What is a Phishing scam?
Phishing is an attempt by fraudsters posing as trusted entities to steal personal and sensitive information such as usernames, passwords, Singpass login credentials, One-Time Password (OTP), online banking and credit/debit card details for malicious reasons.
Not all phishing attacks require a fake website or email. Doing this via a phone call is known as voice phishing or vishing. Targets are often lured by communications purporting to be from trusted parties such as social web sites, banks, online payment processors, government agencies or IT administrators.
How is it done?
– A scammer contacts a target via email, text message or call impersonating representatives from banks or government agencies seeking personal information.
– The target is directed to fake websites created to resemble official sites of organisations or banks.
– Personal and sensitive information such as online banking credentials, OTP, Singpass login are stolen or compromised when the target keys in these details on the fake websites.
How do I spot the signs?
1. Inconsistent and misleading information
– Emails viewed on desktop: Pay attention to the sender’s email address, which may closely resemble a company’s official email address. Hover your mouse cursor over links in emails to reveal the true destination of the link. A small window will appear above the link to display the actual URL. If the URLs do not match, it could be an indication of a phishing attempt.
– Emails viewed on mobile device: A long-press on the link will display a window with the actual URL. If the URL looks suspicious, do not open the link.
– Websites: Scammers create phishing websites that are visually similar to legitimate websites.. Look out for the lock icon beside the URL link in the address bar or https:// which signals that data traffic within the site is encrypted.
2. Requests for confidential information
The Bank will never ask for your personal information such as national identification number, Singpass or online banking login credentials and credit/debit card details to be sent over email or text message. If the sender claims to be a bank representative and requests for your bank account number, this should raise a red flag immediately.
3. Suspicious attachments
Scammers may send attachments in their emails or text messages to infect a target’s device with malware and steal data. Beware of suspicious file names and types.
4. Unexpected emails or text messages
Scammers frequently send mass emails or text messages to large groups of people, hoping to catch someone who responds. If you receive an email or message with links or attachments regarding a transaction that you did not perform, do not click on the links or open the attachments. Verify the authenticity of message or request through the organisation’s official channels.
Sample of phishing email and text message
What should I do if I am a victim of a phishing scam
– Change your password immediately.If the compromised password is commonly used across other accounts, change those too. It is advisable to use a different password for each of your online accounts.
– Run a full system scan with an anti-virus software if you have clicked on a link or opened an attachment.
– Call the bank if you have revealed your banking details or credit/debit card credentials.
– Monitor your bank accounts for suspicious activities such as unauthorised purchases or withdrawals.
– Lodge a police report online on the Singapore Police Force website or in person at a police station.
– Report the phishing attempt to the Singapore Computer Emergency Response Team (SingCERT) at singcert@csa.gov.sg.
How do I stay safe?
Tip #1: Only access our banking services via our official website
Our official domain and sub-domains include:
– sc.com
– sc.com/sg
– retail.sc.com/sg
Check that you are using the official Standard Chartered website in two steps
Step 1:
Type the Standard Chartered URL directly in the address bar of your web browser on your desktop or your mobile phone and look for the lock icon beside the URL link in the address bar.
Step 2:
Click on the lock icon and a drop-down window will appear. If the drop-down window displays that the connection is secured, it means that any data traffic on the webpage is encrypted.
Sample of the lock icon:
Note: Ensure that you are using the latest version of web browser or mobile operating system available, as these may provide advanced security features such as anti-phishing and forged website identification. If such features are available, you are advised to turn them on.
Tip #2: Do not act on suspicious links or QR codes
Verify the URL in the email or text messages. Ensure that the website is legitimate by keying in the organisation or bank’s official web address on the web browser.
Watch out for any message or email which pleads for assistance, invokes a sense of fear, urgency or curiosity. This might be a phishing attempt to steal your personal information.
Tip #3: Use Push Notifications in SC Mobile
Turn on in-app push notifications in SC Mobile to get notified via a secure channel.
Learn to spot the signs by taking the anti-scam quiz by the National Crime Prevention Council.
Sources:
https://www.csa.gov.sg/gosafeonline/go-safe-for-me/homeinternetusers/spot-signs-of-phishing