Latest Security Alerts

Stay updated on the latest security news that might affect the way you bank online.

Phishing Alert

Date: 06 November 2018 (first posted on 21 Sept 2018)

Description: We have detected phishing SMSs leading to phishing webpages targeting customers and mimicking DBS and POSB’s Internet Banking login pages. Such phishing sites are designed to steal customer details, logins, PINs and OTPs in order to perform unauthorised, fraudulent transactions.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a non-DBS website.

Who might be at risk?
DBS and POSB iBanking customers

How can you protect yourself from this?

  1. Be alert and always verify the details in messages from DBS and POSB. Always check that the message reflects your intended actions and do not proceed or authorize suspicious transactions.
  2. Always type in the URL of DBS website directly into the address bar of your browser.
  3. Check that you are using the official DBS or POSB websites. Always type the DBS or POSB websites URL directly into the address bar of your browser. If you are on mobile, consider using our official DBS or POSB Digibank applications.
  4. Never reply to unsolicited SMSs or emails. Responses to such SMSs or emails could be used by fraudsters to socially engineer information or trick users into performing unwanted actions.
  5. DBS will never request for your PIN, password or OTP through phone call, email or SMS. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

SMS Alert

Date: 15 November 2018

Description: We have detected multiple SMS and online advertisements impersonating DBS or purporting to be from DBS. If a user clicks on the link, they will be redirected to a website purporting to be a cryptocurrency investment programme. Such websites are designed to trick users into conducting fraudulent bank transfers or credit card transactions.

Who might be at risk?
DBS Customers

How can you protect yourself from this?

  1. Be alert and always verify the details in messages from DBS and POSB. Always check that the message reflects your intended actions and do not proceed or authorize suspicious transactions.
  2. Always type in the URL of DBS website directly into the address bar of your browser.
  3. Check that you are using the official DBS or POSB websites. Always type the DBS or POSB websites URL directly into the address bar of your browser. If you are on mobile, consider using our official DBS or POSB Digibank applications.
  4. Never reply to unsolicited SMSs or emails. Responses to such SMSs or emails could be used by fraudsters to socially engineer information or trick users into performing unwanted actions.
  5. DBS will never request for your PIN, password or OTP through phone call, email or SMS. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

 

Alert Archives

Phishing Alert

Date: 03 October 2018 (first posted on 21 Sept 2018)

Description: We have detected phishing SMSs leading to phishing webpages targeting POSB customers and mimicking POSB’s Internet Banking login page. Such phishing sites are designed to steal customer details, logins, PINs and OTPs in order to perform unauthorised, fraudulent transactions.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a non-DBS website.

Who might be at risk?
DBS and POSB iBanking customers

How can you protect yourself from this?

  1. Be alert and always verify the details in messages from DBS and POSB. Always check that the message reflects your intended actions and do not proceed or authorize suspicious transactions.
  2. Always type in the URL of DBS website directly into the address bar of your browser.
  3. Check that you are using the official DBS or POSB websites. Always type the DBS or POSB websites URL directly into the address bar of your browser. If you are on mobile, consider using our official DBS or POSB Digibank applications.
  4. Never reply to unsolicited SMSs or emails. Responses to such SMSs or emails could be used by fraudsters to socially engineer information or trick users into performing unwanted actions.
  5. DBS will never request for your PIN, password or OTP through phone call, email or SMS. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing Alert

Date: 08 October 2018 (first posted on 03 Sept 2018)

Description: We have detected phishing emails and webpages targeting DBS customers. These phishing emails come from a spoofed DBS email address and requests customers click on a link to reactivate their credit card.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a page requesting for a user’s information, credit card number and CVV followed by a request to provide an SMS OTP. Such websites are used to conduct card not present transactions but may also be utilized in order to steal personally identifiable data, username-password combinations, OTPs or infect a user’s device.

Who might be at risk?
DBS and POSB iBanking customers

  1. Always check that you are using the official DBS website. Always type the DBS website URL (https://dbs.com) directly into the address bar of your browser.
  2. Only provide your credit card details if you’re making a direct purchase. Always check that you intend to conduct a credit card transaction and do not provide an OTP to authorize payment if you are not.
  3. Always verify the details in messages from DBS. Always check that the message reflects your intended actions and do not proceed or authorize suspicious transactions.
  4. Take note of any suspicious transactions. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.

Scam Alert

DBS Phishing Email Alert

Date: 15 August 2018 (first posted on 12 Dec 2017)
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: We have detected phishing emails targeting DBS cardholder customers and containing links to phishing websites. Such phishing sites are designed to steal the customer's credit card information in order to conduct fraudulent transactions.

If a customer falls victim to this phishing email and clicks on the malicious link, they will be redirected to a non-DBS website requesting for credit card details and an OTP. A sample website is seen below:

hxxps://dal-shared-22.hostwindsdns.com/~oxfotwtl/DBS

Sample of the phishing email pretending to be sent from DBS.

Who might be at risk?
Customers

How can you protect yourself from this?

  1. Always type the DBS website URL directly into the address bar of your browser.
  2. Check that you are using the official DBS iBanking site. To do this, go to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Date: 26 June 2018 (Updated 31 July 2018)

Description: We have detected multiple SMS and online advertisements impersonating DBS or purporting to be from DBS. If a user clicks on the link, they will be redirected to a website purporting to be a DBS investment programme. Such websites are designed to trick users into conducting fraudulent bank transfers or credit card transactions.





Who might be at risk?
DBS Customers

How can you protect yourself from this?

  1. Be alert. Minimize clicking on links in advertisements as these may not be legitimate.
  2. Check that you are using the official DBS website. Always type the DBS website URL directly into the address bar of your browser. If you are on mobile, consider using our official DBS Digibank applications.
  3. Never reply to unsolicited SMSs. Responses to such SMSs could be used by fraudsters to socially engineer information or trick users into performing unwanted actions.
  4. Only provide your credit card details if you're making a direct purchase. Always check that you intend to conduct a credit card transaction and do not provide an OTP to authorize payment if you are not.
  5. DBS will never request for your PIN, password or OTP through phone call, email or SMS. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.

Phishing Alert

Date: 27 May 2018 (Updated 30 July 2018)

Description: We have detected phishing emails and webpages targeting DBS customers. These phishing emails comes from a non DBS email address and requests customers click on a link to unlock their iBanking account.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a page requesting for a user’s information, credit card number and CVV followed by a request to provide an SMS OTP. Such websites are used to conduct card not present transactions but may also be utilized in order to steal personally identifiable data, username-password combinations, OTPs or infect a user’s device.




Who might be at risk?

DBS and POSB iBanking customers

How can you protect yourself from this?

  1. Always check that the email comes from a DBS address. DBS emails are sent from an @dbs.com email address.
  2. Check that you are using the official DBS website. Always type the DBS website URL directly into the address bar of your browser. You may also check that this is the official website by going to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Only provide your credit card details if you’re making a direct purchase. Always check that you intend to conduct a credit card transaction and do not provide an OTP to authorize payment if you are not.
  4. Always verify the details in messages from DBS.Always check that the message reflects your intended actions and do not proceed or authorize suspicious transactions.
  5. Take note of any suspicious transactions. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.

Customer Advisory

Date: 20 July 2018

Description: SingHealth has reported a data breach affecting more than 1.5 million SingHealth patients. Patient data stolen included personally identifiable information such as names, addresses, birthdays, and NRIC numbers. Approximately 160,000 patients had details of medical prescriptions stolen.

Customers are advised to be alert. Stolen credentials may be used to conduct social engineering and phishing scams. Such scams utilize personally identifiable information to appear legitimate.

How can you protect yourself from this?

  1. Be alert. Do not provide personal or bank information to unsolicited callers.
  2. Never give out any sensitive personal information (including login passwords or one-time passwords) over the phone or via email. Our staff will never ask you for such information.
  3. Hang up and call DBS directly if you are in any doubt of a call, SMS or email’s validity. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you receive such calls.

Phishing Alert

Date: 19 June 2018

Description: We have detected a phishing website targeting DBS IDEAL customers and mimicking the DBS IDEAL login page. Such phishing sites are designed to steal customer details, logins, PINs and OTPs in order to perform fraudulent transactions.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a non-DBS website which requests for their Organisation ID, User ID and PIN. Once these details have been provided, customers are directed to a page requesting for the customer’s IB Secure PIN and redirected finally to a fake MAS webpage.




Who might be at risk?
DBS IDEAL customers

How can you protect yourself from this?

  1. Always type the DBS website URL directly into the address bar of your browser. If you are on mobile, consider using our official DBS IDEAL application.
  2. Never reply to unsolicited emails. Responses to such emails could be used by fraudsters to socially engineer information or trick users into performing unwanted actions.
  3. Always verify the details in messages from DBS. Always check that the message reflects your intended actions.
  4. Customers are also encouraged to use the latest versions of internet browsers available. Using the latest browsers may provide advanced security features such as anti-phishing and forged website identification.
  5. Be Alert. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.

Malware Alert

Date: 12 June 2018

Description: There are emails impersonating DBS and claiming to be details of a SWIFT wire transfer. These emails have malicious files attached and opening these attachments may trigger an infection of a user’s device with Lokibot, an information-stealing trojan. Such malware is used to steal sensitive information, which may include banking credentials and credit card details.

Who might be at risk?
DBS Customers

How can you protect yourself from this?

  1. Be alert. Be careful when opening attachments if you have not verified its source or sender.
  2. Protect your computer by updating your PC regularly as well as using anti-virus and anti-spyware software that automatically updates daily.
  3. Never reply to unsolicited emails. Responding to such emails could be used by fraudsters to trick users into performing unwanted actions.
  4. Take note of any suspicious transactions. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.

Fake Bank Alert

Date: 08 June 2018

Description: We have detected a fake banking website targeting DBS Hong Kong customers. The fraudsters behind this website utilize email and/or voice messages in order to trick users into believing this is a legitimate DBS page. Once a user has landed on the page, they are prompted to provide their login PINs before being requested to perform a wire transfer.

Such websites are used to conduct advance fee fraud but may be utilized to steal personally identifiable data, username-password combinations, OTPs or infect a user’s device.

Who might be at risk?
HK DBS customers

How can you protect yourself from this?

  1. Always type in the URL of the DBS or POSB website directly into the address bar of your browser.
  2. Check that you are using the official DBS or POSB website. To do this, go to the address bar of your web browser and look for the "padlock" icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never give out any sensitive personal information (including login passwords or one-time passwords) over the phone or email. Our staff will never ask you for such information.
  4. Hang up and call DBS directly if you are in any doubt of the call’s validity. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you receive such calls.
  5. Take note of any suspicious transactions. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.
  6. Customers are also encouraged to use the latest versions of internet browsers available. Using the latest browsers may provide advanced security features such as anti-phishing and forged website identification. If such features are available.

Fake Bank Alert

Date: 30 May 2018

Description: We have detected a fake banking website targeting DBS customers. This fake bank mimics DBS’s webpage in order to trick customers. The fraudsters behind this website utilizes both email and voice to trick users into providing their personal information such as residential address and government issued ID numbers.

Such websites are used to conduct advance fee fraud but may be utilized to steal personally identifiable data, username-password combinations, OTPs or infect a user’s device.

Who might be at risk?
DBS and POSB customers

How can you protect yourself from this?

  1. Always type in the URL of the DBS or POSB website.directly into the address bar of your browser.
  2. Check that you are using the official DBS or POSB website. To do this, go to the address bar of your web browser and look for the "padlock" icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never give out any sensitive personal information (including login passwords or one-time passwords) over the phone or email. Our staff will never ask you for such information.
  4. Hang up and call DBS directly if you are in any doubt of the call’s validity. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you receive such calls.
  5. Take note of any suspicious transactions. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.
  6. Customers are also encouraged to use the latest versions of internet browsers available. Using the latest browsers may provide advanced security features such as anti-phishing and forged website identification. If such features are available.

Phishing Alert

Date: 27 May 2018

Description: We have detected phishing emails and webpages targeting DBS customers. These phishing emails comes from a non DBS email address and requests customers click on a link to unlock their iBanking account.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a page requesting for a user’s information, credit card number and CVV followed by a request to provide an SMS OTP. Such websites are used to conduct card not present transactions but may also be utilized in order to steal personally identifiable data, username-password combinations, OTPs or infect a user’s device.

Who might be at risk?
DBS and POSB iBanking customers

How can you protect yourself from this?

  1. Always check that the email comes from a DBS address. DBS emails are sent from an @dbs.com email address.
  2. Check that you are using the official DBS website. Always type the DBS website URL directly into the address bar of your browser. You may also check that this is the official website by going to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Only provide your credit card details if you’re making a direct purchase. Always check that you intend to conduct a credit card transaction and do not provide an OTP to authorize payment if you are not.
  4. Always verify the details in messages from DBS. Always check that the message reflects your intended actions and do not proceed or authorize suspicious transactions.
  5. Take note of any suspicious transactions. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.

Phishing Alert

Date: 23 May 2018

Description: We have detected phishing websites targeting DBS and POSB customers and leading to a fake POSB Internet Banking login page.

Sample Websites are below:

hxxps://jungfernstieg[.]ga/secure/mas[.]go[.]com[.]sg/online insurance/posb/
hxxps://staromiejski[.]gq/secure/mas[.]go[.]com[.]sg/online
insurance/posb/
hxxps:// koepenicker[.]ml/secure/online insurance/mas[.]gov[.]com[.]sg/posb/index[.]html
hxxps:// kirchenplatz[.]ga/online insurance/mas[.]gov[.]com[.]sg/posb/index[.]html

Who might be at risk?
DBS and POSB iBanking customers

How can you protect yourself from this?

  1. Always type in the URL of the DBS or POSB website directly into the address bar of your browser.
  2. Check that you are using the official DBS or POSB website. To do this, go to the address bar of your web browser and look for the "padlock" icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Take note of any suspicious transactions. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.
  4. Customers are also encouraged to use the latest versions of internet browsers available. Using the latest browsers may provide advanced security features such as anti-phishing and forged website identification. If such features are available.

