Phishing scheme targeting POSB customers: DBS

Phishing scheme targeting POSB customers: DBS

Screenshot phishing email POSB DBS
Screenshot from the DBS phishing alert, showing a sample of the malicious email. 

SINGAPORE: DBS Bank warned on Thursday (May 3) of a phishing scheme targeting POSB Bank customers and mimicking the POSB Internet Banking login page.

In a phishing alert posted on its website, DBS provided a sample of the "malicious email" that had been sent to some customers. The email claimed that banks in Singapore were under attack by hackers, and instructed customers to click on a link to update their accounts and keep their money safe. 

DBS, which owns POSB, said that customers who clicked on the link in the email would be redirected to a non-POSB website such as: 

  • hxxps[:]//[.]html

  • hxxp://

  • hxxps://virutallin[.]gq/secure/update/verification/posb/index[.]html

"Such phishing sites are designed to steal customer details, logins, PINs and OTPs in order to perform fraudulent transactions," the bank said in its security alert. 

A DBS spokesperson told Channel NewsAsia on Friday that there have been no reported cases of customers falling prey to the scam. 

The bank was aware of the phishing email and took down the website on Thursday evening, the spokesperson said, adding that it actively takes down phishing sites to protect customers. 

“We are mindful of the threats from phishing, virus and malware targeting online and mobile devices," the spokesperson said. 

"We actively alert our customers to any unusual Internet banking login experience that may be caused by phishing or malware intrusions via our website. We also continuously raise awareness among customers on how they can better protect themselves via communications channels such as emails, online banners and bank statements."

According to the spokesperson, customers should never give out their userID, iBanking PIN or OTP over phone or email. DBS staff do not ask for such information as well, the spokesperson added.

To protect themselves from falling prey to the scam, DBS advised customers to always type in the URL of the DBS or POSB website directly into the address bars of their browsers, and to never reply to unsolicited emails. 

On the official DBS or POSB website, there should be a "padlock" icon on the address bar of the web browser and when this icon is clicked, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS. 

Customers are also encouraged to use the latest versions of Internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. 

If unknown transactions appear on their accounts, they should also call the bank immediately at 1800 111 1111 for personal banking or 1800 222 2200 for business banking, DBS added. 

This is the seventh phishing security alert DBS has issued on its website since the start of the year. 

Source: CNA/mz