IN CASE YOU MISSED IT

Is this POSB website real? Don't bank on it

This story was first published in The Straits Times on Feb 4, 2014

AT FIRST glance, it looks just like the POSB Internet banking website. But a closer inspection reveals key differences - such as how the fake site's address starts with http://home.e-posbsg.com when the real one begins with http://www.posb.com.sg

This latest attempt at "phishing" has created an online buzz, with many netizens alerting each other about the bogus site which sought to steal customers' banking details. One such thread on the Hardwarezone forums website has attracted over 30 comments since Sunday.

DBS, Singapore's largest bank which owns POSB , said the phishing site, which was detected on Jan 10, was designed to steal customer identity names, personal identification numbers (PINs) and one-time passwords (OTPs).

 A DBS spokesman added that no customers were affected as the bank acted to take down the site within hours, and issued an alert.

DBS and POSB are not the only banks to be targeted by scammers.

Mr Pranav Seth, head of e-business at OCBC Bank, said his bank has also found a number of phishing sites. But there have been no reported incidents of its customers falling prey to them.

"We monitor the Web for such sites regularly and shut them down as soon as we discover them," said Mr Seth.

Banks also typically have hotlines customers can call if they suspect fraudulent activity and transactions involving their banking accounts.

Another trick scammers use is to ask for account details through e-mail, text messages and even phone calls.

But a spokesman for UOB said banks will never ask customers for confidential information - such as their PINs, OTPs or credit card details - in these ways.

DBS also advised customers to always type in the URL address of the POSB website directly into a Web browser's address bar.

This is because crooks have been known to send fake e-mails, that appear to be from banks, with links that look like they connect to legitimate sites. But these links actually link to phishing sites.

Consumers could also use software that can automatically check if a URL address is safe before visiting it, said Mr Alvin Tan, regional director for IT security firm McAfee in Singapore and the Philippines.

Using the latest Web browser versions with anti-phishing tools would help, too, he said. Keeping operating systems updated with patches to plug security holes also helps.

But things may get trickier.

Mr Sharat Sinha, vice-president for Asia Pacific at Palo Alto Networks, warned that phishing sites are becoming more sophisticated, and coming up with new ways to illegally capture identity names and passwords of users.

Clamping down on phishing sites can be also hard as such sites are often based in other countries, he explained.

Still, Mr Sinha said, companies can use security tools to block phishing sites from being accessed by workers to prevent potential phishing or even malware attacks.

Mr Tan said that crooks are also focusing attacks against large financial and e-commerce firms.

But as financial institutions become more proactive in fighting phishing, criminals are targeting smaller credit organisations, which could be less technologically savvy, he warned.

kennyc@sph.com.sg

This story was first published in The Straits Times on Feb 5, 2014

To subscribe to The Straits Times, please go to http://www.sphsubscription.com.sg/eshop/