SMS Phishing Alert

Date: 19 May 2018

Description: We have detected phishing SMSs leading to phishing webpages targeting DBS customers.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a page requesting for user ID and pin combinations as well as credit card number, expiration date and CVVs. Such websites are used to conduct card not present transactions but may also be utilized in order to steal personally identifiable data or promote fraudulent applications.

Who might be at risk?
DBS iBanking customers

How can you protect yourself from this?

  1. Be alert. Minimize clicking on links in SMSs as these may not be legitimate.
  2. Check that you are using the official DBS website. Always type the DBS website URL directly into the address bar of your browser. If you are on mobile, consider using our official DBS Digibank applications.
  3. Never reply to unsolicited SMSs. Responses to such SMSs could be used by fraudsters to socially engineer information or trick users into performing unwanted actions.
  4. DBS will never request for your PIN, password or OTP through phone call, email or SMS. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.

DBS Phishing Email Alert

Date: 13 May 2018 (first posted on 12 Dec 2017)
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: We have detected phishing emails targeting DBS cardholder customers and containing links to phishing websites. Such phishing sites are designed to steal the customer's credit card information in order to conduct fraudulent transactions.

If a customer falls victim to this phishing email and clicks on the malicious link, they will be redirected to a non-DBS website requesting for credit card details and an OTP. A sample website is seen below:

hxxp[:]//dal-business-28.hostwindsdns.com/~bezakhja
hxxp[:]//yepnim.estate
hxxp[:]//hwsrv-269164.hostwindsdns.com
hxxp[:]//dal-business-28.hostwindsdns.com/~cpbvpoaf
hxxps[:]//sea-business-16[.]hostwindsdns[.]com/~hmzofvdj/
hxxp[:]//mohdyasin[.]tech/amstel/

Sample of the phishing email pretending to be sent from DBS.

Who might be at risk?
Customers

How can you protect yourself from this?

  1. Always type the DBS website URL directly into the address bar of your browser.
  2. Check that you are using the official DBS iBanking site. To do this, go to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing Alert

Date: 10 May 2018

Description: We have detected a phishing email and website targeting DBS customers and leading to a fake DBS Internet Banking login page. Such phishing sites are designed to steal customer details, logins, PINs and OTPs in order to perform fraudulent transactions.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a non-DBS website. Post login, the phishing page requests for an OTP before prompting for the customer to wait for fifteen minutes

Sample Websites are below:

hxxp://190[.]14[.]38[.]131/itssl/?ln=activate.dbs&tk=

hxxp://activate[.]dbs[.]online-client[.]services/?tk=

Who might be at risk?
DBS and POSB iBanking customers

How can you protect yourself from this?

  1. Always type in the URL of the DBS or POSB website directly into the address bar of your browser.
  2. Check that you are using the official DBS or POSB website. To do this, go to the address bar of your web browser and look for the "padlock" icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Responses to such emails could be used by fraudsters to socially engineer information or trick users into performing unwanted actions.
  4. DBS will never request for your PIN, password or OTP through a phone call or SMS. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.
  5. Customers are also encouraged to use the latest versions of internet browsers available. Using the latest browsers may provide advanced security features such as anti-phishing and forged website identification. If such features are available.

Phishing Alert

Date: 30 April 2018

Description: We have detected a phishing email and webpages targeting DBS customers. These phishing emails came from a non DBS email address and purport to be an official DBS survey.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a page purporting to be an official DBS survey and requesting for a user’s information, credit card number and CVV followed by a request to provide an SMS OTP. Such websites are used to conduct card not present transactions but may also be utilized in order to steal personally identifiable data, username-password combinations, OTPs or infect a user’s device.

Who might be at risk?
DBS iBanking customers

How can you protect yourself from this?

  1. Always type in the URL of the DBS or POSB website directly into the address bar of your browser.
  2. Check that you are using the official DBS website. Always type the DBS website URL directly into the address bar of your browser. You may also check that this is the official website by going to the address bar of your web browser and look for the "padlock" icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Always verify the details in messages from DBS. Always check that the message reflects your intended actions and do not proceed or authorize suspicious transactions.
  4. Never reply to unsolicited emails. Responses to such emails could be used by fraudsters to socially engineer information or trick users into performing unwanted actions.
  5. Customers are also encouraged to use the latest versions of internet browsers available. Using the latest browsers may provide advanced security features such as anti-phishing and forged website identification. If such features are available.

Phishing Alert

Date: 03 May 2018
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: We have detected a phishing website targeting POSB customers and mimicking POSB Internet Banking login page. Such phishing sites are designed to steal customer details, logins, PINs and OTPs in order to perform fraudulent transactions.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a non-POSB website.

Sample Websites are below:

hxxp[:]//dal-business-28.hostwindsdns.com/~bezakhja
hxxp[:]//yepnim.estate
hxxp[:]//hwsrv-269164.hostwindsdns.com
hxxp[:]//dal-business-28.hostwindsdns.com/~cpbvpoaf
hxxps[:]//sea-business-16[.]hostwindsdns[.]com/~hmzofvdj/
hxxp[:]//mohdyasin[.]tech/amstel/

Who might be at risk?
DBS and POSB iBanking customers

How can you protect yourself from this?

  1. Always type in the URL of the DBS or POSB website directly into the address bar of your browser.
  2. Check that you are using the official DBS or POSB website. To do this, go to the address bar of your web browser and look for the "padlock" icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing Alert

Date: 30 April 2018
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: We have detected a phishing email targeting DBS customers. These phishing emails came from a non DBS email address and purport to be an official DBS survey. Such emails often link to malicious pages in order to steal personally identifiable data, username-password combinations, OTPs or infect a user’s device.

Who might be at risk?
DBS iBanking customers

How can you protect yourself from this?

  1. Always check that the email comes from a DBS address. DBS emails are sent from an @dbs.com email address.
  2. Check that you are using the official DBS website. Always type the DBS website URL directly into the address bar of your browser. You may also check that this is the official website by going to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phone Scam Alert

Date: 02 April 2018
Threat Type: Phishing Calls / Vishing
Alert Level: Amber
Criticality: Low

Description: We have detected a phishing campaign targeting DBS customers and Singaporean residents with automated phone calls. These calls claim that a customer’s account is disabled and request for the customer to follow a sequence of instructions before being routed to an individual impersonating a DBS staff member.

Such phone scams are designed to trick customers into divulging sensitive information such as logins, PINs, OTPs or credit card details or to conduct advance fee fraud.

Who might be at risk?
DBS iBanking customers

How can you protect yourself from this?

  1. Be alert. Do not provide personal or bank information to unsolicited callers.
  2. Never give out any sensitive personal information (including login passwords or one-time passwords) over the phone or via email. Our staff will never ask you for such information.
  3. Hang up and call DBS directly if you are in any doubt of the call’s validity. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you receive such calls.

Phishing Alert

Date: 23 March 2018
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: We have detected a phishing website targeting DBS customers and mimicking DBS’s Internet Banking login page. Such phishing sites are designed to steal customer details, logins, PINs, OTPs and credit card details in order to perform unauthorised, fraudulent transactions.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a non-DBS website.

Sample of the phishing email pretending to be sent from DBS.

Who might be at risk?
DBS iBanking customers

How can you protect yourself from this?

  1. Always type in the URL of DBS website directly into the address bar of your browser.
  2. Check that you are using the official DBS website. To do this, go to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing Alert

Date: 08 March 2018
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: We have detected phishing emails being sent to DBS customers informing them of a ‘login format change’ and requesting them to click on a link to update their details. Once the link is clicked, the customer will be redirected to a phishing site asking for his iBanking login ID, password, credit card, and other personal information. Such information may then be used by the attacker to perform fraudulent transactions.

A sample website is seen below:

URL: hxxp[:]//190.14.38.22:8443/redirect.secure-forms[.]com/?id=xqgkhox6u6gk35o7eofuwvp0pv9s007v&url=online.dbs
Redirect to: hxxps[:]//online.dbs.secure-form[.]services/?id=xqgkhox6u6gk35o7eofuwvp0pv9s007v

Sample of the phishing email pretending to be sent from DBS.

Who might be at risk?
DBS iBanking customers

How can you protect yourself from this?

  1. Always type in the URL of DBS website directly into the address bar of your browser.
  2. Check that you are using the official DBS website. To do this, go to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing Alert

Date: 27 January 2018
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: We have detected a phishing website targeting DBS customers and mimicking DBS’s Internet Banking login page. Such phishing sites are designed to steal customer details, logins, PINs and OTPs in order to perform unauthorised, fraudulent transactions.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a non-DBS website.


Who might be at risk?
DBS iBanking customers

How can you protect yourself from this?

  1. Always type in the URL of DBS website directly into the address bar of your browser.
  2. Check that you are using the official DBS website. To do this, go to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Malware Alert

Date: 23 January 2018
Threat Type: Malware
Alert Level: Amber
Criticality: Low

Description: There are emails with malicious attachments and links being circulated to banking customers. These emails claim to represent DBS and are disguised as a "Payment on behalf of customer" and informing recipients that they have received a deposit. These emails may contain malicious attachments and links. Opening these links and attachments trigger malware designed to steal passwords and other personal information, and virtual currencies found in wallets on PCs.

See sample of the email below. Customers are assured that DBS is not the source of this email and are reminded not to click on attachments from suspicious origin. Do not open attachments with the extension name ‘.exe’ or ‘.ace’. DBS will never send executable files (.exe) or Ace Compressed Archive (.ace) files to its customers.

Who might be at risk?
Customers with iBanking accounts

How can you protect yourself from this?

You are reminded to remain cautious when banking online:

  1. Be careful when opening attachments (especially files with extension name ‘exe’ and ‘ace’) if you have not verified its source or sender. Remember that DBS will never send executable or Ace Compressed Archive files to its customers.
  2. Protect your computer by using anti-virus and anti-spyware software that are set to perform automatic updates daily.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Mobile Malware Alert

Date: 21 Dec 2017
Threat Type: Android malware - Catelites
Alert Level: Amber
Criticality: Low

Description: We've discovered a new variant of Catelites malware that may affect users of DBS and POSB mobile applications such as:

  • DBS digibank
  • POSB digibank
  • DBS IDEAL
  • DBS digibank India
  • DBS PayLah!
  • DBS mBanking Hong Kong
  • DBS mBanking
  • POBS mBanking
  • DBS Quick Credit
  • DBS Marketwatch HK
  • DBS Loans HK
  • DBS Compass Rewards



This malware targets users using Android mobile devices and first installs an app called System Application before masquerading as a fraudulent Gmail, Google Play, and Chrome application. This malware could be spread through other malicious apps, third party mobile websites, and malicious advertising on sites or in games.

Once the application is installed, System Application repeatedly requests for administrator permissions and for System Application as the default messaging app until granted. After permissions are given, the application downloads fraudulent Gmail, Google Play, and Chrome applications while displaying a permanent notification in Android’s notification screen to log into the user’s banking account.

Signs of an infected mobile device may include (but are not limited to) the following:

  • Unusual disruptions to a mobile device’s performance;
  • Permanent notifications requesting for a specific action;
  • Application asking for special permissions that the application should not need, such as screen capture permissions or assigning the application as the default SMS app;
  • Sudden device shutdown;
  • Inability to remove the Trojan from the administrator list or from the device without being in safe boot.

Victims might see the following after being prompted to download and install the malware:

  1. Pop-up screens appear prompting the victim to install an application. The application requests for administrator permissions and prevents the user from using the device until the appropriate permissions are granted.
  2. Once the application has control of the device, legitimate applications may have a fake overlay placed on top to steal the victim’s bank login requests and credit card details. This page may appear to be legitimate.
  3. Missing OTPs after an appropriate wait for a bank OTP - OTPs sent to the infected device are hijacked, sent to the malicious attacker before being deleted, compromising the user’s bank details.

Who might be at risk?
Customers using DBS and POSB’s mobile applications

How can you protect yourself from this?

Victims of Catelites are advised to perform a factory reset of their device.

However, if you are unable to perform the reset, you may wish to perform the following actions:

  1. Boot your Android device into safe mode
  2. Go to the list of administrators and remove administrative permissions from the Trojan.
  3. Restart the device and conduct an anti-virus scan using a reputable, official anti-virus provider.
  4. Check to ensure that the malware has been removed from your device.

DBS and POSB digibank applications remain secure and are not the source of this malware. You are reminded to remain cautious when banking online:

  1. Be alert. Do not provide your user ID or pin and other sensitive information if you did not initiate any activity. Be cautious especially if a screen on your mobile device suddenly pops up and asks for your information, even if you did not open your applications or initiate any activity.
  2. Install the latest software updates on your mobile devices. When installing applications, be mindful of the permissions granted (i.e. think if the permissions are really necessary).
  3. Do not download or install any applications on your mobile device unless they are from authentic sources (Apple App Store or Google Play Store). If you are prompted to install any applications or plugins outside of the authentic stores, it is strongly recommended that to search within the authentic stores for that application.
  4. Do not enter any challenge code into your security device if you did not perform any financial transaction(s) in your account. Please note that during the login process, DBS will never ask for "Sign 1" of your iBSecure Device nor ask you to input a Challenge/Response.
  5. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.

DBS Phishing Email Alert

Date: 12 Dec 2017
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: We have detected phishing emails targeting DBS cardholder customers and containing links to phishing websites. Such phishing sites are designed to steal the customer's credit card information in order to conduct fraudulent transactions.

If a customer falls victim to this phishing email and clicks on the malicious link, they will be redirected to a non-DBS website requesting for credit card details and an OTP. A sample website is seen below:

hxxps://dal-shared-22.hostwindsdns.com/~oxfotwtl/DBS

Sample of the phishing email pretending to be sent from DBS.

Who might be at risk?
Customers

How can you protect yourself from this?

  1. Always type the DBS website URL directly into the address bar of your browser.
  2. Check that you are using the official DBS iBanking site. To do this, go to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

DBS Malicious Email Alert

Date: 07 Nov 2017
Threat Type: Malware/Phishing
Alert Level: Amber
Criticality: Low

Description: There are emails with malicious attachments and links being circulated to banking customers. These emails claim to represent DBS and are disguised as “Transaction Advice” emails. These emails contain a malicious zip file with a .jar, .exe or .ace file within. Opening the attachments trigger malware designed to steal passwords, personal information, or financial information.

