“My husband (who was phished by the scammers) did not surrender the OTP to the scam website because he was driving at the time… Yet, they were able to take over our account’s OneToken without an OTP, and then transact after that,” said one victim.
Six scam victims said the fact that the fake message appeared in the SMS thread used by OCBC was why they mistakenly thought that the link in the message was credible
At least 469 bank customers were affected by the phishing scam, totalling around S$8.5 million in losses
Some did not give scammers their one-time passwords, but their accounts were hijacked anyway
The bank has said it is rendering assistance to affected customers
