SINGAPORE - If you receive e-mails from DBS Bank or Singapore Airlines asking you for your personal information and credit card details, be on your guard as they may well be a phishing attempt, the police said in an advisory on Wednesday (Dec 20).
The police have received several reports where victims say they were cheated into giving up such information after responding to these e-mails.
The victims found later that their credit cards had been used to make unauthorised transactions in foreign currencies.
The phishing attempt goes like this: The victim receives an e-mail from a site posing as DBS Bank, saying that their i-banking accounts have been locked due to multiple failed log-in attempts.
Another variation of the e-mail is from "Singapore Airlines", asking the victim to take part in a customer satisfaction survey with the promise of a reward.
After victims click on the links provided in the e-mails, they are instructed to unlock their accounts or complete surveys.
They are then directed to a website resembling either DBS or Singapore Airlines, where they are asked to enter their personal information and bank account details such as credit card numbers and card verification value for verification.
After doing so, the victims received one-time passwords on their mobile phones, which they are prompted to key into the website.
The victims later received SMS notifications of foreign transactions made on their credit cards.
A DBS spokesman told ST on Wednesday that the bank is mindful of the threats from phishing, viruses and malware targeting online and mobile devices.
"We actively alert our customers to any unusual internet banking login experience that may be caused by phishing or malware intrusions via our website http://www.dbs.com.sg/security," he said.
He added that the bank also continuously raises awareness among customers on how they can better protect themselves via communications channels such as e-mails, online banners and bank statements.
"If customers detect any unusual activity, they should inform the bank promptly, so that we are able to take the necessary action to protect them from incurring any loss," he said.
The bank reminded customers never to give out their user IDs, iBanking PINs or OTPs over the phone or e-mail.
If any customer suspects that his or her user ID, PIN or token has been compromised, or if they identify any suspicious activities on their accounts, they should contact DBS immediately at 1800-111-1111.
SIA also advised customers to exercise discretion when revealing personal data and credit card details to unverified sources in a statement on its Facebook page on Wednesday.
The police advised the public to adopt the following preventive measures:
- Be wary when you are asked to disclose your personal information and bank account details over the Internet;
- Beware of phishing websites that may look genuine. Look for signs that you are using a legitimate or secure website. These websites are generally encrypted to protect your details. Secure websites use "https:" instead of "http" at the start of the Internet address, or display a closed padlock or unbroken key icon at the bottom right corner of your browser window; and
- Report any fraudulent charges detected in your credit card bills to your bank immediately.
The public can seek scam-related advice by calling the anti-scam helpline on 1800-722-6688 or go to www.scamalert.sg.