Sample of the phishing email pretending to be sent from DBS.

Who might be at risk?
Customers

How can you protect yourself from this?

You are reminded to remain cautious when banking online:

  1. Be careful when opening attachments (especially files with extension name ‘zip’, ‘jar’, ‘exe’ and ‘ace’) if you have not verified its source or sender. Remember that DBS will never send executable or ace compressed archive files to its customers.
  2. Protect your computer by using anti-virus and anti-spyware software and update them daily.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Mobile Malware Alert

Date: 03 August 2017
Threat Type: Android malware - BankBot
Alert Level: Amber
Criticality: Low

Description: We've discovered a new variant of Bankbot malware that may affect users of the following DBS and POSB mobile applications:

  • DBS Digibank
  • POSB Digibank
  • DBS PayLah
  • DBS mBanking Hong Kong
  • DBS Business Class
  • DBS Quick Credit

This malware targets users using Android mobile devices and often masquerades as a legitimate sounding application such as Adobe Flash Player, Play Market Update, MMS Flash Player or Game Launcher. This malware could be spread through other malicious apps, websites, and malicious advertising on sites or in games, which prompts a user to download and install the application.

Once the application is installed, it requests for Google Accessibility Services permissions, begins to capture the user’s screen as well as forcing the victim to use it as the default SMS application. This malware is also able to grant itself new accesses without user intervention and prevents users from removing its administration permissions or uninstalling it.

Signs of an infected mobile device may include (but are not limited to) the following:

  • Unusual disruptions to a mobile device’s performance;
  • Application asking for special permissions that the application should not need, such as screen capture permissions or assigning the application as the default SMS app
  • Sudden device shutdown
  • Inability to remove the Trojan from the administrator list or from the device without being in safe boot

Victims might see the following after being prompted to download and install the malware:

  1. Pop-up screens appear prompting the victim to install an application. The application requests for Google Service permissions as well as administrator permissions prevents the user from using the device until the appropriate permissions are granted.
  2. Once the application has control of the device, legitimate applications may have a fake overlay placed on top to steal the victim’s bank login requests. This page may appear to be legitimate. The malicious application may insert fake pages to steal a victim’s information such as mobile numbers, bank card details or passwords.
  3. Missing OTPs after an appropriate wait for a bank OTP - OTPs sent to the infected device are hijacked, sent to the malicious attacker before being deleted, compromising the user’s bank details.

Who might be at risk?
Customers using DBS and POSB’s mobile applications

How can you protect yourself from this?

Victims of Bankbot are advised to perform a factory reset of their device.

However, if you are unable to perform the reset, you may wish to perform the following actions:

  1. Boot your Android device into safe mode
  2. Go to the list of administrators and remove administrative permissions from the Trojan.
  3. Restart the device and conduct an anti-virus scan using a reputable, official anti-virus provider.
  4. Check to ensure that the malware has been removed from your device.

DBS and POSB digibank applications remain secure and are not the source of this malware. You are reminded to remain cautious when banking online:

  1. Be alert. Do not provide your user ID or pin and other sensitive information if you did not initiate any activity. Be cautious especially if a screen on your mobile device suddenly pops up and asks for your information, even if you did not open your applications or initiate any activity.
  2. Install the latest software updates on your mobile devices. When installing applications, be mindful of the permissions granted (i.e. think if the permissions are really necessary).
  3. Do not download or install any applications on your mobile device unless they are from authentic sources (Apple App Store or Google Play Store). If you are prompted to install any applications or plugins outside of the authentic stores, it is strongly recommended that to search within the authentic stores for that application.
  4. Do not enter any challenge code into your security device if you did not perform any financial transaction(s) in your account. Please note that during the login process, DBS will never ask for "Sign 1" of your iBSecure Device nor ask you to input a Challenge/Response.
  5. Call us immediately at 1800 222 2222 (Business Banking), if you notice unknown transactions appearing on your account.

Malware Alert

Date: 03 July 2017
Threat Type: Malware
Alert Level: Amber
Criticality: Low

Description: There are emails with malicious attachments and links being circulated to banking customers. These emails claim to represent DBS and are disguised as “Bank Fund Transfers”. These emails contain malicious attachments and links. Opening these links and attachments trigger malware designed to steal passwords and other personal information, and virtual currencies found in wallets on PCs.

See sample of the email below. Customers are assured that DBS is not the source of this email and are reminded not to click on attachments from suspicious origin. Do not open attachments with the extension name ‘.exe’ or ‘.ace’. DBS will never send executable files (.exe) or Ace Compressed Archive (.ace) files to its customers.

Who might be at risk?
Customers

How can you protect yourself from this?

You are reminded to remain cautious when banking online:

  1. Be careful when opening attachments (especially files with extension name ‘exe’ and ‘ace’) if you have not verified its source or sender. Remember that DBS will never send executable or ace compressed archive files to its customers.
  2. Protect your computer by using anti-virus and anti-spyware software and update them daily.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Fake Bank Alert

Date: 30 June 2017
Threat Type: Fake Bank
Alert Level: Green
Criticality: Low

Description: We have detected a fake banking website purporting to be DBS Bank. This fake bank used DBS’s name, logo and images. Such sites are designed to trick customers into providing their personal information and banking credentials or to conduct advance fee fraud scams.

Customers are advised that this website is not a legitimate DBS website.

Who might be at risk?
DBS customers

How can you protect yourself from this?

  1. Always type in the URL of DBS website directly into the address bar of your browser..
  2. Check that you are using the official DBS website. To do this, go to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2222 (Business Banking), if you receive any DBS emails which you are unsure of. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.
Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing Alert

Date: 12 May 2017
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: We have detected phishing emails targeting DBS IDEAL customers and containing links to phishing websites posing as DBS IDEAL’s website. Such phishing sites are designed to steal the customer's login and authorisation credentials (such as Organisation ID, User ID, PIN, and Security Access Code) and other information to perform unauthorised, fraudulent transactions.

If the customer falls victim to the phishing email and clicks on the link, they will be redirected to a non-DBS website. A sample website is seen below:

hxxp://www.craig-hallum[.]ga/sgg/1/login[.]htm

Customers are assured that the DBS IDEAL website remains secure.

Who might be at risk?
DBS IDEAL customers

How can you protect yourself from this?

  1. Always type the DBS website URL directly into the address bar of your browser.
  2. Check that you are using the official DBS IDEAL site. To do this, go to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2222 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.
Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing Alert

Date: 21 March 2017
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: We have detected a phishing site attempting to obtain customer’s credit card details. Such sites trick customers into providing their account and credit card details, including credit card expiry dates and CVVs. Such information may be used to perform Card Not Present Transactions.

A customer will see the following page if they are tricked into visiting this website:

Customers are assured that the DBS Internet Banking and DBS IDEAL websites remain secure.

Who might be at risk?
DBS credit and debit card customers

How can you protect yourself from this?

  1. Always type in the URL of DBS website directly into the address bar of your browser.
  2. Check that you are using the official DBS IDEAL site. To do this, go to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2222 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.
Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Fake Bank Alert

Date: 02 March 2017
Threat Type: Fake Bank
Alert Level: Green
Criticality: Low

Description: We have detected a fake banking website purporting to be DBS Bank. This fake bank used DBS’s name, logo and images. Such sites are designed to trick customers into providing their personal information and banking credentials or to conduct advance fee fraud scams.

Customers are advised that this website is not a legitimate DBS website.



Who might be at risk?
DBS customers

How can you protect yourself from this?

  1. Always type in the URL of DBS website directly into the address bar of your browser.
  2. Check that you are using the official DBS website. To do this, go to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2222 (Business Banking), if you receive any DBS emails which you are unsure of. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.
Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Malware Alert

Date: 31 January 2017
Threat Type: Malware
Alert Level: Amber
Criticality: Low

Description: There are emails with malicious attachments and links being circulated to banking customers. These emails claim to represent DBS and is disguised as a "bank transfer email" informing recipients that they received a deposit. These emails may contain malicious attachments and links. Opening these links and attachments trigger malware designed to steal passwords and other personal information, and virtual currencies found in wallets on PCs.

The common subjects used in the email include the following:

  • Online wire transfer payment notification
  • Payment update
  • Swift copy
  • Wire Transfer Payment

See sample of the email below. Customers are assured that DBS is not the source of this email and are reminded not to click on attachments from suspicious origin. Do not open attachments with the extension name ‘.exe’ or ‘.ace’. DBS will never send executable files (.exe) or Ace Compressed Archive (.ace) files to its customers.

Phishing email

Phishing email

Who might be at risk?
Customers with iBanking accounts

How can you protect yourself from this?

You are reminded to remain cautious when banking online:

  1. Be careful when opening attachments (especially files with extension name ‘exe’ and ‘ace’) if you have not verified its source or sender.Remember that DBS will never send executable or ace compressed archive files to its customers.
  2. Protect your computer by using anti-virus and anti-spyware software that are set to perform automatic updates daily.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2222 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Malware Alert

Date: 23 February 2017
Threat Type: Malware (Trickbot)
Alert Level: Amber
Criticality: Low

Description: We have discovered a new variant of Trickbot malware that may affect users of the DBS Internet Banking and DBS IDEAL website. This malware is spread through phishing emails with malicious attachments or through malicious online advertisements. When the said malicious attachment or online advertisement is opened or viewed, the malware infects the customers’ computers or devices.

Once customers’ computers or devices are infected, the malware will overlay itself on the official DBS and DBS IDEAL pages in an attempt to steal the customers’ login and authorisation credentials such as User ID, PIN, DBS iB Secure PIN, SMS OTP. If you see any suspicious requests for information from the DBS portal, your computer or device may be infected with this malware. You are advised not to proceed with any transactions until your computer or device has been checked and disinfected.

Users may experience slow page loading and see a “Please wait…” message after clicking on the login button.

A sample of a “Please wait…” message on DBS Internet Banking and DBS IDEAL

Phishing email

Phishing email

Customers are assured that the DBS Internet Banking and DBS IDEAL websites remain secure and are not the source of this malware.

Who might be at risk?
iBanking or IDEAL customers

How can you protect yourself from this?

  1. Be alert. Do not download or open attachments found in suspicious emails and do not reply to the suspicious sender.
  2. Protect your computer by using anti-virus and anti-spyware software that are set to perform automatic updates daily.
  3. Validate your actions. DBS will never ask for “Sign 1” of your iB Secure Device nor input a Challenge/Response. Never enter a challenge code into your security device if you have not performed any financial actions in your account and always validate that messages you’ve received reflect your actual transaction requests. For example, check that the account number is correct.
Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Malware Alert

Date: 31 January 2017
Threat Type: Malware
Alert Level: Amber
Criticality: Low

Description: There are emails with malicious attachments and links being circulated to banking customers. These emails claim to represent DBS and is disguised as a "bank transfer email" informing recipients that they received a deposit. These emails may contain malicious attachments and links. Opening these links and attachments trigger malware designed to steal passwords and other personal information, and virtual currencies found in wallets on PCs.

The common subjects used in the email include the following:

  • Online wire transfer payment notification
  • Payment update
  • Swift copy
  • Wire Transfer Payment

See sample of the email below. Customers are assured that DBS is not the source of this email and are reminded not to click on attachments from suspicious origin. Do not open attachments with the extension name ‘.exe’ or ‘.ace’. DBS will never send executable files (.exe) or Ace Compressed Archive (.ace) files to its customers.

Phishing email

Phishing email

Who might be at risk?
Customers with iBanking accounts

How can you protect yourself from this?

You are reminded to remain cautious when banking online:

  1. Be careful when opening attachments (especially files with extension name ‘exe’ and ‘ace’) if you have not verified its source or sender.Remember that DBS will never send executable or ace compressed archive files to its customers.
  2. Protect your computer by using anti-virus and anti-spyware software that are set to perform automatic updates daily.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2222 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing Alert

Date: 06 February 2017
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: We have detected a phishing emails targeting DBS IDEAL customers and containing links to phishing websites posing as DBS IDEAL’s website. Such phishing sites are designed to steal the customer's login and authorization credentials (such as Organization ID, User ID, PIN, and Security Access Code) and other information to perform unauthorized, fraudulent transactions.

If the customer falls victim to the phishing email and clicks on the link, they will be redirected to any of the phishing websites below:

hxxp://logistik[.]gr/dbop/1/login[.]htm

hxxp://tugill[.]com/wz/1/login[.]htm

hxxp://howtomastersite[.]com/zpp/2/login[.]htm

hxxp://pearlscorniche[.]com/yg/1/login[.]htm

hxxp://rimemagic[.]com/mmp/1/login[.]htm

Phishing email

Phishing email

Phishing email

Phishing email

Who might be at risk?
DBS IDEAL customers

How can you protect yourself from this?

  1. Always type in the URL of DBS website directly into the address bar of your browser.
  2. Check that you are using the official DBS IDEAL site. To do this, go to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2222 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.
Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Malware Alert

Date: 31 January 2017
Threat Type: Malware
Alert Level: Amber
Criticality: Low

Description: There are emails with malicious attachments and links being circulated to banking customers. These emails claim to represent DBS and is disguised as a "bank transfer email" informing recipients that they received a deposit. These emails may contain malicious attachments and links. Opening these links and attachments trigger malware designed to steal passwords and other personal information, and virtual currencies found in wallets on PCs.

The common subjects used in the email include the following:

  • Online wire transfer payment notification
  • Payment update
  • Swift copy
  • Wire Transfer Payment

See sample of the email below. Customers are assured that DBS is not the source of this email and are reminded not to click on attachments from suspicious origin. Do not open attachments with the extension name ‘.exe’ or ‘.ace’. DBS will never send executable files (.exe) or Ace Compressed Archive (.ace) files to its customers.

Phishing email

Phishing email

Who might be at risk?
Customers with iBanking accounts

How can you protect yourself from this?

