$51,000 gone after victims fall for cryptocurrency phishing scams
The police have issued an advisory warning members of the public to stay alert against a new wave of phishing scams involving spoofed SMSes and emails impersonating cryptocurrency platforms such as Coinhako.
Since Oct 11, at least 15 victims have fallen prey to such scams, with total losses amounting to at least $51,000.
In these cases, victims received SMSes, iMessages, or emails claiming that there were suspicious logins to their cryptocurrency accounts. They were then instructed to click on a phishing link to 'review' the login activity.
The link redirected them to a fake login page, where victims entered their credentials and were asked to regenerate deposit wallet keys or cancel withdrawal requests. These actions gave scammers full access to the victims' accounts to transfer out their cryptocurrency.
Victims only realised they had been scammed when they later received legitimate email notifications from their platforms about unauthorised logins and transactions.
In some cases, victims were told to call a phone number sent via SMS, where scammers guided them through steps that led to further compromise of their accounts.
Cryptocurrency users are advised to stay vigilant and take precautions to protect themselves from phishing scams.
They should download the ScamShield app, which helps block scam calls and filter suspicious messages.
Users are also encouraged to enable two-factor or multi-factor authentication for all their accounts, set transaction limits, and make use of any available "kill switch" features that can quickly block account access if suspicious activity is detected.
Setting up an anti-phishing code, if supported by their platform, can also help verify the authenticity of official messages.
Members of the public should always verify the legitimacy of messages or links through the ScamShield website or by checking directly with their cryptocurrency platform.
It is important to log in only through official websites, never share 2FA codes or seed phrases, and regularly monitor wallets for unauthorised transactions.
Those who encounter scams are encouraged to inform the authorities, family, and friends. If you suspect you've fallen victim to a scam, contact your cryptocurrency platform immediately to freeze your account and make a police report.
Fraudulent cryptocurrency phishing websites can also be reported to SingCERT at singcert@csa.gov.sg or via the Cyber Security Agency's (CSA) incident reporting form.
For more information or assistance, call the 24/7 ScamShield Helpline at 1799 or visit www.scamshield.gov.sg.
