Latest Security Alerts

Stay updated on the latest security news that might affect the way you bank online.

Voice Phishing Advisory

Date: 11 June 2020

Who might be at risk?
DBS and POSB customers

Description: Scammers are targeting customers through voice calls and claiming there are issues with their DBS account. If a customer picks up a call, an automated voice message plays and claims there are issues with a customer’s account and requests for the customer to press a number to reach a live caller.

If a customer proceeds further, the scammer impersonates a DBS staff and may ask for any of the following:

• Internet Banking credentials,
• OTP or Digital Token approval,
• Performing fund transfer(s) to another account.

Should a customer provide this information, the scammers may conduct unauthorized card transactions.

Customers are advised to be mindful of such calls.

    • Customers in Singapore are advised that all international calls have a ‘+’ prefix. DBS will never call you from a number with a ‘+’ prefix when you are in Singapore.

  • If you receive a similar call or have been contacted by individuals claiming to be DBS staff, stop, check and exercise caution before you act.
  • Remember: Do not give out your Internet Banking credentials, OTP, or Digital Token approval to other individuals. If you suspect you have provided your DBS credentials, OTPs, or Digital Token approval to unauthorized parties, call the official hotlines immediately in order to verify if these calls are legitimate.

Call us immediately at the hotlines below if you suspect you’re a victim of fraud or notice any unexpected banking or card transactions.

Singapore: 1800-339-6963 or 6339-6963

China: 400-820-8988

Hong Kong: 2290 8888

India: 1-860-210-3456

Indonesia: 0804 1500 327

Taiwan: (02) 6612 9889 / 0800 808 889


Phishing Alert

Date: 02 March 2020

Who might be at risk?
DBS and POSB customers

Description: We have detected a number of phishing emails claiming to be DBS or POSB credit or debit card activation emails. These emails requests for the recipient to click on a link to a malicious website and directed to provide their card details, personal information, and a secondary OTP.

Should a customer provide this information, the scammers may conduct unauthorized card transactions.




Customers are advised to be mindful of such calls.

  • DBS will not request for customers to activate their credit or debit cards through a non-DBS website. For more information on card activation please visit https://www.dbs.com.sg/personal/support/card-activate-new-card.html
  • Verify the details in messages from DBS and POSB. Always check that the message comes from DBS and reflects your intended actions. Do not proceed further or authorize suspicious transactions. Go directly to DBS or POSB’s website or use our mobile applications in order to access our services.
  • Remember: Do not give out your credit or debit card details, OTP, or Digital Token approval to unverified individuals. If you suspect you have provided your DBS credit or debit card details, OTPs, or Digital Token approval to unauthorized parties, call us immediately in order to verify if these calls are legitimate.

Call us immediately at the hotlines below if you suspect you’re a victim of fraud or notice any unexpected banking or card transactions.

Singapore: 1800-339-6963 or 6339-6963

China: 400-820-8988

Hong Kong: 2290 8888

India: 1-860-210-3456

Indonesia: 0804 1500 327

Taiwan: (02) 6612 9889 / 0800 808 889


Customer Advisory Voice Phishing

Date: 25 February 2020

Who might be at risk?
DBS and POSB customers

Description: Scammers are targeting customers through voice calls and claiming to assist with enrolment in DBS’s Complimentary COVID-19 Hospital Cash Insurance. If an individual falls victim to these claims, the scammer may ask for the following information or request the victim conduct the following actions:

  • Internet Banking credentials,
  • OTP or Digital Token approval,
  • Performing fund transfer(s) to another account,
  • Enable DBS’s Digital Token approval on a device not owned by the victim.

Customers are advised to be mindful of such calls.

  • DBS will not call customers to enrol in the COVID-19 Hospital Cash Insurance program. Sign-ups are only available at our branches or through DBS’s website. Do not proceed further if you suspect a caller is asking you to reveal sensitive personal information (such as account information or credentials) or conduct suspicious or unfamiliar actions or transactions. For more information on the insurance program please visit https://www.dbs.com.sg/personal/insurance/protection/protection-plans/covid-19-hospital-cash#
  • Remember: Do not give out your Internet Banking credentials, OTP, or Digital Token approval to other individuals. If you suspect you have provided your DBS credentials, OTPs, or Digital Token approval to unauthorized parties, call the official hotlines immediately in order to verify if these calls are legitimate.
  • Learn more about Impersonation Scams at https://scamalert.sg/scam-details/impersonation-scam

Call us immediately at the hotlines below if you receive such a call or suspect you’re a victim of fraud.

