Security Advisory

Phishing & Whaling

Spam emails from your bank or merchant are sent to a mass mailing list with the intention to lure customers to seemingly legitimate banking or retail web sites to enter their personal or financial information such as names, identity numbers, credit card numbers and account numbers. This is known as phishing, as the mails target anyone who will bite the bait, just like in traditional fishing. This has been around for several years.

Following that, there was spear phishing. Here the emails are sent supposedly from a person known to the recipient, and typically a respectable name or someone of a higher rank than the recipient. He is then asked to provide some information or download a file which will contain a Trojan which allows the hacker to gather information from the recipient.

These methods work as it targets human traits such as respect for superiors or known public figures and greed.

The new buzz word is whaling and it works in a similar way, but targets the big fish - the top management of companies and top earners. Surveys have shown that people who earn more than 130,000 received 50% more spam, and lose 3.8 times more money when they fall prey to such attacks.

MAS has also recently highlighted that Asian Banks may soon be the target of major phishing attacks that have to-date focused on European markets.

Some Do's and Don'ts to protect against Phishing and Whaling:

  • When in doubt, don't provide any personal or financial information. You never know who is able to see your information.
  • Never click on website links from emails - always key the address into your web browser, especially if they look like a request for personal information.
  • Always keep your desktop protection software updated. These include anti-virus, anti-spyware, firewall and other software.

Learn more about the Verisign Extended Validation SSL Certificate
How can we help?
DBS Singapore | DBS Healthcare Privileges
Next Steps
Quick Links