Bank phishing scams: How to protect yourself

Bank phishing scams: How to protect yourself

OCBC SMS Phishing scams
Examples of phishing SMS and website affecting OCBC customers.  (Image: OCBC Bank)

SINGAPORE: Phishing scams targeting bank customers have become more common, with the police having issued several advisories over the past year. 

The scams may come in different forms - from calls to emails and SMSes which direct victims to fradulent websites asking for their personal information, including Internet banking details. 

Amid a police warning on Thursday (Nov 22) of a resurgence of such scams targeting DBS and POSB customers, here's what you should know about phishing attempts and how you can protect yourself. 


According to the Monetary Authority of Singapore (MAS), the most common phishing method is a spoofed email which claim to be from a financial institution, credit card issuer or service provider. 

Common tactics used to get victims to release information include telling them that their credit card is the subject of a police investigation; informing victims to reactivate their account after a security update; asking victims to update their profile as well as tricking them into believing that they have won a lucky draw. 

Victims who fall for the ruse typically click on a link which would lead them to a fraudulent website where they are deceived into entering their personal details. 


The trouble is that many of those fraudulent websites have URLs which look similar to the real deal. 

For instance, victims of phishing SMSes purportedly sent by DBS or POSB were directed to websites with addresses such as, as well as 

The banks' actual Web addresses are: and

To avoid being scammed, MAS' advice is to always type the full URL of the bank into the browser address bar, and to never click on any link or attachments purportedly sent by banks in SMSes or emails. 

You can also use the official mobile banking application to ensure that you are using legitimate banking services, said the police. 


Major banks such as DBS Bank, OCBC and UOB have published advisories on phishing scams and here's what you should consider if you receive suspicious SMSes or emails:

  • Your bank will never send you emails asking you to divulge any confidential or personal information.
  • Never disclose information such as account username, password, PIN, OTP or bank account or credit card numbers to anyone, including bank employees or law enforcement officers. 
  • Before clicking on any link, hover your mouse over it to check the destination address. If the address doesn’t lead you to the website you are expecting, it is likely to be a phishing attack. 
  • Look for the secure symbol in the URL. Secure websites use "https" rather than "http" at the start of the address, or a closed padlock or unbroken key icon at the bottom right corner of your browser window. Legitimate websites are generally encrypted to protect your details. 
  • Ignore requests to transfer funds to unknown parties. 


If you suspect that you have become a victim of phishing, report it to the bank immediately.

For scam-related advice, you may call the anti-scam helpline at 1800-722-6688 or go to

Source: CNA/jt(gs)