Singapore: 1800-339-6963 or 6339-6963

China: 400-820-8988

Hong Kong: 2290 8888

India: 1-860-210-3456

Indonesia: 0804 1500 327

Taiwan: (02) 6612 9889 / 0800 808 889


Customer Advisory Voice Phishing

Date: 11 February 2020

Who might be at risk?
DBS and POSB customers

Description: The Singapore Police Force (SPF) has alerted the public regarding scams using the Novel Coronavirus (2019-nCoV) outbreak as bait. These scammers purport to be from the Singaporean Ministry of Health (MOH) and claim to conduct contract tracing to detect potential infected individuals. If an individual falls victim to these claims, the scammer may ask for the following information or request the victim conduct the following actions:

  • Internet Banking credentials,
  • OTP or Digital Token approval,
  • Performing fund transfer(s) to another account.

Similar scams in the past have impersonated SPF, Singtel, or DBS Staff.

Customers are advised to be mindful of such calls.

  • MOH will never ask for your financial details during contact tracing calls. Verify these calls with the MOH hotline (6325-9220) if you receive such calls. Do not proceed further if you suspect a caller is asking you to conduct suspicious or unfamiliar actions or transactions.
  • Remember: Do not give out your Internet Banking credentials, OTP, or Digital Token approval to other individuals. If you suspect you have provided your DBS credentials, OTPs, or Digital Token approval to unauthorized parties, call the official hotlines in order to verify if these calls are legitimate.

References:

The Straits Times, last retrieved on 11 Feb 2020, 1430hrs GMT+8

Call us immediately at the hotlines below if you receive or suspect you’re a victim of fraud.

Singapore: 1800-339-6963 or 6339-6963

China: 400-820-8988

Hong Kong: 2290 8888

India: 1-860-210-3456

Indonesia: 0804 1500 327

Taiwan: (02) 6612 9889 / 0800 808 889


Customer Advisory Voice Phishing

Date: 06 February 2020

Who might be at risk?
DBS and POSB customers

Description: Scammers are actively targeting DBS customers through voice calls across various messaging platforms. A recent wave of such calls utilize Viber’s messaging platform and purports to be an official DBS hotline number in order to steal sensitive or financial information. The scammer impersonates DBS staff and claims a customer’s account is experiencing issues or being hacked and may attempt to trick the customer into performing the following actions:

  • Provide internet banking credentials and/or OTP or Digital Token approval
  • Provide credit card numbers and CVV
  • Perform fund transfer(s) to another account.

Customers are advised to be mindful of such calls.

  • From 15 April 2020, all international calls will have “+” prefix. DBS will never call you from a number with a ‘+’ prefix when you are in Singapore.
  • DBS will never call via Viber or any other voice or instant messaging application. 
  • Remember: DBS will never ask for you to provide your Internet Banking credentials, OTP, or Digital Token approval. 
  • If you receive a similar call, message or have been contacted by individuals claiming to be DBS staff using any of the above methods, stop, check and exercise caution before you answer a call.

Call us immediately at the hotlines below if you receive or suspect you’re a victim of fraud.

Singapore: 1800-339-6963 or 6339-6963

China: 400-820-8988

Hong Kong: 2290 8888

India: 1-860-210-3456

Indonesia: 0804 1500 327

Taiwan: (02) 6612 9889 / 0800 808 889


Customer Advisory SMS Phishing

Date: 19 December 2019

Description: Phishing SMS are actively targeting DBS customers and purporting to be a DBS account notification in order to steal sensitive or financial information. These SMS messages claim that a customer’s account is experiencing issues and to contact or call non-DBS numbers in order to resolve the issues. If a customer contacts the provided numbers, the scammer may attempt to impersonate DBS staff or government officials in order to trick the customer into performing the following actions:

  • Download malicious applications onto their phones, desktops or laptops
  • Provide internet banking credentials and/or OTP or Digital Token approval
  • Perform fund transfer(s) to another account.