You are reminded to remain cautious when banking online:

  1. Be careful when opening attachments (especially files with extension name ‘exe’ and ‘ace’) if you have not verified its source or sender.Remember that DBS will never send executable or ace compressed archive files to its customers.
  2. Protect your computer by using anti-virus and anti-spyware software that are set to perform automatic updates daily.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2222 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Malware Alert

Date: 8 Dec 2016
Threat Type: Malware (Trickbot)
Alert Level: Amber
Criticality: Low

Description: We have discovered variants of Trickbot malware that may affect users of the DBS Internet Banking and DBS Ideal website. This malware is spread through phishing emails with malicious attachments or through malicious online advertisements. When the said malicious attachment or online advertisement is opened or viewed, the malware infects the customers’ computers or devices.

Once customers’ computers or devices are infected, the malware will attempt to steal the customers’ login and authorisation credentials such as User ID, PIN, DBS iB Secure PIN, SMS OTP. If you see any suspicious requests for information from the DBS portal, your computer or device may be infected with this malware. You are advised not to proceed with any transactions until your computer or device has been checked and disinfected.

Customers are assured that the DBS Internet Banking and DBS IDEAL websites remain secure and are not the source of this malware.

Who might be at risk?
iBanking or IDEAL customers

How can you protect yourself from this?

  1. Be alert. Do not download or open attachments found in suspicious emails and do not reply to the suspicious sender.
  2. Protect your computer by using anti-virus and anti-spyware software that are set to perform automatic updates daily.
  3. Validate your actions. DBS will never ask for “Sign 1” of your iB Secure Device nor input a Challenge/Response. Never enter a challenge code into your security device if you have not performed any financial actions in your account and always validate that messages you’ve received reflect your actual transaction requests. For example, check that the account number is correct.
Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing Alert

Date: 21 November 2016
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: There’s a new phishing email targeting DBS customers, which contains a link to a phishing website posing as the DBS website. The email warns customers of supposedly locked out iBanking accounts, prompting the recipient to click on the link “to restore iBanking access” but actually redirects to the phishing site. Phishing sites like these are designed to steal credit card-related information, customer user IDs, PINs, one time PINs (such as iB Secure PIN) and other personal information that can also perform fraudulent transactions under the customer’s name.

If the customer falls victim to the phishing email and clicks on the link, he will be redirected to the phishing website below:

  • http://alexschultz.com/dbo/1/login.htm
Phishing email

Who might be at risk?
Customers with iBanking accounts

How can you protect yourself from this?

  1. Be alert. Always review the SMS alerts from DBS and call us immediately if you receive any suspicious SMS. Do not provide your user ID or PIN and other sensitive information if you did not initiate any activity.
  2. Always type in the URL of DBS website directly into the address bar of your browser.
  3. Check that you are using the official DBS / POSB website. To do this, go to the address bar of your web browser and look for the "padlock" icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing Alert

Date: 18 November 2016
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: We have detected a phishing email targeting DBS customers, which contains a link to phishing websites posing as the DBS website. These phishing sites are designed to steal credit card-related information, customer user IDs, PINs, one time pins (such as iB Secure PIN) and other personal information that can also perform fraudulent transactions under the customer's name.

If the customer falls victim to the phishing email and clicks on the link, he will be redirected to any of the phishing websites below:

  • hXXp://www[.]coatofarmspost[.]com/pro/2/login.htm
  • hXXp://www[.]coatofarmspost[.]com/pro/11/login.htm
Phishing email

Who might be at risk?
Customers with iBanking accounts

How can you protect yourself from this?

  1. Be alert. Always review the SMS alerts from DBS and call us immediately if you receive any suspicious SMS. Do not provide your user ID or PIN and other sensitive information if you did not initiate any activity.
  2. Always type in the URL of DBS website directly into the address bar of your browser.
  3. Check that you are using the official DBS / POSB website. To do this, go to the address bar of your web browser and look for the "padlock" icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing and Fake DBS Website Alert

Date: 16 November 2016
Threat Type: Phishing and Fake Website
Alert Level: Green
Criticality: Low

Description: There are fake websites found in the Internet (see screenshots below) pretending to be the DBS HK and DBS SG websites. The following websites are potential phishing sites - posing as the DBS website and are designed to steal customer IDs, Pins and one time passwords. The sites are spread through malicious or phishing emails sent to customers.

  • 'https://hk-dbs.asia/en/' (posing as DBS HK website)
  • "http://millenniumhomehealth.com/wp-includes/certificates/bundle.html" and "http://90recruits.com/wp-admin/maint/dbs/index.html" (posing as DBS SG website)
Malicious Email Alert

Who might be at risk?
Customers with iBanking accounts

How can you protect yourself from this?
You are reminded to remain cautious when banking online:

  1. Always type in the URL of DBS website directly into the address bar of your browser.
  2. Check that you are using the official DBS / POSB iBanking site. To do this, go to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2222 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing and Fake DBS Website Alert

Date: 16 November 2016
Threat Type: Phishing and Fake Website
Alert Level: Green
Criticality: Low

Description: There are fake websites found in the Internet (see screenshots below) pretending to be the DBS HK and DBS SG websites. The following websites are potential phishing sites - posing as the DBS website and are designed to steal customer IDs, Pins and one time passwords. The sites are spread through malicious or phishing emails sent to customers.

  • 'https://hk-dbs.asia/en/' (posing as DBS HK website)
  • "http://millenniumhomehealth.com/wp-includes/certificates/bundle.html" and "http://90recruits.com/wp-admin/maint/dbs/index.html" (posing as DBS SG website)
Malicious Email Alert

Who might be at risk?
Customers with iBanking accounts

How can you protect yourself from this?
You are reminded to remain cautious when banking online:

  1. Always type in the URL of DBS website directly into the address bar of your browser.
  2. Check that you are using the official DBS / POSB iBanking site. To do this, go to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2222 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing Alert

Date: 11 November 2016
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: We have detected a phishing email being sent to DBS customers claiming to be from DBS eAdvice (DBSeAdvice@dbs.com) which contains a link to phishing websites purporting to be Singnet’s website. This phishing site is designed to steal customer user IDs and password, and other personal information which can allow the phisher to perform fraudulent transactions under the customer's name.

Sample of the phishing email pretending to be sent from DBS.
Malicious Email Alert

Who might be at risk?
Customers with iBanking accounts

How can you protect yourself from this?

  1. Be alert. Always review the SMS alerts from DBS and call us immediately if you receive any suspicious SMS. Do not provide your user ID or PIN and other sensitive information if you did not initiate any activity.
  2. Do not provide your user ID and or pin or any sensitive information to unverified websites.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2222 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

DBS Malicious Email Alert

Date: 30 June 2016
Threat Type: Malware/Phishing
Alert Level: Amber
Criticality: Low

Description: There is a malicious email campaign targeting DBS customers. The email is from a fake email account "DBSAdvice@dbs.com" and contains "Transaction Advice" as the subject. The email has a zip file attachment which contains a malware. When the said malicious attachment is opened, the malware infects the customers' computers or devices to steal the customers' login and authorisation credentials such as (User ID, PIN, DBS iB Secure PIN, SMS OTP and so on).

Sample of the phishing email pretending to be sent from DBS.
Malicious Email Alert

Who might be at risk?
iBanking or IDEAL customers

How can you protect yourself from this?

  1. Be alert. Do not download or open attachments found in suspicious emails and do not reply to the sender either.
  2. Protect your computer by using an anti-virus software and anti-spyware software that are set to perform automatic updates daily.
  3. Do not reveal or provide your iBanking/IDEAL username, password or token PIN to anyone.

Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.


Parcel Phone Scam Alert

Date: 1 June 2016
Threat Type: Phishing Calls

Description: A phishing campaign is targeting Singapore residents with automated phone calls. The calls start with an automated voice message in Mandarin, claiming to be a courier company and that their parcel had not been picked up. The call recipient is then directed to enter “0” or “9”. This connects them to a Mandarin-speaking person posing as a courier staff member who will claim that the parcel held contains prohibited items e.g. fake passports or weapons. The alleged staff member will request personal and/or bank information, or transfer the call to another person who will claim to be a customs or police officer. This person will in turn request personal and/or bank information or instruct the call recipient to remit money to an overseas bank account to avoid action from authorities.

Who might be at risk?
Customers with DBS accounts.

How can you protect yourself from this?

  1. Be alert. Do not provide personal or bank information or remit money based on the advice of unsolicited callers.
  2. Never give out any sensitive personal information (including login passwords or one-time passwords) over the phone or via email. Our staff will never ask you for such information.
  3. Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you receive such calls or have disclosed your personal or bank information to unsolicited callers.
  4. For more information on such scams, please visit the following links:

Phone Scam Alert

Date: 20 April 2016
Threat Type: Phishing Calls

Description: A phishing campaign is targeting Singapore residents with automated phone calls. The calls start with an automated voice message in English or Mandarin, claiming to be from DBS Bank and that an urgent message awaits them. The call recipient is then directed to enter “0” or “1”. This connects them to a Mandarin-speaking person posing as a DBS staff member who will claim there were credit cards applied for in their name and that they owe money to a Shanghai company. When the customer states they did not apply for the credit card, the alleged staff member will request personal and/or bank information, or transfer the call to another person who will claim to be a Shanghai police officer and request personal and/or bank information.

Who might be at risk?
Customers with DBS accounts.

How can you protect yourself from this?

  1. Be alert. Do not provide personal or bank information to unsolicited callers.
  2. Never give out any sensitive personal information (including login passwords or one-time passwords) over the phone or via email. Our staff will never ask you for such information.
  3. Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you receive such calls or have disclosed your personal or bank information to unsolicited callers.

Phishing Alert

Date: 25 February 2016
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: We have detected a phishing email targeting DBS customers, which contains a link to phishing websites posing as the DBS website. These phishing sites are designed to steal credit card-related information, customer user IDs, PINs, one time passwords and other personal information such as NRICs and mobile phone numbers and can also perform fraudulent transactions under the customer’s name.

If the customer falls victim to the phishing email and clicks on the link, he will be redirected to any of the phishing websites below:

  • http://mikromax.com.tr/ckfinder/core/db/index.htm
  • http://mikromax.com.tr/ckfinder/core/db2/index.htm
  • http://poppart.pl/ds/index.php
  • http://poppart.pl/ds/l/1.htm
  • http://poppart.pl/ds/l/2.htm
  • http://spojmontbrno.cz/kl/l/1.htm
  • http://spojmontbrno.cz/kl/l/2.htm
  • http://www.emailmeform.com/builder/form/fFfczr8b04E7Xsb7aYd

Malware Alert

Who might be at risk?
Customers with iBanking accounts

How can you protect yourself from this?

  1. Be alert. Always review the SMS alerts from DBS and call us immediately if you receive any suspicious SMS. Do not provide your user ID or PIN and other sensitive information if you did not initiate any activity.
  2. Always type in the URL of DBS website directly into the address bar of your browser.
  3. Check that you are using the official DBS / POSB website. To do this, go to the address bar of your web browser and look for the "padlock" icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.

Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.


Malware Alert

Date: 19 January 2016
Threat Type: Malware (Tinba)
Alert Level: Amber
Criticality: Low

Description: A malware campaign targeting banks in Asia called “Tinba” (or Tiny Banker, designed to steal banking credentials) has been recently discovered. Tinba is an online banking Trojan malware which targets retail and corporate accounts held with major banks, including banks in Singapore. It is spread primarily through malicious emails/advertisements using popular exploit kits such as Neutrino, Angler or Nuclear.

Once a customer's computer or device is infected with Tinba, it will attempt to steal his banking credentials (such as User ID, PIN, OTP from SMS or iB Secure Device, etc.) by altering the login flow of the internet banking site like DBS Internet Banking.

Here’s how the real DBS Internet Banking looks like as compared to how it will be, when used on a computer infected with Tinba:

Malware Alert

Who might be at risk?
Customers with iBanking accounts

How can you protect yourself from this?
You are reminded to remain cautious when banking online:

  1. Do not enter any challenge code into your security device if you did not perform any financial transaction(s) in your account. Please note that during the login process, DBS will never ask for "Sign 1" of your iB Secure Device nor ask you to input a Challenge/Response.
  2. Read the transaction details in the SMS or email alerts carefully. Validate that the messages reflect your actual transaction requests. For example, check that the account number is correct.
  3. Protect your computer from being infected by using anti-virus software and updating it with the latest anti-virus signature.

Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you encounter any of the following situations:

  1. receive SMS or email for transactions that you did not perform or account number that you do not know
  2. experience difficulty accessing your account after you have entered your credentials or see repeated login pages asking for your login details
  3. see unfamiliar banking processes/messages such as “Secure token validation”, "Security verification in progress" or "Please wait…"

DBS Phishing Email Alert

Date: 12 November 2015
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: There is a phishing email targeting DBS customers which contains a link to the websites http://guhanka.esy.es/update_dbs/index.php or http://jobberlinkx.esy.es/update_dbs/index.html. These are phishing websites posing as a DBS website, designed to steal customer user IDs, PINs, one time passwords and other personal information such as NRICs and mobile phone numbers. These phishing websites can also perform fraudulent transactions under the customer’s name.

Who might be at risk?
iBanking or IDEAL customers

How can you protect yourself from this?

  1. Be alert. Always review the SMS alerts from DBS and call us immediately if you receive any suspicious SMS. Do not provide your user ID or PIN and other sensitive information if you did not initiate any activity.
  2. Always type in the URL of DBS website directly into the address bar of your browser.
  3. Check that you are using the official DBS / POSB website. To do this, go to the address bar of your web browser and look for the "padlock" icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  4. Call us immediately at 1800 222 2222 (Business Banking), if you notice unknown transactions appearing on your account.

Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.


Sample of the phishing email pretending to be sent from DBS.

Phishing


Sample of the phishing website.

Phishing


DBS Phishing SMS Alert

Date: 9 November 2015
Threat Type: Phishing
Alert Level: Green
Criticality: Low

Description: There is a fake SMS circulating on phone networks, pretending to be sent from DBS. The SMS contains a link to the website http://dbs-mobile.com. This is a phishing website posing as a DBS website, designed to steal customer organization IDs, user IDs, PINs, one time passwords and mobile phone numbers.

