How to stay protected from online scams

How to stay protected from online scams


If you've only got a minute:

  • Phishing scams aim to obtain sensitive personal information from target individuals with the aim of stealing your money or identity.
  • Knowing how to spot a phishing scam can protect you from falling prey to one.
  • You can use Payment Controls within DBS digibank app to manage your credit card security features.
  • Never share sensitive details like passwords, PINs, One-Time Passwords, credit card details, or account numbers via email, phone, or text messages.


Received an SMS from a bank asking you to click on a link, which then takes you to a webpage that requires you to key in your login details? There’s a possibility that it’s a phishing scam.

The number of phishing scams in Singapore hit 8,500 in 2022, more than twice the number in 2021, with more than 80% spoofing a bank or financial service, according to the Cyber Security Agency (CSA).

In Singapore, millions of dollars have been lost to scammers in recent years, with the victims coming from all walks of life from retirees to millennials. In fact, 51% of scam victims in 2023 were young adults between the ages of 20 and 39.

This is why it is important to understand how online scams generally work as it will allow you to spot some key tell-tale signs. That way, you are better prepared to protect yourself against them.


What are phishing scams?

Phishing is a type of social engineering attack where scammers pose as legitimate institutions and individuals through websites, messaging platforms, and social media, with the aim of obtaining sensitive personal information from targeted individuals.

The type of information they try to obtain includes your NRIC, name, date of birth and email, usernames and passwords, bank account details and even credit card numbers. With it, they can access your account to try to steal your money or identity.

Common ways phishing scams work

It’s important to identify the tell-tale signs of phishing scams to prevent becoming a victim.

Phishing often relies on catching your attention through an emotional response, such as fear, curiosity, or a desire for a good deal on products or services.

Over the years, phishing scams have become more sophisticated. In the past, it would be easy to spot spelling errors and typos on fake websites. But these days, they often look identical to official ones and have URLs that can appear close to the legitimate webpage’s URL. QR codes or short links are also used to trick you into visiting phishing websites.

Phishing can also be done using an International Domain Name (IDN) homograph attack. This allows the scammer to set up a fake webpage that shows the correct address — with the secured connection lock in the browser bar — but leads you elsewhere.

Social media and messaging apps are also rife with phishing. Watch out for fake accounts that respond to customers who ask for help on brands’ social media accounts. Advertisements or online marketplaces for products and services on social media or search engines could also be phishing in disguise. The scammer may interact with you personally to lower your guard before asking you to visit a link or download an app.

Be careful of what information you post on your public profile too as it allows for scammers to create personalised phishing attacks. They could even use an account they’ve broken into to continue existing messages or threads to increase the believability of their requests to you.

That’s how phishing emails can infiltrate ongoing email threads, leading you to inadvertently click on a link thinking it’s from a colleague and your computer starts downloading all sorts of malware and spyware.

When it comes to payments, always verify payment requests and confirm their authenticity through direct contact with the service provider.


How to prevent phishing scams

Here are some tips to shield yourself from being scammed:

Protect yourself

  • Ask yourself if you are expecting any message or call.
  • Avoid clicking on links in unexpected emails or messages - key in website URLs directly.
  • Verify the information on the official website, social media, or phone numbers instead.
  • Verify the identity of the person requesting information through another means of contact, such as a phone call if they've emailed you.
  • Enable 2-Factor Authentication for all accounts.
  • Never share your One Time Password (OTP) with anyone.
  • Be skeptical of offers promising prizes or rewards – if it sounds too good to be true, it probably is.

Protect your devices

  • Secure your devices by making sure the operating system is kept up to date.
  • Only download mobile apps from official app stores like Google Play Store, Apple App Store, or HuaWei AppGallery. These have security measures to minimise the risk of malicious apps.
  • Never sideload apps from third-party websites, emails, SMSes, or social media.
  • Install mobile anti-virus apps that can detect and block malware and malicious phishing links.

How not to fall for common credit card scams

Apart from gaining your password and personal particulars, scammers can also obtain your credit and debit card details. Card security can be compromised in several ways during travel and online shopping.    

When travelling

Don’t use unsecured public Wi-Fi networks. These networks are often targeted by cybercriminals who can intercept data transmitted between your device and the websites you visit, potentially gaining access to your credit card information when you make online purchases or check your bank account.

Deceptive ATMs or point-of-sale terminals may be rigged with card skimmers. These devices record card details, so that when you use them, criminals can steal your card data without your knowledge.

When online shopping

Scammers sometimes send enticing offers via email or create fake e-commerce websites that mimic legitimate ones, luring shoppers to input their card information. And before you know it, your next credit card bill comes with a shocking amount not made by you.

Even if you don’t fall for a fake website or click a suspicious link, your stored card details on a merchant’s site may be compromised if the merchant gets hacked. We’ve all heard about how the personal details of consumers have been leaked online in several hacking cases.


Implementing Payment Controls

Fortunately, there are safeguards and measures you can take to better protect your card with DBS Payment Controls.

Here are 3 examples of card controls that you can implement.

1) Lock/unlock your Debit/Credit Card temporarily

You can do this immediately if you suspect you’ve clicked on a phishing link or misplaced your card. By temporarily locking your card, you can still unlock it at a later date and continue using your card, unlike blocking your card entirely, which renders it unusable.

2) Disable online transactions

If you decide not to use a particular card for a while due to a change in lifestyle you can activate this feature to ensure that no transactions can be made.

3) Disable the overseas transaction function

Disable this function when not travelling so that if your card falls into the wrong hands overseas, no one can use it to make purchases.


Access Payment Controls

Payment Controls also lets you disable cash advance transactions and set a monthly spend limit each billing cycle, so in the event your card falls into the wrong hands, a scammer won’t be able to use your card for unauthorised transactions.

Step 1: Log on to your DBS digibank mobile app

Step 2: Click on More

Step 3: Under Manage Cards & Loans, select Payment Controls

Step 4: Select the Card you wish to customise and toggle switch on/off

In doing so, you reduce your risk of falling prey to scams. About 40% of the customers who called in about fraud disputes had no active Payment Controls and were between the ages of 26 to 40.

Stay informed and protected

Not sure if something is a scam?

If you have suspicions, you can:

  • Check the latest scam info at this online portal.
  • Call Singapore’s anti-scam hotline (1800-722-6688).
  • Block the sender.
  • Report a suspicious looking email or SMS via the ScamShield app.

If you suspect that you have fallen victim to a phishing scam, or notice any suspicious transactions, immediately call our DBS fraud hotline at 1800-339-6963 or 6339-6963 (Overseas). You can also provide further information to the police online or call them at 1800-255-0000.

Don’t wait. Protect yourself from card fraud and scams. Use the Payment Controls feature on your digibank app now.

Make sure you get smarter against phishing attacks by learning about new tools to guard yourself financially while banking online. Check out how to stay protected and live cyberstrong with #BSHARP’s guides.

Ready to start?

Speak to the Wealth Planning Manager today for a financial health check and how you can better plan your finances.

Let's Meet

Alternatively, check out Plan & Invest tab in digibank to analyse your real-time financial health. The best part is, it’s fuss-free – we automatically work out your money flows and provide money tips.

Log in Now

Disclaimers and Important Notice
This article is meant for information only and should not be relied upon as financial advice. Before making any decision to buy, sell or hold any investment or insurance product, you should seek advice from a financial adviser regarding its suitability.

Thank you. Your feedback will help us serve you better.

Was this information useful?

That's great to hear. Anything you'd like to add?
We're sorry to hear that. How can we do better?
Enter only letters, numbers or @!$-(),.