Text: “Dear Customer, Your account has been Blocked due to security reasons kindly update Your account details with us. WhatsApp +65 [Number redacted], Call +65 [Number redacted]”.

Customers are advised to be mindful of such SMS messages.

If you receive an SMS or have contacted individuals claiming to be DBS staff and follows steps similar to the call detailed above, hang up and call the official hotlines in order to verify if these calls are legitimate. Such SMS messages may spoof DBS’s SMS short code (display name) and may be included in existing SMS threads with legitimate DBS Bank notifications.

Remember: DBS will never ask for you to download software, provide your Internet Banking credentials, OTP, Digital Token approval, or conduct a fund transfer. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking) if you receive or suspect you’re a victim of such a call.

Who might be at risk?
DBS and POSB customers

How can you protect yourself from this?

  • Be alert and always verify that the caller is legitimate. Contact the official company in order to verify that the caller is verified by the company. Do not proceed further if you suspect that a caller is asking you to conduct suspicious or unfamiliar actions or transactions.
  • Avoid installing applications allowing for remote access to your devices as these may allow for a scammer to gain full access to your device in order to steal information or delete personal files.
  • DBS will never request for your PIN, password or OTP through phone call, email or SMS. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account or if you suspect you’ve been a victim of fraud.

Customer Advisory

Date: 29 November 2019

Description:  Phishing calls are actively targeting DBS customers and purporting to be DBS customer service staff in order to steal sensitive or financial information. If a customer picks up a call, an automated voice message in English and Mandarin plays:

“Welcome to DBS distinguished customers. There was an exception found in your account. To verify your phone number please press 3”.

If a customer proceeds further, the scammer impersonates a DBS staff and may ask for any of the following:

  • Internet Banking credentials,
  • OTP or Digital Token approval,
  • Performing fund transfer(s) to another account.

Customers are advised to be mindful of such calls.

If you receive a phone call following steps similar to the call detailed above, hang up and call the official hotlines in order to verify if these calls are legitimate.

Remember: DBS will never ask for you to download software, provide your Internet Banking credentials, OTP, Digital Token approval, or conduct a fund transfer. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking) if you receive or suspect you’re a victim of such a call.

Who might be at risk?
DBS and POSB customers

How can you protect yourself from this?

  • Be alert and always verify that the caller is legitimate. Contact the official company in order to verify that the caller is verified by the company. Do not proceed further if you suspect that a caller is asking you to conduct suspicious or unfamiliar actions or transactions.
  • Avoid installing applications allowing for remote access to your devices as these may allow for a scammer to gain full access to your device in order to steal information or delete personal files.
  • DBS will never request for your PIN, password or OTP through phone call, email or SMS. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account or if you suspect you’ve been a victim of fraud.

Customer Advisory

Date: 09 December 2019(first posted on 22 October 2019)

Description: There has been an increase in phishing calls attempting to trick customers into downloading malicious software onto their devices.

These scammers often pretend to be staff or security teams from Singtel, Microsoft, or legitimate banks and claim they’re calling to resolve a detected issue such as:

  • Issues with the customer’s internet connection,
  • Overcharged purchases,
  • Defending a customer’s computer or other devices from hackers.
  • Supposed money laundering or receipt of illegal funds.

If a customer falls victim to this initial claim, the scammer will attempt to ask users to download applications such as Teamviewer or Anydesk allowing the scammer to control the customer’s devices. A variant of this scam may involve a second step, with the scammer forwarding the customer to a purported government agency, such as the Cyber Security Agency or SPF’s Cybercrime division. The customer will then be asked to provide or conduct the following actions under the pretext of stopping the purported hackers, returning funds, safeguarding the customer’s funds, or ensuring the customer has conducted no illegal activities:

  • Internet Banking credentials,
  • OTP or Digital Token approval,
  • Performing fund transfer(s) to another account.

Customers are advised to be mindful of such calls.

If you receive a phone call following steps similar to the call detailed above, hang up and call the official hotlines in order to verify if these calls are legitimate.

Remember: DBS will never ask for you to download software, provide your Internet Banking credentials, OTP, Digital Token approval, or conduct a fund transfer. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking) if you receive or suspect you’re a victim of such a call.

