Several reports have been made by victims of phishing websites after they responded to e-mails purportedly sent by DBS Bank or Singapore Airlines, said the police on Wednesday (20 December).
In these cases, the victims would either receive an e-mail purportedly from DBS Bank informing them that their iBanking accounts have been locked due to multiple failed log-in attempts, or from Singapore Airlines asking them to take part in customer satisfaction surveys or contests, with the promise of “rewards”.
These rewards could range from free air tickets to credits, said Singapore Airlines in an advisory posted on its Facebook page on the same day.
After clicking on a link in the e-mail, the victims would be redirected to a website – one resembling those of the respective businesses – where they would be asked to enter their personal information, including bank account details, credit card and Card Verification Value (CVV) numbers.
Upon doing so, they would receive a One-Time Password (OTP) on their mobile phones to key into the website. The victims later realised that unauthorised transactions in foreign currencies had been made on their credit cards.
A DBS Bank spokesperson told Yahoo New Singapore that the bank is mindful of the threats from phishing, virus and malware targeting online and mobile devices.
“We actively alert our customers to any unusual internet banking login experience that may be caused by phishing or malware intrusions via our website http://www.dbs.com.sg/security,” he said.
He added that the bank also reminded customers not to give out personal information such as user IDs, iBanking PINs or OTPs over the phone or email.
“If the customer suspects that his/her userID, PIN or token have been compromised or they identify any suspicious activities on their account, they should contact DBS immediately at 1800-111-1111,” said the spokesperson.
The police have advised members of the public to beware of phishing websites that look genuine and to immediately report any suspected fraudulent credit card charges to their cards’ respective banks.
“Secure websites use ‘https’ instead of ‘http’ at the start of the Internet address, or display a closed padlock or unbroken key icon at the bottom-right corner of your browser window,” said the police.
Members of the public can seek scam-related advice by calling the anti-scam helpline at 1800-722-6688 or go to www.scamalert.sg.
This story was updated at 5.45pm on Thursday (21 December 2017) to reflect DBS’s response to Yahoo News Singapore’s queries.
More Singapore stories: