Stop SMS Phishing Scams in Singapore By Requiring Pre-Registration for SMS senderId

Stop SMS Phishing Scams in Singapore By Requiring Pre-Registration for SMS senderId

Started
15 January 2022
Petition to
Victory
This petition made change with 4,583 supporters!

Why this petition matters

Started by Captain Sinkie

The recent OCBC SMS Phishing scam in Singapore caused close to 500 people to lose more than $8 million dollars. To date, we have not recovered all the money.

This happened when hackers are able to use third party SMS aggregator services to spoof the SMS "Alphanumeric Sender id" to make their messages appear authentic to the users. Basically, SMS appear to victims with the sender as "OCBC".

Worse still, our phones are designed to group these fake text messages with the authentic messages from OCBC, making these fake messages appear real.

This is stunningly easy to abuse in Singapore. Anyone can actually send fake SMSes right now. Here are some examples: How the OCBC SMS Phishing Scam Works and Who Else is Vulnerable 

The fix is actually not difficult. All we need to do is require these third party SMS aggregators to register with authorities before they are allowed to change the sender Id of SMS.

This will require all third party SMS aggregators to authenticate and verify sender Id changes are from legitimate sources. We will be able to stop many SMS phishing attempts in Singapore with this change.

51 countries around the world has registration requirements for sender ids to be changed e.g. Thailand, Philippines, Indonesia etc. Some countries e.g. USA, UK, even ban sender ids to prevent phishing. Source: Twilio

Help to support this and appeal for IMDA to regulate and enforce this in Singapore.

Victory

This petition made change with 4,583 supporters!

Share this petition

Share this petition in person or use the QR code for your own material.Download QR Code

Decision-Makers