Exercising positive security behaviours: Key takeaways from the OCBC scamming incident

In the last two weeks of December 2021, multiple OCBC customers received a series of phishing SMSes (smishing). Unfortunately, 790 of them fell prey to the scams, resulting in a total financial loss of $13.7 million.

Image: Samples of OCBC smishing scams that were in circulation during the December 2021 holidays (Source: CNA and Reddit)

 

What followed was a series of heartbreaking stories from victims whose life savings disappeared in an instant as a result of the phishing scams, a reflection of the severity of such cyberattacks.

Phishing is a social engineering cyberattack that leverages human weaknesses. By manipulating one’s natural responses and emotions, attackers are able to trick their victims into divulging sensitive information or performing important actions – both of which benefit the attacker in achieving their criminal objectives.

To protect our users from phishing attacks, NUS implements technology using a defence-in-depth strategy that applies protection to various infrastructure layers to secure both our systems and users. These include email filters, anti-malware tools like Trend Apex One, detection and blocking of malicious domains, and the implementation of NUS Digital Workspace etc.

However, the most crucial factor in securing the digital ecosystem of an organisation lies in our first line of cyber defense – the human firewall. Thus as part of NUS’ objective to develop a solid security awareness culture, it is imperative for every NUS staff and student to exercise positive security behaviours at all times.

Here are some key tips that everyone should keep in mind:

With a strong awareness and practice of positive security behaviours, we can protect ourselves from becoming a victim of phishing scams. In these crucial times where threats and adversaries are ever evolving, as a community, we must also constantly adapt and keep ourselves updated, only then can we build a sense of strong security culture within the University.

If you have any general questions on IT or IT Security, you may reach out to NUS IT Care via email itcare@nus.edu.sg or hotline +65 6516 2080.

Together, let us secure NUS bIT by bIT.