Who might be at risk?
iDEAL customers.

How can you protect yourself from this?

  1. Be alert. Always review the SMS alerts from DBS and call us immediately if you receive any suspicious SMS. Do not provide your user ID or PIN and other sensitive information if you did not initiate any activity.
  2. Always type in the URL of DBS website directly into the address bar of your browser.
  3. Check that you are using the official DBS / POSB website. To do this, go to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  4. Call us immediately at 1800 222 2222 (Business Banking), if you notice unknown transactions appearing on your account.

Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.


Sample of the fake SMS pretending to be sent from DBS.

Phishing


Sample of the phishing website.

Phishing


Mobile Malware Alert

Date: 04 November 2015
Threat Type: Malware (GMBot)
Alert Level: Amber
Criticality: Low

Description: We've discovered a malware specific to mobile devices running on Android which may affect users of the DBS and POSB digibank application. This malware could be spread through malicious mobile applications ("apps") that are downloaded from unknown sources. When the victim downloads the malicious apps, the malware then gets loaded onto the victim's device.

How does this malware behave?

  1. Signs that the malware has infected a mobile device may include (but not limited to) the following:
    • the victim may potentially experience some unusual disruptions to his mobile device
    • a surge in unfamiliar screens popping up - either asking the victim to install unfamiliar apps or prompting him to grant special permissions to certain apps
    • device shutting down all of a sudden
  2. To infect the device, pop-up screens appear (see samples below), prompting the victim to install an application asking to "activate administrator privilege" or "allow access to" administrator-level permissions on the device. Examples of these permissions include "Read your text messages" (allowing the malware to steal SMS OTP) or "Draw over other apps" (allowing the malware to show a malicious overlay screen on top of legitimate applications). By doing so, the victim unknowingly allows the attacker to take over his device.

    Malware Alert

  3. Now that the attacker has taken over the victim's device, he can "draw over other apps" by creating a fake overlay screen on top of the running legitimate apps on the device. These fake overlays are used to steal the victims' information such as his mobile number. See sample screenshots below:

    Malware Alert

  4. Next, the attacker will inject a fake overlay login page of the mobile banking application on his device - such as DBS or POSB digibank app. This will allow him to capture the victim’s digibank app user ID and pin.

    Malware Alert

  5. With the mobile number, user ID and pin and SMS OTP, as well as other potential sensitive information captured, the attacker now has all the details he needs to perform unauthorised transactions and steal money from the customers’ account. He can even steal more information by injecting more fake overlays such as below, which is designed to steal credit card information.

    Malware Alert

Who might be at risk?
Customers with iBanking accounts

How can you protect yourself from this?
You are assured that DBS and POSB digibank applications remain secure and are not the source of this malware. We also have multiple layers of security in place such as 2FA, OTP and mChallenge to protect your online banking transactions.

You are reminded to remain cautious when banking online:

  1. Be alert. Do not provide your user ID or pin and other sensitive information if you did not initiate any activity. Be cautious especially if a screen on your mobile device suddenly pops up and asks for your information, even if you did not open your applications or initiate any activity.
  2. Install the latest software updates on your mobile devices. When installing applications, be mindful of the permissions granted (i.e. think if the permissions are really necessary).
  3. Do not download or install any applications on your mobile device unless they are from authentic sources (Apple App Store or Google Play Store).
  4. Do not enter any challenge code into your security device if you did not perform any financial transaction(s) in your account. Please note that during the login process, DBS will never ask for "Sign 1" of your iBSecure Device nor ask you to input a Challenge/Response.
  5. Call us immediately at 1800 222 2222 (Business Banking), if you notice unknown transactions appearing on your account.

Malware Alert

Date: 23 September 2015
Threat Type: Malware
Alert Level: Amber
Criticality: Low

Description: We've discovered a malware spreading around which may affect users of the DBS IDEAL website. This malware could be spread through phishing emails with malicious attachment. When the said malicious attachment is opened, the malware infects the customers' computers or devices.

Once a customer's computer or device is infected, the malware will attempt to steal the customer's login and authorisation credentials (such as Organisation ID, User ID, PIN, Security Access Code, SMS OTP and Challenge/Response) by altering the flow of logging on to the DBS IDEAL website.

An example of the altered DBS IDEAL website may include a change in the login page which states that "our Bank is currently updating your company account info" and prompts for the customer to enter another user's ID and pin during his session. Below is a sample screenshot of the DBS IDEAL website after a computer or device has been infected with the malware.

Malware Alert

Who might be at risk?
Customers with IDEAL accounts

How can you protect yourself from this?
You are reminded to remain cautious when banking online:

  1. Be alert. Remember that DBS IDEAL never prompts for another user's ID or pin when you login. Do not download or open attachments found in suspicious emails and do not reply to the sender either.
  2. Always type in the URL of DBS website directly into the address bar of your browser.
  3. Do not reveal your IDEAL username, password or token PIN to anyone.
  4. Always protect your computer by using an anti-virus software and keep it updated with the latest anti-virus signatures.
  5. Call us immediately at 1800 222 2222 (Business Banking), if you notice unknown transactions appearing on your account.

DBS Malicious Email Alert

Date: 17 June 2015
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: There is a malicious email campaign targeting DBS customers. The email contains “Payment Advice” as the subject and informs customers that DBS has sent them a payment advice as requested. The email has a zip file attachment which contains a malware masquerading as a PDF file. When the said malicious attachment is opened, the malware infects the customers’ computers or devices to steal the customers’ login and authorisation credentials such as (User ID, PIN, DBS iB Secure PIN, SMS OTP and so on).

Who might be at risk?
Customers with iBanking/IDEAL accounts

How can you protect yourself from this?
You are reminded to remain cautious when banking online:

  1. Be alert. Do not download or open attachments found in suspicious emails and do not reply to the sender either.
  2. Always type in the URL of DBS website directly directly into the address bar of your browser.
  3. Do not reveal your iBanking/IDEAL username, password or token PIN to anyone.
  4. Always protect your computer by using an anti-virus software and keep it updated with the latest anti-virus signatures.
  5. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2222 (Business Banking), if you notice unknown transactions appearing on your account.

Fake DBS Website Alert

Date: 17 June 2015
Threat Type: Fake Website
Alert Level: Green
Criticality: Low

Description: There is a fake website found in the Internet (see screenshot below) which pretends to be the DBS website. The website ‘https://www.dbss.asia/index/’ is a potential phishing site - posing as the DBS website and is designed to steal customer IDs, Pins and one time passwords.

This website has been removed.

Fake DBS Website Alert

Who might be at risk?
Customers with iBanking accounts

How can you protect yourself from this?
You are reminded to remain cautious when banking online:

  1. Always type in the URL of DBS website directly into the address bar of your browser.
  2. Check that you are using the official DBS / POSB iBanking site. To do this, go to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Be alert. Never reply to unsolicited emails Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2222 (Business Banking), if you notice unknown transactions appearing on your account.

Malware Alert

Date: 2 Apr 2015
Threat Type: Malware (Dyre)
Alert Level: Amber
Criticality: Low

Description: We have discovered variants of Dyre malware that may affect users of the DBS Internet Banking website. This malware is spread through phishing emails with malicious attachment. When the said malicious attachment is opened, the malware infects the customers’ computers or devices.

Once customers’ computers or devices are infected, the malware will attempt to steal the customers’ login and authorisation credentials such as (User ID, PIN, DBS iB Secure PIN, SMS OTP and so on) by altering the flow of the DBS Internet Banking website. It will show a “Please Wait…” message and ask for the customer’s user ID, PIN and iB Secure PIN repeatedly.

Here are screenshots of the actual DBS Internet Banking website compared to what it will look like after a computer or device has been infected with this malware. The suspicious messages are highlighted in red.

Malware Alert

If you see any of the above changes while banking online with us, your computer or device may likely be infected with this malware. You are advised not to proceed with any transactions until your computer or device has been checked and disinfected. Customers are assured that the DBS Internet Banking website remains secure and is not the source of this malware.

Who might be at risk?
Customers iBanking accounts

How can you protect yourself from this?
Customers are reminded to remain cautious when banking online:

  1. Do not enter any challenge code into your security device if you did not perform any financial transaction(s) in your account. Please note that during the login process, DBS will never ask for "Sign 1" of your iBSecure Device nor ask you to input a Challenge/Response.
  2. Read the transaction details in the SMS or email alerts carefully. Validate that the messages reflect your actual transaction requests. For example, check that the account number is correct.
  3. Protect your computer from being infected by using anti-virus software and updating it with the latest anti-virus signature.

Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you encounter any of the following situations:

  1. receive SMS or email for transactions that you did not perform or account number that you do not know
  2. experience difficulty accessing your account after you have entered your credentials or see repeated login pages asking for your login details
  3. see unfamiliar banking processes/messages such as “Secure token validation”, "Security verification in progress" or "Please wait…"

"FREAK" Vulnerability Information

Date: 4 March 2015
Threat Type: Security Vulnerability
Alert Level: Amber
Criticality: Low

Description: A vulnerability known as “FREAK” has been discovered on OpenSSL implementations of SSL (Secure Socket Layer) and TLS (Transport Layer Security) which are used to encrypt communications between a website and a web browser (such as Internet Explorer, Safari) to keep the customer’s credentials and transactions secure. The vulnerability is present on websites that that use OpenSSL and accept weak encryption key length of 512 bits. When exploited, an attacker can break this weak encryption key which will allow him to steal secret information from web servers, such as the customer’s login credentials.

DBS/POSB iBanking and IDEAL do not use OpenSSL and RSA 512 bit encryption key and are not vulnerable to “FREAK”. You are assured that we have multiple layers of security in place such as 2FA for online banking transactions, to protect your online banking transactions.

However, it has also been reported that “FREAK” affects Apple’s Safari browser and Google’s Android browsers and could enable an attacker to spy on communications of users of these browsers. Both Apple and Google have since announced that a patch/software update is underway, to help mitigate this risk.

How can you protect yourself from this?
You are reminded to remain cautious when banking online:

  1. Update your web browser to the latest available patches and install the latest software updates on your mobile devices. Ensure that you download these updates from authentic and trusted sources such as Apple App Store or Google Play Store.
  2. Use different usernames and passwords for your online banking accounts from other non-banking related accounts and ensure that you change your passwords regularly.
  3. Do not reveal your iBanking/IDEAL username, password or token PIN to anyone.
  4. Always protect your computer by using an anti-virus software and keep it updated with the latest anti-virus signatures.
  5. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.

Malware Alert

Date: 12 Feb 2015
Threat Type: Malware (Dyre)
Alert Level: Amber
Criticality: Low

Description: We have discovered a variant of Dyre malware that may affect the legitimacy of the DBS IDEAL website. This malware is spread through phishing emails with malicious attachment. A sample of the phishing email is shown below. When the said malicious attachment is opened, the malware infects the customers’ computers or devices.

Once customers’ computers or devices are infected, the malware will attempt to steal the customers’ login and authorisation credentials (such as Organisation ID, User ID, PIN, Security Access Code, SMS OTP and Challenge/Response) by altering the flow of logging on to the DBS IDEAL website. After the first login page, it will show a different “Security Access Code” page followed by a message that says “We are currently processing your information, please wait....” which does not exist in the legitimate DBS IDEAL website.

Here are screenshots of the actual DBS IDEAL website compared to what it will look like after a computer or device has been infected with this malware. The suspicious messages are highlighted in red.

Malware Alert

Sample of the Phishing Email

Malware Alert

Who might be at risk?
Customers with IDEAL accounts

How can you protect yourself from this?
Customers are reminded to remain cautious when banking online:

  1. Do not enter any challenge code into your security device if you did not perform any financial transaction(s) in your account. Please note that during the log in process, you will never be asked to input a Challenge/Response.
  2. Read the transaction details in the SMS or email alerts carefully. Validate that the messages reflect your actual transaction requests. For example, check that the account number is correct.
  3. Protect your computer from being infected by using anti-virus software and updating it with the latest anti-virus signature.
  4. Check your last login and transaction history regularly for any abnormal transactions.
  5. Please inform our contact centre at 1800 222 2200 immediately if you encounter any of the following situations:
    1. receive SMS or email for transactions that you did not perform or account number that you do not know
    2. see unfamiliar banking processes/messages such as “Secure token validation”, "Security verification in progress" or "Please wait…"

Customers are assured that the DBS IDEAL website remains secure and is not the source of this malware.


"POODLE" Vulnerability Information

Date: 16 October 2014
Threat Type: Security Vulnerability
Alert Level: Amber
Criticality: Low

Description: A vulnerability known as “POODLE” has been discovered on the SSL3 (Secure Sockets Layer v3) used by old versions of web browsers such as Internet Explorer 6 on Microsoft XP. SSL is used to establish an encrypted link between a website and a web browser (such as Internet Explorer) to keep the customer’s credentials and transactions secure. With the “POODLE” vulnerability present on SSL3, an attacker may be able to take control of the customer’s SSL channel which will then allow him to steal secret information such as account details.

How can you protect yourself from this?
At DBS, we are committed to developing web applications that provide optimal customer experience with modern and latest browsers. DBS/POSB iBanking and IDEAL websites also have layered security controls such as 2FA, OTP, and mChallenge that keep online banking transactions secure. For added security, we will also discontinue support for the now insecure SSL3 encryption protocol from 7 November 2014. This means that DBS iBanking including selected features on the DBS website will no longer be accessible by older version browsers such as Internet Explorer 6 on Windows XP.

  • Customers are urged to visit the links below to download and install the latest version of popular web browsers:
  • Change your passwords regularly.
  • Keep your iBanking/IDEAL username, password or token PIN private
  • Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.

DBS Phishing Site Alert

Date: 9 October 2014
Threat Type: Phishing
Alert Level: Amber
Criticality: Medium

Description: There is a DBS phishing site found on the Internet which pretends to be the DBS Internet Banking website. The website http://www.prestasibimbel.com is a phishing site posing as the DBS Internet Banking website, designed to steal customer IDs, PINs and one time passwords.

