SINGAPORE: Police have uncovered a new scam in which delivery personnel from parcel and food delivery companies are the targets.
Under this scam variant, the victims would first receive a cash-on-delivery order via their company’s delivery app, the police said in a statement on Tuesday (April 13).
On the pretext of making payment for the delivery, the scammer would then ask for the victims’ mobile phone number via the app, claiming that it was for the purpose of transferring funds to the victims via PayLah!.
The victims would then receive a one-time password (OTP) and be prompted to log in to their PayLah! account and key in the OTP in order to receive delivery payments.
Shortly thereafter, the victims would receive a notification that their PayLah! account had been linked to a Google Pay account.
Upon reaching the delivery location, the victims would find no one there to receive the item. Subsequently, unknown transactions will be done using the victims’ bank accounts.
The police advised members of the public to always confirm transactions one is making before keying in the one-time password.
They also advised people to inform their banks immediately if their PayLah! accounts were linked to other accounts without their authorisation, and to report any fraudulent transactions to the bank immediately.
In a separate statement on Tuesday (April 13), the police also noted an increase in non-banking-related phishing scams involving spoofed e-mails and text messages related to parcel delivery.
Victims of such phishing scams would receive spoofed e-mails or text messages purportedly sent from a delivery company such as SingPost or DHL.
These phishing e-mails and text messages would usually prompt the victims to check the status of their parcel delivery by clicking on the URL link included in the e-mails and text messages.
Upon clicking the URL links, victims would be redirected to fraudulent websites, where they would be required to provide their credit or debit card details and an OTP.
In some cases, the victims would receive a notification that their credit or debit cards had been linked to an Apple Pay account.
Most of the victims only realised that they had been scammed when they discovered that unauthorised transactions were made using their credit or debit cards, said the police.
The police urge members of the public not to click on URL links provided in unsolicited e-mails and text messages, and always verify the authenticity of information received with the official website or sources.
They also advise people to contact their card issuing bank immediately if they received an OTP and did not make any online transactions, and to always verify the merchant details indicated in the OTP text message or notification before providing it.
The police cautioned against keying in the OTP on the payment page if not making the transaction, and never to disclose personal or Internet banking details and OTPs to anyone. – The Straits Times (Singapore)/Asia News Network