks from now on. IMDA is also now looking into a petition that calls for enforcement of SMS sender ID pre-registration.

In the wake of the OCBC scam, banks are now implementing the following:

• Removal of clickable links in e-mails or SMS sent to retail customers;
• Threshold for funds transfer transaction notifications to customers to be set by default at S$100 or lower;
• Delay at least 12 hours before activation of a new soft token on a mobile device;
• Notification to existing mobile number or e-mail registered with the bank whenever there is a request to change a customer's mobile number or e-mail address;
• Additional safeguards, such as a cooling-off period before implementation of requests for key account changes such as in a customer's key contact details;
• Dedicated and well-resourced customer assistance teams to deal with feedback on potential fraud cases on a priority basis;
• More frequent scam education alerts.

This is a good thing, although I wish MAS would also mandate the following additional measures:

• Each bank to have a dedicated scam assistance hotline
• Provide each customer with a personalised link to immediately freeze their own account if they suspect fraudulent activity, without needing to go through the bank's customer service
• Implement stricter monitoring measures for prior scam victims (based on the belief that if you've fallen for it before, you're likely to fall for the next one again, more so than another party)

In their latest media statement, OCBC said that:

[Our] investigation has confirmed that victims who fell prey had provided their online banking log-in credentials and one-time PINs to phishing websites, thereby enabling the scammers to take over their bank accounts and make fraudulent transactions. Nonetheless, [we] decided to make the full payout as a one-off gesture of goodwill given the circumstances of this scam. We also took into consideration that our customer service and response fell short of our own expectations, that could have affected loss mitigation in some of the cases. 

Note that in this scam, if you had received the phishing SMS and went directly to your OCBC app or internet banking website instead of clicking the phishing link, you wouldn't have lost your money. Even if you fell for the SMS and mistook it for an official one, just because your phone categorizes the same sender IDs under the same SMS thread regardless of the sender number differences.

As the daughter of a (one-time-too-many) scam victim myself, OCBC's move to reimburse all its victims came as a surprising one, especially considering how my mother never received any of the money the scammers managed to cheat from her.

But just because OCBC was nice enough to reimburse all victims this time doesn't mean that we should start to expect this of other banks or financial institutions.

Ultimately, the best safeguard against scammers is none other than ourselves. You can refer to my previous article here on for a full list of 10 things NOT to do so that you're less likely to be scammed of your life savings.

On a side note, can OCBC promote whoever wrote the press release? As a former PR practitioner myself, the letter - with all of its sincerity and accountability - was a true delight to read. Especially so as it is such a direct contrast to the rude responses I received recently from Royal Caribbean Singapore over a recent incident - more details on my Instagram here.

Let's all stay safe, and remember - no one else cares more about your money than you (and the scammers who are trying to cheat you of it).

With love,
Budget Babe