Who might be at risk?
Customers with iBanking account

How can you protect yourself from this?
  • Call us immediately at 1800 111 1111 (Personal Banking) if you notice unknown transactions appearing on your account.
  • Always review the SMS alerts from DBS and call us immediately if you receive any suspicious SMS.
  • DBS will never ask you for your PIN number, via email or phone.
  • Always type in the URL of DBS website directly into the address bar of your browser.

Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.


DBS Phishing Email Alert

Date: 6 October 2014
Threat Type: Phishing
Alert Level: Amber
Criticality: Medium

Description: An ongoing phishing campaign is targeting DBS customers. In this campaign, an email will be sent to DBS customers, informing them that an enhanced account security management system has been installed and it urges customers to activate this feature by clicking on an URL inside that email; otherwise the account will be temporarily locked.

This URL brings customers to a phishing website designed to steal customer IDs, passwords, credit card details and contact information. A sample of the phishing email and website is provided for reference below.

Who might be at risk?
Customers with iBanking/IDEAL account

How can you protect yourself from this?
Customers are reminded to refrain from providing any confidential information. Remember,

  • Do not download or open attachments in suspicious emails.
  • Never reply to unsolicited emails.
  • Never reply to unsolicited emails.
  • Always type in the URL of the DBS Internet Banking website directly into the address bar of your browser, and check that the website you are accessing is the valid DBS Internet Banking website:
    • DBS iBanking - https://internet-banking.dbs.com.sg
    • DBS iDEAL - https://ideal.dbs.com
  • Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.
  • Always review the SMS alerts from DBS and call us immediately if you receive any suspicious SMS.
  • Always protect your computer by using an anti-virus software and keep it updated with the latest anti-virus signature.

Sample of the Phishing Website


Heartbleed Vulnerability Information

Date: 14 April 2014
Threat Type: Security Bug
Alert Level: Green
Criticality: Low

Description: A vulnerability known as the Heartbleed bug has been discovered on OpenSSL implementations of SSL and TLS, which is used to encrypt communications between computers and web servers. This vulnerability allows attackers to obtain secret information such as credentials from web servers.

DBS/POSB iBanking and IDEAL do not use OpenSSL and are not vulnerable to Heartbleed. We have multiple layers of security in place to protect our customers such as 2FA for online banking transactions.

Who might be at risk?
Customers with iBanking/IDEAL accounts

How can you protect yourself from this?

  • Use different usernames and passwords for your online banking accounts from other non-banking related accounts.
  • Change your passwords regularly.
  • Do not reveal your iBanking/IDEAL username, password or token PIN to anyone.
  • Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.
  • Always protect your computer by using an anti-virus software and keep it updated with the latest anti-virus signatures.

 


DBS Malicious Email Alert

Date: 25 March 2014
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: There is a malicious email campaign targeting DBS customers. The email contains “Payment Advice” as the subject and informs customers that DBS has sent them a payment advice as requested. The email has a zip file attachment which contains a malware masquerading as a PDF file.

A sample of the email is provided for reference.

Who might be at risk?
Customers with iBanking/IDEAL accounts

How can you protect yourself from this?
Customers are reminded to be exercise caution when receiving suspicious emails. Remember,

  • Do not download or open attachments in suspicious emails.
  • Never reply to unsolicited emails.
  • Always type in the URL of the DBS Internet Banking website directly into the address bar of your browser, and check that the website you are accessing is the valid DBS Internet Banking website:
  • Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.
  • Always review the SMS alerts from DBS and call us immediately if you receive any suspicious SMS.
  • Always protect your computer by using an anti-virus software and keep it updated with the latest anti-virus signature.

 

Sample of the Malicious Email

 


 

POSB Phishing Site Alert

Date: 10 January 2014
Threat Type: Phishing
Alert Level: Green
Criticality: Low

Description: There is a POSB phishing site found on the Internet which pretends to be the POSB Internet Banking website. The website http://home.e-posbsg.com/index/personal/Pages/default.html is a phishing site posing as the POSB Internet Banking website, designed to steal customer IDs, Pins and one time passwords. The website has since been removed.

Who might be at risk?
Customers with iBanking account

How can you protect yourself from this?
Customers are reminded to refrain from providing any confidential information. Remember,

  • POSB will never ask you for your PIN number, via email or phone.
  • Always type in the URL of POSB website directly into the address bar of your browser.
  • Verify that the iBanking site you are visiting is legitimate. To do this, go to the address bar of your web browser and look for the “padlock” icon found at the right side. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  • Alert us immediately, if you notice unknown transactions appearing on your account.
  • Never reply to unsolicited emails.
  • Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

 


DBS Phishing Site Alert

Date: 30 July 2013
Threat Type: Phishing
Alert Level: Red
Criticality: High

Description: An ongoing phishing campaign is targeting DBS customers. In this campaign, an email will be sent to DBS customers, informing them that the DBS internet banking system will be upgraded and that they should click on a URL inside the email. This URL brings customers to a phishing website which pretends to be the DBS Internet Banking website, designed to steal customer IDs, PINs, one-time passwords and contact information. Customers may also receive a call from someone pretending to be from DBS, and requesting for your iB Secure PIN or informing you of cancelling/stopping transactions which you actually did not perform. The phishing websites may be using various different URLs; examples are provided below.

  • http://www.theheatstore.nl/catalog/admin/Update/index.php
  • http://96.127.154.90/~kctasman/Update/index.php
  • http://villagebeads.co.nz/Update/index.php
  • http://www.arkmodel.com/DBS/
  • http://www.swordexperts.com/DBS/

The websites have since been removed but the phishing emails might still be circulating. Samples of the phishing email and the phishing website are provided below, for reference.

Who might be at risk?
Customers with iBanking/IDEAL accounts

How can you protect yourself from this?
Customers are reminded to refrain from providing any confidential information. Remember,

  • DBS staff will NEVER ask you for confidential information via email or phone, for example:
    • PIN or iB Secure PIN;
    • Token PIN; and
    • One Time Password or Challenge and Response Codes.
  • Always type in the URL of the DBS Internet Banking website directly into the address bar of your browser, and check that the website you are accessing is the valid DBS Internet Banking website:
    • DBS iBanking - https://internet-banking.dbs.com.sg
    • DBS iDEAL - https://ideal.dbs.com
  • Verify that the iBanking site you are visiting is legitimate. To do this, go to the address bar of your web browser and look for the “padlock” icon found at the right side. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  • Always review the SMS alerts from DBS and call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you receive any suspicious SMS or notice unknown transactions appearing on your account.
  • Never reply to unsolicited emails.
  • Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on. It is also prudent to install the latest released anti-virus signatures and operating system/internet browser security updates.

Sample of the Phishing Email



Sample of the Phishing Website


DBS Phishing Site Alert

Date: 24 July 2013
Threat Type: Phishing
Alert Level: Green
Criticality: Low

Description: There is a DBS phishing site found on the Internet which pretends to be the DBS Internet Banking website. The website http://terceirotempo.bol.uol.com.br/img/times/Welcome.html is a phishing site posing as the DBS Internet Banking website, designed to steal customer IDs, Pins and one time passwords. The website has been removed.

Who might be at risk?
Customers with iBanking accounts

How can you protect yourself from this?
Customers are reminded to refrain from providing any confidential information. Remember,

  • Always type in the URL of DBS website directly into the address bar of your browser.
  • Verify that the iBanking site you are visiting is legitimate. To do this, go to the address bar of your web browser and look for the “padlock” icon found at the right side. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  • Alert us immediately, if you notice unknown transactions appearing on your account.
  • Never reply to unsolicited emails.
  • DBS will never ask you for your PIN number, via email or phone.
  • Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

 


Malware Alert

Date: 13 Jun 2013
Threat Type: Malware (Zbot)
Alert Level: Amber
Criticality: Low

Description: We have discovered a variant of Zbot malware that may affect users of the DBS Internet Banking website. This malware infects customers’ computers or devices. Once customers’ computers or devices are infected, it will show a “Security challenge” message that is not part of the DBS Internet Banking website. Here is a screenshot of what the DBS Internet Banking website will look like after a computer or device has been infected with this malware. The suspicious message is circled in red.

If you see any of the above messages while banking online with us, your computer or device may likely be infected with this malware. You are advised not to proceed with any transactions until your computer or device has been checked and disinfected.

Who might be at risk?
Customers with iBanking accounts

How can you protect yourself from this?
Customers are reminded to remain cautious when banking online:

  1. DBS will never ask for "Sign 1" of the iBSecure Device during login.
  2. Do not enter the OTP from your token or your IB Message SMS if you did not add payee(s) or perform other online transactions in your account.
  3. Read the transaction details in the SMS or email alerts carefully. Validate that the messages reflect your actual transaction requests. For example, check that the account number is correct.
  4. Check your last login and transaction history regularly for any abnormal transactions.
  5. Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you encounter any of the following situations:
    1. Receive SMS or email for transactions that you did not perform or account number that you do not know
    2. Experience difficulty accessing your account after you have entered your credentials or see repeated login pages asking for your login details
    3. See unfamiliar banking processes/messages such as “Security challenge such as the above screenshots
  6. Protect your computer from being infected by using anti-virus software and updating it with the latest anti-virus signature.

Customers are assured that the DBS Internet Banking website remains secure and is not the source of this malware.


Malware Alert

Date: 17 Apr 2013
Threat Type: Malware
Alert Level: Amber
Criticality: Low

Description:We have discovered a malware that may affect users of the DBS Internet Banking website. This malware infects customers’ workstations or devices. Once customers’ workstations/devices are infected, it is designed to steal customers’ information by altering the flow of the Internet Banking website when credit card related links have been selected. It will ask for “Card Expiry Date”, “CVV2 Code” or "Three-digit security code", “Cardholder Address”, “Cardholder ZIP”, “Cardholder Date of Birth” and “Password” claiming that credit card and card holder information needs to be verified. This step is not part of the DBS Internet Banking website. Please do not provide any of such information.

Below are screenshots of what the DBS Internet Banking website looks like after it is infected with this malware:




If you see any of the above changes while banking online with us, your computer or device may likely be infected with this malware. You are advised not to proceed with any transactions until your computer or device has been checked and disinfected. Customers are assured that the DBS Internet Banking website remains secure and is not the source of this malware.

Who might be at risk?
Customers with iBanking accounts

How can you protect yourself from this?
Customers are reminded to remain cautious when banking online:

  1. Never provide your credit card details in iBanking as the credit card details are only required when you do online purchases.
  2. Do not enter the OTP from your token or your IB Message SMS if you did not add payee(s) or perform other online transactions in your account.
  3. Read the transaction details in the SMS or email alerts carefully. Validate that the messages reflect your actual transaction requests. For example, check that the account number is correct.
  4. Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you encounter any of the following situations:
    1. receive SMS or email for transactions that you did not perform or account number that you do not know
    2. experience difficulty accessing your account after you have entered your credentials or see repeated login pages asking for your login details
    3. see unfamiliar banking processes/messages such as “Secure token validation”, "Security verification in progress", "Please wait…" or such as the above screenshots
  5. Protect your computer from being infected by using anti-virus software and updating it with the latest anti-virus signature.
  6. For more security tips, please refer to Protecting Yourself Online
Customers are assured that the DBS Internet Banking website remains secure and is not the source of this malware.

 

 


 

Malware Alert

Date: 07 Mar 2013
Threat Type: Malware (Zbot –Zeus)
Alert Level: Amber
Criticality: Low

Description: We have discovered different variants of Zbot (Zeus) malware that may affect users of the DBS Internet Banking website. This malware infects customers’ computers or devices. Once customers’ computers or devices are infected, the malware will attempt to steal customers’ information by altering the flow of the DBS Internet Banking website to steal login and authorisation credentials (User ID, PIN, DBS iB Secure PIN, SMS OTP and so on). It will show a rotating “Please Wait…” message and ask for the customer’s user ID, PIN and iB Secure PIN repeatedly. The suspicious message is circled in red below.

This is typically followed by this screen:

If you see any of the above changes while banking online with us, your computer or device may likely be infected with this malware. You are advised not to proceed with any transactions until your computer or device has been checked and disinfected. Customers are assured that the DBS Internet Banking website remains secure and is not the source of this malware.

Who might be at risk?
Customers with iBanking accounts

How can you protect yourself from this?
Customers are reminded to remain cautious when banking online:

  1. DBS will never ask for "Sign 1" of the iBSecure Device during login.
  2. Do not enter the OTP from your token or your IB Message SMS if you did not add payee(s) or perform other online transactions in your account.
  3. Read the transaction details in the SMS or email alerts carefully. Validate that the messages reflect your actual transaction requests. For example, check that the account number is correct.
  4. Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you encounter any of the following situations:
    1. receive SMS or email for transactions that you did not perform or account number that you do not know
    2. experience difficulty accessing your account after you have entered your credentials or see repeated login pages asking for your login details
    3. see unfamiliar banking processes/messages such as “Secure token validation”, "Security verification in progress" or "Please wait…"
  5. Protect your computer from being infected by using anti-virus software and updating it with the latest anti-virus signature.
  6. Do not provide your card information such as card number and card PIN in the Internet Banking login page.
  7. For more security tips, please refer to Protecting Yourself Online .

Customers are assured that the DBS Internet Banking website remains secure and is not the source of this malware.


Malware Alert

Date: 26 February 2013
Threat Type: Malware
Alert Level: Amber
Criticality: Low

Description: We have discovered malware that may affect the legitimacy of the DBS IDEAL website. Once customers’ computers or devices are infected, the malware will attempt to steal customers’ login and authorisation credentials (Organisation ID, User ID, PIN, Security Access Code, SMS OTP and Challenge/Response) by altering the flow of logging onto the DBS IDEAL website.

It will show a rotating “Please Wait …” message that does not exist on the DBS IDEAL website.

Here is a screenshot of what the DBS IDEAL website will look like after a computer or device has been infected with this malware. The suspicious messages are circled in red.