Reference: Channel News Asia, last retrieved on 22/10/2019, 1102hrs GMT+8

Who might be at risk?
DBS and POSB customers

How can you protect yourself from this?

  • Be alert and always verify that the caller is legitimate. Contact the official company in order to verify that the caller is verified by the company. Do not proceed further if you suspect that a caller is asking you to conduct suspicious or unfamiliar actions or transactions.
  • Avoid installing applications allowing for remote access to your devices as these may allow for a scammer to gain full access to your device in order to steal information or delete personal files.
  • DBS will never request for your PIN, password or OTP through phone call, email or SMS. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account or if you suspect you’ve been a victim of fraud.

Phishing Alert

Date: 14 November 2019

Description: We have detected a number of phishing emails and webpages targeting DBS and POSB customers. These phishing emails come from a non-DBS email and purports to be a PayNow alert. If a customer falls victim and visits the malicious link, they will be redirected to a login page followed by a page requesting for sensitive information. Such websites are used to steal personally identifiable data, username-password combinations, or may be used to further trick users into conducting other unwanted actions.




Who might be at risk?
DBS and POSB iBanking customers

How can you protect yourself from this?

  1. Be alert and always verify the details in messages from DBS and POSB. Always check that the message reflects your intended actions and do not proceed or authorize suspicious transactions.
  2. Always type in the URL of DBS website directly into the address bar of your browser. If you are on mobile, consider using our official DBS or POSB Digibank applications.
  3. Never reply to unsolicited SMSs or emails. Responses to such SMSs or emails could be used by fraudsters to socially engineer information or trick users into performing unwanted actions. Be cautious of “unsubscribe” links as these may also be used to socially engineer information as well.
  4. DBS will never request for your PIN, password or OTP through phone call, email or SMS. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.
 

Alert Archives

Customer Advisory

Date: 18 October 2019

Description: A fingerprint sensor issue may allow any fingerprint to unlock a fingerprint-protected device has been found to affect certain Samsung devices. Affected models include Galaxy Note 10/10+, S10/S10+, and Tab S6.

Customers utilizing Samsung’s fingerprint sensors are advised to utilize pattern, PIN, or passwords until a fix has been issued to prevent unauthorized access to their DBS/POSB applications, such as Digibank or PayLah!.

Reference:Channel News Asia, last retrieved on 18/10/2019, 1429hrs GMT+8.

Who might be at risk?
DBS and POSB iBanking customers using the following models:

  • Galaxy Note 10/10+
  • S10/S10+
  • Tab S6

How can you protect yourself from this?

Owners of the affected models are advised to disable fingerprint authentication until a fix is released.

Access Samsung’s fingerprint settings by going to Settings -> Biometrics and Security -> Fingerprints (October 2019).

To disable fingerprint login for DBS’s applications, log into the application and navigate to “More”. Depending on the application you may find this option under:

  • More –> App & Security Settings
  • More -> Settings.

Phishing Alert

Date: 17 October 2019

Description: We have detected a number of phishing webpages targeting DBS and POSB customers. If a customer falls victim and visits the malicious link, they will be redirected to a login page followed by a page requesting for the user’s account number information as well as their email address and email password. Such websites are used to steal personally identifiable data, username-password combinations, or may be used to further trick users into conducting other unwanted actions.

Who might be at risk?
DBS and POSB iBanking customers

How can you protect yourself from this?

  1. Be alert and always verify the details in messages from DBS and POSB. Always check that the message reflects your intended actions and do not proceed or authorize suspicious transactions.
  2. Always type in the URL of DBS website directly into the address bar of your browser. If you are on mobile, consider using our official DBS or POSB Digibank applications.
  3. Never reply to unsolicited SMSs or emails. Responses to such SMSs or emails could be used by fraudsters to socially engineer information or trick users into performing unwanted actions. Be cautious of “unsubscribe” links as these may also be used to socially engineer information as well.
  4. DBS will never request for your PIN, password or OTP through phone call, email or SMS. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing Alert

Date: 13 September 2019

Description: We have detected a number of phishing webpages targeting DBS and POSB customers. If a customer falls victim and visits the malicious link, they will be redirected to a login page followed by a page requesting for personal information such as identification card information, debit card number, ATM Pin, mobile number, and email address. Such websites are used to steal personally identifiable data, username-password combinations, or trick users into conducting other unwanted actions.




