I Got Scammed
Some thoughts on recent chicanery and how to avoid it
There’s a lot to love about living in Singapore, but the place is by no means immune from scams. Generally speaking, the scams that I’m exposed to are pretty obvious. Almost entirely, they are calls that come in to my cell phone multiple times a week that claim to be from the Ministry of Health or the ICA, but are reported as coming from Bulgaria or Hong Kong. If you answer, and wait long enough, you get transferred to someone speaking Mandarin, who very shortly hangs up once they discover that you don’t speak it, too. These are obvious, and kind of hilarious. I’m not above waiting to get to the human to sing them a song, or tell them they are wasting their life, or put them on speaker when the calls come in while I’m teaching. Occasionally, the scams come through SMS or WhatsApp. These scams usually offer me money at low interest rates, or the opportunity to make thousands of dollars working from home. No humans to talk to for these kinds of scams, so I just block the number and move on. I imagine that there’s nothing special about either of these types of scams that is unique to Singapore. It seems like everyone I know gets versions of these scams wherever they live.
It might sound a bit over-confident (particularly given the focus of this piece) but I’ll note that in terms of a gullibility or scam-awareness spectrum, I’m pretty far to the right of the distribution. Typically, I’m the person that my family consults with if they are suspicious that they are being scammed. And even then, my family are not typically scam victims. My father had a brief, and relatively cost-free tango with a printer driver scammer about ten years ago, but since then, I can’t recall anyone in our family being the victim of a scam.
Until this week, when the victim was me.
How I got scammed
I was home with the children, while my wife and mother-in-law were visiting the Botanic Gardens. Immediately after taking delivery of a package, I got a text message claiming to be from SingPost, the local mail carrier. Another package was due to be delivered today, please click the link to find out more. So I did that.
Let’s pause here to note that this was my major error. I should have known better than to ever click on a link in a text message from anyone I don’t know. But for whatever reason, likely having to do with some cognitive priming due to the package that was just delivered, I didn’t think twice about it this time. After all, the text message was from “SingPost.”
Clicking the link in the message took me to a website that looked exactly like the SingPost website, replete with warnings about a recent uptick in scammer activity. The website informed me that SingPost had a package for me, but that delivery was being held because a postage fee of S$1.09 was owed. If I paid the fee right now, on the website, same-day delivery could be arranged. For a moment, I did consider sending the message over to my wife to see if she was expecting anything, but then I decided that was a waste of time, when I could just pay the minuscule fee¹.
So I did that. Except, of course, that’s not what I actually did. What I did was generate a One-Time Password (OTP) that I then was asked to input into the same website. This information, along with my card, were then used by the scammers to add my card to a digital wallet so that it could be used by whomever was scamming me for whatever they wanted. Fortunately, adding the card to a new digital wallet generated a text message from my bank telling me as much. Which meant that within five minutes of having given my information to the scammer, I was able to call my bank, explain the situation, verify that my card had not been used for any purchases yet, and cancel the card. A new one arrives in 3–5 business days. The scammers didn’t even charge the S$1.09 they initially asked for.
I knew enough to know that adding my card to a new digital wallet was not something I had authorized. Because of this, I was able to handle the situation at no real cost to me except for the inconvenience of living for a week without a functional debit card and the need to fill out a police report. But it’s hard to know how much worse things would have gotten had I not been quick to act once I realized something was weird.
So, what did we learn?
I mean, the first thing that I learned was that you should NEVER CLICK ON LINKS SENT VIA SMS. Which I already knew, but forgot for just long enough that it became an opening to get scammed. And even knowing that now, I’m sure that I will still occasionally click SMS links that come from people I know and love to things like Instagram posts, or NYTimes articles, etc. Maybe I’ll be mindful enough to ask first. I’m sure I generally will not.
I actually think the more important thing that I learned here is a reminder that you do not have to be stupid to fall for scams (or at least no more stupid than anyone else). It’s easy to read stories about people getting scammed, or see them in the media, and come away feeling self-satisfied that you are not as gullible as the victims in those stories. I have certainly had that feeling at times when I have heard scam stories. But this seems to be my most essential learning from the experience: Scams are as much a function of the victim’s context as they are a function of the victim’s actions and ignorance. Most people who are scammed know that the scam they fall prey to exists before it impacts them. Their victimization is much more a function of circumstance than it is of their lack of skepticism. I put this story here in the hope that it can serve as both a warning about the specific nature of the scam that I fell for, and as a reminder that getting scammed can happen to all of us, no matter how wise to the ways of the world we think we might be.
And also as a way to sincerely tell every scammer in the world to go fuck themselves. What an absolutely miserable thing to do to make one’s way in the world.
1- This specific variant of a scam, impersonating SingPost and phishing for an OTP via purported owed postage is widely enough known to have its own cautionary webpage.
Do you have a similar experience with scammers? Is there something that I have missed in my recounting of how I got scammed? Drop a line in the various places, or leave a comment on the post. Thanks for reading!