Who might be at risk?
Customers with IDEAL accounts

How can you protect yourself from this?
Customers are reminded to remain cautious when banking online:

  1. Do not enter the any challenge code into your security device if you did not perform any financial transaction(s) in your account. Please note that during the log in process, you will never be asked to input a Challenge/Response.
  2. Read the transaction details in the SMS or email alerts carefully. Validate that the messages reflect your actual transaction requests. For example, check that the account number is correct.
  3. Protect your computer from being infected by using anti-virus software and updating it with the latest anti-virus signature.
  4. Check your last login and transaction history regularly for any abnormal transactions.
  5. Please inform our contact centre at 1800 222 2200 immediately if you encounter any of the following situations:
    1. receive SMS or email for transactions that you did not perform or account number that you do not know
    2. see unfamiliar banking processes/messages such as “Secure token validation”, "Security verification in progress" or "Please wait…"

Customers are assured that the DBS IDEAL website remains secure and is not the source of this malware.


Fake DBS Website Alert

Date: 9 February 2013
Threat Type: Fake Website
Alert Level: Green
Criticality: Low

Description:There is a fake website found in the Internet which pretends to be the DBS Internet Banking website. The website http://aspectpine.co.uk/dbs/welcome.htm is a phishing website posing as the DBS Internet Banking website, designed to steal customer IDs, Pins and one time passwords.

This website has been removed.

Who might be at risk?
Customers with iBanking accounts

How can you protect yourself from this?
Customers are reminded to refrain from providing any confidential information. Remember, DBS will never ask you for your PIN number, via email or phone.

  • Always type in the URL of DBS website directly into the address bar of your browser.
  • Verify that the iBanking site you are visiting is legitimate. To do this, go to the address bar of your web browser and look for the “padlock” icon found at the right side. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  • Alert us immediately, if you notice unknown transactions appearing on your account.
  • Never reply to unsolicited emails.


Malware Alert

Date: 16 Jun 2012
Threat Type: Malware (Zbot – Zeus)
Alert Level: Amber
Criticality: Low

Description: We have discovered malware that may affect the legitimacy of the DBS Internet Banking website. This malware infects customers’ computers or devices. Once customers’ computers or devices are infected, the malware will attempt to steal customers’ information by altering the flow of the DBS Internet Banking website to steal login and authorisation credentials (User ID, PIN, DBS iB Secure PIN, SMS OTP and so on). It will show a rotating “Please Wait…” message and a step called “Secure Token Validation” which asks for the customer’s iB Secure PIN repeatedly – both of which do not exist on the DBS Internet Banking website. These suspicious messages are circled in red below.



If you see any of the above changes while banking online with us, your computer or device may likely be infected with this malware. You are advised not to proceed with any transactions until your computer or device has been checked and disinfected. Customers are assured that the DBS Internet Banking website remains secure and is not the source of this malware.

Who might be at risk?
Customers with iBanking accounts

How can you protect yourself from this?
Customers are reminded to remain cautious when banking online:

  1. Do not enter the OTP from your token or your IB Message SMS if you did not add payee(s) or perform other online transactions in your account.
  2. Read the transaction details in the SMS or email alerts carefully. Validate that the messages reflect your actual transaction requests. For example, check that the account number is correct.
  3. Protect your computer from being infected by using anti-virus software and updating it with the latest anti-virus signature.
  4. Do not provide your card information such as card number and card PIN in the Internet Banking login page.
  5. Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you encounter any of the following situations:
    1. receive SMS or email for transactions that you did not perform or account number that you do not know
    2. experience difficulty accessing your account after you have entered your credentials

Customers are assured that the DBS Internet Banking website remains secure and is not the source of this malware.

Remedy: The following list of anti-virus software is known to be able to detect and quarantine this type of malware.

Anti-Virus Version Signature date
AhnLab-V3 Spyware/Win32.Zbot 20120628
AntiVir TR/Crypt.XPACK.Gen 20120628
Antiy-AVL Trojan/Win32.Zbot.gen 20120628
Avast Win32:Susn-AJ [Trj] 20120628
AVG PSW.Generic9.CLKR 20120628
BitDefender Trojan.Generic.KD.641912 20120628
ByteHero Virus.Win32.Heur.c 20120613
ClamAV Trojan.Zbot-22915 20120628
Commtouch W32/Zbot.FB.gen!Eldorado 20120628
Comodo TrojWare.Win32.Kryptik.AGOY 20120628
DrWeb Trojan.Inject1.4253 20120628
Emsisoft Trojan-PWS.Win32.Zbot!IK 20120628
F-Prot W32/Zbot.FB.gen!Eldorado 20120627
F-Secure Trojan.Generic.KD.641912 20120628
Fortinet W32/Zbot.UH!tr.pws 20120628
GData Trojan.Generic.KD.641912 20120628
Ikarus Trojan-PWS.Win32.Zbot 20120628
Jiangmin TrojanSpy.Zbot.axmb 20120628
K7Anti-virus Spyware 20120627
Kaspersky Trojan-Spy.Win32.Zbot.dyij 20120628
McAfee PWS-Zbot.gen.uh 20120628
McAfee-GW-Edition PWS-Zbot.gen.uh 20120628
Microsoft PWS:Win32/Zbot.gen!AF 20120628
NOD32 Win32/Spy.Zbot.AAN 20120627
Norman W32/Injector.AQSI 20120627
nProtect Trojan/W32.Agent.319968.B 20120628
Panda Generic Trojan 20120627
PCTools Trojan.Zbot 20120628
Sophos Mal/Zbot-BRU 20120628
Symantec Trojan.Zbot 20120628
TheHacker Trojan/Kryptik.agoy 20120627
TrendMicro H2_AGENT_044167.TOMB 20120628
TrendMicro-HouseCall H2_AGENT_044167.TOMB 20120628
VBA32 Trojan.Zbot.7612 20120626
VIPRE Trojan-PWS.Win32.Zbot.af.gen (v) 20120628
ViRobot Trojan.Win32.A.Zbot.319968 20120628
VirusBuster Trojan.Kryptik!87wILK2ElVg 20120627

 


 

Malware Alert

Date: 30 May 2012
Threat Type: Malware (Torpig)
Alert Level: Amber
Criticality: Low

Description: We have discovered different variants of Torpig (also known as Anserin or Sinowal) malware that may affect the legitimacy of the DBS Internet Banking websites. This malware infects customers’ workstations or devices. Once customers’ workstations/devices are infected, it is designed to steal customers’ information by altering the flow of the existing Internet Banking websites of Singapore banks. It will ask for “card number”, the “signature panel code” (CVV code), “expiration date” and “ATM PIN”, claiming the computer is not recognized. In general, it will attempt to steal information from the infected computers, including all found passwords. Please do not provide any of such information. Here is a screenshot of how the DBS Internet Banking website looks like after it is infected with this malware:

If you see any of the above changes while banking online with us, your computer may likely be infected with this malware. You are advised not to proceed with any transactions until your computer has been checked and disinfected.

Who might be at risk?
Customers with iBanking accounts

How can you protect yourself from this?
Customers are reminded to remain cautious when banking online:

  1. Do not enter the OTP from your token or your IB Message SMS if you did not add payee(s) or perform other online transactions in your account.
  2. Read the transaction details in the SMS or email alerts carefully. Validate that the messages reflect your actual transaction requests. For example, check that the account number is correct.
  3. Protect your computer from being infected by using anti-virus software and updating it with the latest anti-virus signature.
  4. Do not provide your card information such as card number and card PIN in the Internet Banking login page.
  5. Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you encounter any of the following situations:
    1. receive SMS or email for transactions that you did not perform or account number that you do not know
    2. experience difficulty accessing your account after you have entered your credentials
    3. see unfamiliar banking processes/messages such as “Secure token validation”, "Security verification in progress" or "Please wait…"
Customers are assured that the DBS Internet Banking website remains secure and is not the source of this malware.

 

Remedy: The following list of anti-virus software is known to be able to detect and quarantine this type of malware.

Anti-virus Version Signature date
AhnLab-V3 Trojan/Win32.Scar 20120511
AntiVir BDS/Sinowal.nue 20120511
Antiy-AVL Trojan/win32.agent.gen 20120512
Avast Win32:Sinowal-JN [Trj] 20120512
AVG BackDoor.Generic15.ALJB 20120511
BitDefender Trojan.PWS.Sinowal.NCX 20120512
ByteHero Trojan.Win32.Heur.088 20120511
CAT-QuickHeal Backdoor.Sinowal.pzh 20120511
ClamAV - 20120512
Commtouch W32/Sinowal.AD.gen!Eldorado 20120512
Comodo TrojWare.Win32.Kryptik.SZK 20120512
DrWeb Trojan.Packed.21724 20120512
Emsisoft Trojan-PWS.Sinowal!IK 20120512
eSafe Win32.BDSSinowal.Nue 20120509
eTrust-Vet Win32/Sinowal.J!generic 20120511
F-Prot W32/Sinowal.AD.gen!Eldorado 20120511
F-Secure Trojan.PWS.Sinowal.NCX 20120512
Fortinet W32/Sinowal.BJ!tr 20120508
GData Trojan.PWS.Sinowal.NCX 20120512
Ikarus Trojan-PWS.Sinowal 20120512
Jiangmin - 20120512
K7Anti-virus Backdoor 20120511
Kaspersky Backdoor.Win32.Sinowal.pzh 20120511
McAfee Artemis!DB0BA4479277 20120512
McAfee-GW-Edition - 20120512
Microsoft PWS:Win32/Sinowal.gen!AA 20120512
NOD32 a variant of Win32/Kryptik.TEK 20120512
Norman W32/Sinowal.FSY 20120511
nProtect Trojan.PWS.Sinowal.NCX 20120511
Panda Trj/Sinowal.gen 20120511
PCTools Trojan.Anserin 20120512
Rising - 20120511
Sophos Mal/Sinowal-N 20120512
SUPERAntiSpyware - 20120512
Symantec Trojan.Anserin 20120512
TheHacker Backdoor/Sinowal.pzh 20120511
TrendMicro TROJ_GEN.R47CDDJ 20120512
TrendMicro-HouseCall TROJ_GEN.R47CDDJ 20120511
VBA32 BScope.Backdoor.Sinowal.3921 20120511
VIPRE Trojan-Dropper.Win32.Sinowal.y (v) 20120512
ViRobot - 20120512
VirusBuster Trojan.DR.Sinowal.Gen.20 20120511

Malware Alert

Date: 05 Sep 2011
Threat Type: Malware (Spyeye)
Alert Level: Amber
Criticality: Low

Description: We have discovered different variants of Spyeye malware that may affect the legitimacy of the DBS Internet Banking websites. This malware targets Singapore Internet Banking websites which include the DBS Internet Banking website, DealOnline and VICKERS Online websites. It is designed to steal customers’ information by altering the “look and feel” of the existing Internet Banking websites. For instance, if the malware infects the customer's computer, DBS Internet Banking website will look different and will ask the customer to key in his user ID, pin and one-time pin from his token all at the same time, instead of the usual login method. Here is a comparison of how DBS Internet Banking website looks like before and after it is infected with this malware:

Another indication of the malware infection is that the internet banking website login page remains the same. However, upon login the customer will redirected to a page that states "We are checking your security settings. Every step can take 1-10 minutes....“


If you see any of the above changes while banking online with us, your computer may likely be infected with this malware. You are advised not to proceed with any transactions until your computer has been checked and disinfected.

Who might be at risk?
Customers with iBanking/IDEAL accounts

How can you protect yourself from this?
Customers are reminded to remain cautious when banking online:

  1. Do not enter the OTP from your token or your IB Message SMS if you did not add payee(s) or perform other online transactions in your account.
  2. Read the transaction details in the SMS or email alerts carefully. Validate that the messages reflect your actual transaction requests. For example, check that the account number is correct.
  3. Protect your computer from being infected by using anti-virus software and updating it with the latest anti-virus signature.
  4. Do not provide your card information such as card number and card PIN in the Internet Banking login page.
  5. Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you encounter any of the following situations:
    1. receive SMS or email for transactions that you did not perform or account number that you do not know
    2. experience difficulty accessing your account after you have entered your credentials
    3. see unfamiliar banking processes/messages such as “Secure token validation”, "Security verification in progress" or "Please wait…"
Customers are assured that the DBS Internet Banking, DealOnline and VICKERS Online websites remain secure and is not the source of this malware.

 

Remedy: The following list of anti-virus software is known to be able to detect and quarantine this type of malware.