Who might be at risk?
DBS and POSB iBanking customers

How can you protect yourself from this?

  1. Be alert and always verify the details in messages from DBS and POSB. Always check that the message reflects your intended actions and do not proceed or authorize suspicious transactions.
  2. Always type in the URL of DBS website directly into the address bar of your browser. If you are on mobile, consider using our official DBS or POSB Digibank applications.
  3. Never reply to unsolicited SMSs or emails. Responses to such SMSs or emails could be used by fraudsters to socially engineer information or trick users into performing unwanted actions. Be cautious of “unsubscribe” links as these may also be used to socially engineer information as well.
  4. DBS will never request for your PIN, password or OTP through phone call, email or SMS. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing Alert

Date: 15 August 2019

Description: We have detected a number of phishing emails and webpages targeting DBS and POSB customers. These phishing emails come from a non DBS email and purports to be a request for customers to update their details.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a page requesting for personal information such as identification card information, addresses, mobile number, and email address and password. Such websites are used to steal personally identifiable data, username-password combinations, or trick users into conducting other unwanted actions.





Who might be at risk?
DBS and POSB iBanking customers

How can you protect yourself from this?

  1. Be alert and always verify the details in messages from DBS and POSB. Always check that the message reflects your intended actions and do not proceed or authorize suspicious transactions.
  2. Always type in the URL of DBS website directly into the address bar of your browser. If you are on mobile, consider using our official DBS or POSB Digibank applications.
  3. Never reply to unsolicited SMSs or emails. Responses to such SMSs or emails could be used by fraudsters to socially engineer information or trick users into performing unwanted actions. Be cautious of “unsubscribe” links as these may also be used to socially engineer information as well.
  4. DBS will never request for your PIN, password or OTP through phone call, email or SMS. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing Alert

Date: 21 June 2019

Description: We have detected SMSs impersonating DBS and POSB alerts in order to trick customers. These SMSes contain links to phishing sites mimicking DBS and POSB webpages and asking for email and SMS OTPs. If the requested information is provided, the customer’s access to their account and DBS’s Digital Token will be stolen and allow a fraudster to empty the customer’s bank account.





Who might be at risk?
DBS and POSB iBanking customers

How can you protect yourself from this?

  1. Be alert and always verify the details in messages from DBS and POSB. Always check that the message reflects your intended actions and do not proceed or authorize suspicious transactions.
  2. Always type in the URL of DBS website directly into the address bar of your browser. If you are on mobile, consider using our official DBS or POSB Digibank applications.
  3. Never reply to unsolicited SMSs or emails. Responses to such SMSs or emails could be used by fraudsters to socially engineer information or trick users into performing unwanted actions.
  4. DBS will never request for your PIN, password or OTP through phone call, email or SMS. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Fake Bank Alert

Date: 22 May 2019 (first posted on 21 May 2019)

Description: We’ve detected fake banking websites purporting to be DBS Bank. When these pages are accessed, users will be prompted to either log in to their DBS account or provide other sensitive information under the guise of opening a DBS account.

Such websites are used to conduct advance fee fraud but may be utilized to steal personally identifiable data, username-password combinations, OTPs or infect a user’s device.




Who might be at risk?
DBS customers

How can you protect yourself from this?

  1. Be alert and always verify the details in messages from DBS and POSB. Always check that the message reflects your intended actions and do not proceed or authorize suspicious transactions.
  2. Always type the DBS or POSB websites URL directly into the address bar of your browser. If you are on mobile, consider using our official DBS or POSB Digibank applications.
  3. Never reply to unsolicited emails or SMSes. Responses to such emails or SMSes could be used by fraudsters to socially engineer information or trick users into performing unwanted actions. Verify that you’re speaking to our DBS experts by accessing our websites directly.
  4. DBS will never request for your PIN, password or OTP through phone call, email or SMS. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing Alert

Date: 15 April 2019

Description: We’ve noticed an increase in phishing emails and webpages targeting DBS and POSB customers. These phishing emails come from a non DBS email and asks for customers to reactivate their credit card by clicking on a link.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a page requesting for a user’s information, credit card number and CVV. Such websites are used to conduct card not present transactions but may also be utilized in order to steal personally identifiable data, username-password combinations, or trick users into conducting other unwanted actions.




