Grab removes payment on gaming sites, users lodge police report over unauthorised transactions

Grab has been involved in a series of phishing scams, which has caused its GrabPay users to lodge at least five police reports regarding unauthorised transactions, according to The Business Times. The article added that each of the transactions involved hundreds of dollars, and were made via GrabPay to eCommerce marketplaces Qoo10 and Razer Gold. The Singapore Police Force has declined to comment on the matter to MARKETING-INTERACTIVE, as the cases are currently being investigated and the information are confidential. 

This comes weeks after the Singapore Police Force warned the public about a new variant of phishing scams involving fake Grab advertisements and other fake deals. According to the police, this variant of scams see victims come across a fake advertisement on Facebook or Instagram, offering cheap iPhone deals or Grab coupons. After clicking on the URL link embedded in the fake advertisements, the victims would be directed to a fake Grab website where they are required to provide their mobile phone number and One-Time Passwords (OTPs). The police also added that most victims only realised that they have been scammed when they discovered unauthorised transactions in their GrabPay accounts. 

In a blog post by Grab, the company confirmed that it did not push out such advertisements. The post showed examples of the fake advertisements and sites, and explained to consumers how the scam worked. Grab also said that the majority of the transactions that resulted from the new variant of scam were purchases of game credits on gaming websites.

To combat the rise of this kind of scams, Grab said it has removed GrabPay as a payment option on gaming websites to eliminate this avenue for the scammers. It is also taking additional actions to protect its users. These include assigning dedicated teams to monitor and take down fake advertisements and phishing websites, as well as tightening GrabPay online transaction flows by putting in place additional checks in the payment process and tightening validity duration of each payment session.

Grab has also sent additional reminders to its users that Grab does not ask for your personal information and OTP in any of its promotional campaigns or advertisements. This is in addition to its regular advisories issued to ensure its users stay vigilant for scams. Additionally, Grab reminded users that users' OTP need to be shared for fraudulent transactions to be completed. 

In a statement to MARKETING-INTERACTIVE, a spokesperson from Grab said it is aware of the reported cases and is working closely with the authorities and its partners in the investigations. "We wish to assure our users that our platform remains secure. Grab takes fraud seriously. As fraudsters are known to evolve constantly and find new ways to target users, we have implemented artificial intelligence and machine learning to detect and study fraudulent activities. This will enable us to continuously put in place more stringent preventive measures to keep our users’ accounts safe," the spokesperson added. 

Grab's spokesperson also urged users to stay vigilant as they shop online, especially during this festive buying season. Users should not share their personal account information and Grab-generated OTP with anyone else to keep their accounts safe.

Cyber attacks have been increasing prevalent, especially in Singapore. Following a slew of data breaches in recent months from companies such as ShopBack, Razer, RedDoorz, Shopify, and COURTS Singapore, the Singapore government most recently proposed to issue a fine of up to 10% of a company’s annual turnover in Singapore, or SG$1 million (whichever is higher), should a company be found guilty of a data breach. 

Although cyber attacks can be detrimental to brand trust, PR players are of the view that all is not lost for brands should it occur. In a previous conversation with MARKETING-INTERACTIVE, Nadia Chan, general manager, PR Communications, said said while many believe companies’ reputations will be severely tarnished by data breaches, sometimes data breaches can actually foster a deeper sense of brand loyalty and stronger customer relationships if brands are able to handle it well.

"While the issue has already taken place, what matters is how well one responds to it," she said, adding that good practices include showing empathy towards those affected, being proactive and transparent. 

Join us on week-long journey at PR Asia 2020 as we delve into topics such as diversity, cancel culture, future of PR, PR with a purpose and many others from 8 to 11 December. Sign up here!

Related Articles:
Analysis: PR rule book amidst a data breach
Analysis: SG govt to fine brands caught in data breaches
Analysis: Why RedMart SG's data breach is unlikely to dampen Lazada's mega 11.11 bash