Anti-virus Version Signature date Virus name detected
AhnLab-V3 2011.09.04.00 2011.09.04 Spyware/Win32.Zbot
AntiVir 7.11.14.92 2011.09.04 TR/EyeStye.N.1532
Antiy-AVL 2.0.3.7 2011.09.04 Trojan/Win32.SpyEyes.gen
Avast 4.8.1351.0 2011.09.04 Win32:Malware-gen
Avast5 5.0.677.0 2011.09.04 Win32:Malware-gen
AVG 10.0.0.1190 2011.09.05 PSW.Generic9.OTZ
BitDefender 7.2 2011.09.05 Trojan.Generic.KD.337313
ByteHero 1.0.0.1 2011.08.22 -
CAT-QuickHeal 11.00 2011.09.04 -
ClamAV 0.97.0.0 2011.09.05 -
Commtouch 5.3.2.6 2011.09.04 -
Comodo 9994 2011.09.04 UnclassifiedMalware
DrWeb 5.0.2.03300 2011.09.05 Trojan.PWS.SpySweep.52
Emsisoft 5.1.0.11 2011.09.05 Trojan.Win32.Spyeye!IK
eSafe 7.0.17.0 2011.09.04 -
eTrust-Vet 7.0.17.0 2011.09.04 -
F-Prot 4.6.2.117 2011.09.04 -
F-Secure 9.0.16440.0 2011.09.04 Trojan.Generic.KD.337313
Fortinet 4.3.370.0 2011.09.04 W32/SpyEyes.MLQ!tr
GData 22 2011.09.05 Trojan.Generic.KD.337313
Ikarus T3.1.1.107.0 2011.09.05 Trojan.Win32.Spyeye
Jiangmin 13.0.900 2011.09.04 TrojanSpy.SpyEyes.eto
K7Anti-virus 9.111.5083 2011.09.02 Spyware
Kaspersky 9.0.0.837 2011.09.05 Trojan-Spy.Win32.SpyEyes.mlq
McAfee 5.400.0.1158 2011.09.05 Trojan-Spy.Win32.SpyEyes.mlq
McAfee-GW-Edition 2010.1D 2011.09.05 PWS-Zbot.gen.js
Microsoft 1.7604 2011.09.04 Trojan:Win32/EyeStye.N
NOD32 6436 2011.09.05 a variant of Win32/Kryptik.SET
Norman 6.07.11 2011.09.04 W32/Suspicious_Gen2.PPEEN
nProtect 2011-09-04.01 2011.09.04 Trojan/W32.Agent.289792.CR
Panda 10.0.3.5 2011.09.04 Trj/CI.A
PCTools 8.0.0.5 2011.09.05 Trojan.Gen
Prevx 3.0 2011.09.05 -
Rising 23.73.01.03 2011.08.30 -
Sophos 4.69.0 2011.09.04 Mal/SpyEye-U
SUPERAntiSpyware 4.40.0.1006 2011.09.04 -
Symantec 20111.2.0.82 2011.09.05 -
TheHacker 6.7.0.1.290 2011.09.03 -
TrendMicro 9.500.0.1008 2011.09.03 -
TrendMicro-HouseCall 9.500.0.1008 2011.09.05 TROJ_GEN.R3AC2HV
VBA32 3.12.16.4 2011.09.02 -
VIPRE 10374 2011.09.05 Trojan.Win32.Generic!BT
ViRobot 2011.9.3.4655 2011.09.04 -
VirusBuster 14.0.200.0 2011.09.03 -

 


 

Malware Alert

Date: 4 Feb 2011
Threat Type: Malware (Spyeye)
Alert Level: Green
Criticality: Low

Description: A Spyeye malware is found to be targeting local banks in Singapore including DBS. This malicious software, which can be transmitted through compromised websites, is designed to steal private data such as user ID and pin from websites that the customer visited. A customer being asked to key in his pin and/or one-time password a few times can be an indication of Spyeye infection.

The following screenshots show how the DBS Internet Banking website differs when used in computer that is infected by this malware.





Who might be at risk?
Customers with iBanking accounts

How can you protect yourself from this?
Customers are reminded to remain cautious when banking online:

  1. Do not enter the OTP from your token or your IB Message SMS if you did not add payee(s) or perform other online transactions in your account.
  2. Read the transaction details in the SMS or email alerts carefully. Validate that the messages reflect your actual transaction requests. For example, check that the account number is correct.
  3. Protect your computer from being infected by using anti-virus software and updating it with the latest anti-virus signature.
  4. Do not provide your card information such as card number and card PIN in the Internet Banking login page.
  5. Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you encounter any of the following situations:
    1. receive SMS or email for transactions that you did not perform or account number that you do not know
    2. experience difficulty accessing your account after you have entered your credentials
    3. see unfamiliar banking processes/messages such as “Secure token validation”, "Security verification in progress" or "Please wait…"
Customers are assured that the DBS Internet Banking website remains secure and is not the source of this malware.

 

Remedy: The following list of anti-virus software is known to be able to detect and quarantine this type of malware.

Anti-virus Version Signature date Virus name detected
AhnLab-V3 2011.01.27.01 2011.01.27 Spyware/Win32.SpyEyes
AntiVir 7.11.2.71 2011.02.04 TR/Dropper.Gen
Antiy-AVL 2.0.3.7 2011.01.28 Trojan/Win32.SpyEyes.gen
Avast 4.8.1351.0 2011.02.04 Win32:Malware-gen
Avast5 5.0.677.0 2011.02.04 Win32:Malware-gen
AVG 10.0.0.1190 2011.02.04 unknown virus Win32/DH.BA
BitDefender 7.2 2011.02.04 Trojan.Generic.KDV.116346
CAT-QuickHeal 11.00 2011.02.04 TrojanSpy.SpyEyes.elr
ClamAV 0.96.4.0 2011.02.04 -
Commtouch 5.2.11.5 2011.02.04 -
Comodo 7586 2011.02.04 -
DrWeb 5.0.2.03300 2011.02.04 -
Emsisoft 5.1.0.2 2011.02.04 Trojan.Win32.EyeStye!IK
eSafe 7.0.17.0 2011.02.03 Win32.TRDropper
eTrust-Vet 36.1.8140 2011.02.04 Win32/Etap
F-Prot 4.6.2.117 2011.02.01 -
F-Secure 9.0.16160.0 2011.02.04 Trojan.Generic.KDV.116346
Fortinet 4.2.254.0 2011.02.04 W32/SpyEyes.ELR!tr
GData 21 2011.02.04 Trojan.Generic.KDV.116346
Ikarus T3.1.1.97.0 2011.02.04 Trojan.Win32.EyeStye
Jiangmin 13.0.900 2011.02.04 TrojanSpy.SpyEyes.bdl
K7Anti-virus 9.81.3737 2011.02.03 -
Kaspersky 7.0.0.125 2011.02.04 Trojan-Spy.Win32.SpyEyes.elr
McAfee 5.400.0.1158 2011.02.04 PWS-Spyeye.m
McAfee-GW-Edition 2010.1C 2011.02.04 PWS-Spyeye.m
Microsoft 1.6502 2011.02.04 Trojan:Win32/EyeStye.H
NOD32 5845 2011.02.04 a variant of Win32/Spy.SpyEye.CA
Norman 6.07.03 2011.02.03 W32/Malware.QKUL
nProtect 2011-01-27.01 2011.02.02 -
Panda 10.0.3.5 2011.02.03 Trj/CI.A
PCTools 7.0.3.5 2011.02.04 Trojan-PSW.Generic
Prevx 3.0 2011.02.04 -
Rising 23.43.04.02 2011.02.04 Trojan.Win32.Generic.12779390
Sophos 4.61.0 2011.02.04 Mal/Generic-L
SUPERAntiSpyware 4.40.0.1006 2011.02.04 -
Symantec 20101.3.0.103 2011.02.04 Infostealer
TheHacker 6.7.0.1.123 2011.02.02 -
TrendMicro 9.200.0.1012 2011.02.04 TSPY_SPYEYE.SMB
TrendMicro-HouseCall 9.200.0.1012 2011.02.04 TSPY_SPYEYE.SMB
VBA32 3.12.14.3 2011.02.02 BScope.Banker.xc
VIPRE 8303 2011.02.04 Trojan.Win32.Generic!BT
ViRobot 2011.2.4.4292 2011.02.04 -
VirusBuster 13.6.180.0 2011.02.03 TrojanSpy.SpyEyes!ieTmgwiMnI4

 


 

Fake DBS Website Alert

Date: 19 Jan 2011
Threat Type: Fake Website
Alert Level: Green
Criticality: Low

Description:There is a fake website found in the Internet which pretends to be associated with DBS Bank. The website www.dbsinternetbanking.org is a scam website posing as the DBS Internet Banking site. DBS Bank assures customers that it is not associated with this website. Fake websites like this can evolve to a phishing site, which will then attract users to provide their account information and password.

This website has since been removed.

Who might be at risk?
Any DBS customer

How can you protect yourself from this?
Customers are reminded to refrain from providing any confidential information. Remember, DBS will never ask you for your PIN number, via email or phone.

  • Always type in the URL of DBS website directly into the address bar of your browser.
  • Verify that the iBanking site you are visiting is legitimate. To do this, go to the address bar of your web browser and look for the “padlock” icon found at the right side. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  • Alert us immediately, if you notice unknown transactions appearing on your account.
  • Never reply to unsolicited emails.

 

Sample of the Fake Website:


Malware Alert

Date: 2 Dec 2010
Threat Type: Malware (Haxdoor)
Alert Level: Green
Criticality: Low

Description: This backdoor malware allows hackers to gain remote access to the users computer to steal private information such as customer ID and pin from websites that the customer visited. Haxdoor malware can be transmitted through CD-ROMs, memory sticks, external hard drives, email messages with attachments, internet downloads, file transfers, instant messaging channels, and the like.

Who might be at risk?
Customers with iBanking/IDEAL accounts

How can you protect yourself from this?
Customers are reminded to remain cautious when banking online:

  1. Do not enter the OTP from your token or your IB Message SMS if you did not add payee(s) or perform other online transactions in your account.
  2. Read the transaction details in the SMS or email alerts carefully. Validate that the messages reflect your actual transaction requests. For example, check that the account number is correct.
  3. Protect your computer from being infected by using anti-virus software and updating it with the latest anti-virus signature.
  4. Do not provide your card information such as card number and card PIN in the Internet Banking login page.
  5. Please inform our customer centre at 1800 111 1111 or +65 6327 2265 (when calling from overseas) immediately if you encounter any of the following situations:
    1. receive SMS or email for transactions that you did not perform or account number that you do not know
    2. experience difficulty accessing your account after you have entered your credentials
    3. see unfamiliar banking processes/messages such as “Secure token validation”, "Security verification in progress" or "Please wait…"

Customers are assured that the DBS Internet Banking, DealOnline and VICKERS Online websites remain secure and is not the source of this malware.

Remedy: The following list of Anti-virus software is known to be able to detect, quarantine, and/or delete this backdoor virus.

Anti-virus Version Signature date Virus name detected
AhnLab-V3 2010.11.30.00 2010.11.29 Win-Trojan/Haxdor.60256
AntiVir 7.10.14.136 2010.11.29 TR/Crypt.FSPM.Gen
Antiy-AVL 2.0.3.7 2010.11.30 -
Avast 4.8.1351.0 2010.11.29 Win32:Trojan-gen
Avast5 5.0.677.0 2010.11.29 Win32:Trojan-gen
AVG 9.0.0.851 2010.11.30 unknown virus Win32/DH.BA
BitDefender 7.2 2010.11.30 Backdoor.Haxdoor.NN
CAT-QuickHeal 11.00 2010.11.30 (Suspicious) - DNAScan
ClamAV 0.96.4.0 2010.11.30 PUA.Packed.FSG
Command 5.2.11.5 2010.11.30 W32/Dropper.gen5
Comodo 6898 2010.11.30 Heur.Pck.FSG
DrWeb 5.0.2.03300 2010.11.30 BackDoor.Haxdoor.522
Emsisoft 5.0.0.50 2010.11.30 Backdoor.Win32.Haxdoor!IK
eSafe 7.0.17.0 2010.11.29 Win32.TRCrypt.Fspm
eTrust-Vet 36.1.8007 2010.11.29 Win32/Haxdoor!generic
F-Prot 4.6.2.117 2010.11.29 W32/Dropper.gen5
F-Secure 9.0.16160.0 2010.11.30 Backdoor.Haxdoor.NN
Fortinet 4.2.254.0 2010.11.29 -
GData 21 2010.11.30 Backdoor.Haxdoor.NN
Ikarus T3.1.1.90.0 2010.11.30 Backdoor.Win32.Haxdoor
Jiangmin 13.0.900 2010.11.30 Backdoor/Haxdoor.mv
K7Anti-virus 9.69.3115 2010.11.29 EmailWorm
Kaspersky 7.0.0.125 2010.11.30 Backdoor.Win32.Haxdoor.lw
McAfee 5.400.0.1158 2010.11.30 Artemis!B7D0C6A4BEB0
McAfee-GW-Edition 2010.1C 2010.11.29 Heuristic.LooksLike.Win32.SuspiciousPE.C
Microsoft 1.6402 2010.11.29 TrojanDropper:Win32/Bunitu.A
NOD32 5659 2010.11.29 a variant of Win32/Haxdoor
Norman 6.06.10 2010.11.29 Suspicious_F.gen
nProtect 2010-11-29.01 2010.11.29 Backdoor.Haxdoor.NN
Panda 10.0.2.7 2010.11.29 Bck/Haxdoor.OG
PCTools 7.0.3.5 2010.11.30 Backdoor.Haxdoor
Prevx 3.0 2010.11.30 -
Rising 22.76.00.01 2010.11.30 Trojan.Spy.Win32.Undef.GEN
Sophos 4.60.0 2010.11.30 Troj/Haxdor-Gen
SUPERAntiSpyware 4.40.0.1006 2010.11.30 Trojan.Agent/Gen-FSG
Symantec 20101.2.0.161 2010.11.29 Backdoor.Haxdoor
TheHacker 6.7.0.1.093 2010.11.30 Backdoor/Haxdoor.lw
TrendMicro 9.120.0.1004 2010.11.30 TROJ_MALNTL.A
TrendMicro-HouseCall 9.120.0.1004 2010.11.30 TROJ_MALNTL.A
VBA32 3.12.14.2 2010.11.29 Trojan-Droper.Win32.Goldun
VIPRE 7451 2010.11.30 Trojan.Win32.Generic.pak!cobra
ViRobot 2010.11.30.4176 2010.11.30 -
VirusBuster 13.6.66.0 2010.11.29 Trojan.DR.Haxdoor.Gen.4
 

Security Tips

Be proactive in safeguarding your information as you bank online. Check out these security tips to protect yourself from being a victim of online threaths.

Adapt these security practices

Protect your DBS accounts

Opt for 2-factor authentication (2FA) for login and performing transactions, for better security of your DBS accounts.

Protect your computer

To prevent malware infection, install anti-virus software and the latest security patch on the computer you use to access DBS iBanking. Set it so that it performs automatic updates.

Protect your mobile device

Always update your device to the latest available OS version. These patches normally carry security and bug fixes that will help secure your device and the information stored on it.


Beware of these online threats

Phishing

Attackers use phishing to steal your personal or financial information. Phishing sites try to mimic legitimate sites to trick you into providing your data. Phishing emails, on the other hand, are  made to look like they were sent by someone familiar to you, and prompt you for an urgent action to click on a link or open a file. If you fall victim, a malware will be injected into your device, compromising your data.

  • Be alert. Check that you are using the official DBS website. To do this, go to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  • Be extra careful of unsolicited emails especially if you have not verified the source or sender.

Malware

Malware or malicious software is designed to gain access to your computer systems without your consent. When installed, malware can steal your personal and financial information. Install anti-virus software and the latest security patch on the devices you use to  access DBS iBanking and the digibank app, to help prevent malware infection.