How to protect yourself against bank phishing scams

How to protect yourself against bank phishing scams

Screenshot phishing email POSB DBS
Screenshot from the DBS phishing alert, showing a sample of the malicious email. 

SINGAPORE: Following a warning from DBS Bank on Thursday (May 3) of a phishing scam targeting POSB Bank customers, the Monetary Authority of Singapore (MAS) issued an advisory on Sunday flagging a rising number of such scams in the past week.


Phishing is a way of obtaining sensitive personal information such as your banking account details, PIN, one-time passwords (OTP), credit card number, user ID or password through the Internet, in order to perform unauthorised banking transactions.

According to the MAS, the most common phishing method is a spoofed email purporting to be from a financial institution such as a bank, credit card issuer or service provider. 

The emails usually use the following claims to get the consumer to release their personal information:

  • "Your account is currently being updated as we are introducing a new security system. Follow the instructions below to reactivate your account."
  • "Your credit card is the subject of a police investigation for fraud. Please follow the instructions below."
  • "Our records indicate that payment for your Internet account is due. We are also currently introducing a new e-payment service. Please follow the instructions below."
  • "You are the lucky winner of our lucky draw. Please submit your credit card details so that we can verify your identity."

The phishing emails typically contain URL links, which when clicked, direct you to fake webpages that look like the websites of legitimate financial institutions, MAS said.

Perpetrators often use these fake webpages to harvest consumers' sensitive personal information. The webpages may also contain malware aimed at infecting consumers’ computing devices.


In its advisory, the central bank provided some advice to help identify potential phishing attacks.

Here's a list of tips from MAS on protecting yourself from scams:

  • Your bank will never send you emails asking you to divulge any confidential or personal information.
  • Never reveal your PIN or OTP to anyone. No bank would ever ask you for your PIN or OTP (via email or phone) for whatever reason.
  • Do not click on any link to log on to bank websites or open attachments in emails purportedly sent to you by your bank, credit card issuer or service provider. Instead, always enter the full URL or domain name of your bank or credit card issuer into your browser address bar. If you are unsure of the web address, contact your bank for the information.
  • Check your bank's website regularly for more information on announcements and advisories related to Internet security.
Source: CNA/mn