Who might be at risk?
DBS and POSB iBanking customers

How can you protect yourself from this?

  1. Be alert and always verify the details in messages from DBS and POSB. Always check that the message reflects your intended actions and do not proceed or authorize suspicious transactions.
  2. Always type the DBS or POSB websites URL directly into the address bar of your browser. If you are on mobile, consider using our official DBS or POSB Digibank applications.
  3. Only provide your credit card details if you're making a direct purchase. Always check that you intend to conduct a credit card transaction and do not provide an OTP to authorize payment if you are not.
  4. Never reply to unsolicited emails or SMSs. Responses to such emails or SMSs could be used by fraudsters to socially engineer information or trick users into performing unwanted actions.
  5. DBS will never request for your PIN, password or OTP through phone call, email or SMS. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing Alert

Date: 08 February 2019

Description: We have detected phishing emails leading to phishing webpages targeting NUSS graduate members and requesting for sensitive details. Such phishing sites are designed to steal customer details, logins, PINs and credit card details in order to perform unauthorised, fraudulent transactions.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a non-DBS website.

Who might be at risk?
DBS and POSB iBanking customers

How can you protect yourself from this?

  1. Be alert and always verify the details in messages from DBS and POSB. Always check that the message reflects your intended actions and do not proceed or authorize suspicious transactions.
  2. Always type the DBS or POSB websites URL directly into the address bar of your browser. . If you are on mobile, consider using our official DBS or POSB Digibank applications.
  3. Only provide your credit card details if you're making a direct purchase. Always check that you intend to conduct a credit card transaction and do not provide an OTP to authorize payment if you are not.
  4. Never reply to unsolicited emails or SMSs. Responses to such emails or SMSs could be used by fraudsters to socially engineer information or trick users into performing unwanted actions.
  5. DBS will never request for your PIN, password or OTP through phone call, email or SMS. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing Alert

Date: 06 November 2018 (first posted on 21 Sept 2018)

Description: We have detected phishing SMSs leading to phishing webpages targeting customers and mimicking DBS and POSB’s Internet Banking login pages. Such phishing sites are designed to steal customer details, logins, PINs and OTPs in order to perform unauthorised, fraudulent transactions.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a non-DBS website.

Who might be at risk?
DBS and POSB iBanking customers

How can you protect yourself from this?

  1. Be alert and always verify the details in messages from DBS and POSB. Always check that the message reflects your intended actions and do not proceed or authorize suspicious transactions.
  2. Always type in the URL of DBS website directly into the address bar of your browser.
  3. Check that you are using the official DBS or POSB websites. Always type the DBS or POSB websites URL directly into the address bar of your browser. If you are on mobile, consider using our official DBS or POSB Digibank applications.
  4. Never reply to unsolicited SMSs or emails. Responses to such SMSs or emails could be used by fraudsters to socially engineer information or trick users into performing unwanted actions.
  5. DBS will never request for your PIN, password or OTP through phone call, email or SMS. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

SMS Alert

Date: 15 November 2018

Description: We have detected multiple SMS and online advertisements impersonating DBS or purporting to be from DBS. If a user clicks on the link, they will be redirected to a website purporting to be a cryptocurrency investment programme. Such websites are designed to trick users into conducting fraudulent bank transfers or credit card transactions.

Who might be at risk?
DBS Customers

How can you protect yourself from this?

  1. Be alert and always verify the details in messages from DBS and POSB. Always check that the message reflects your intended actions and do not proceed or authorize suspicious transactions.
  2. Always type in the URL of DBS website directly into the address bar of your browser.
  3. Check that you are using the official DBS or POSB websites. Always type the DBS or POSB websites URL directly into the address bar of your browser. If you are on mobile, consider using our official DBS or POSB Digibank applications.
  4. Never reply to unsolicited SMSs or emails. Responses to such SMSs or emails could be used by fraudsters to socially engineer information or trick users into performing unwanted actions.
  5. DBS will never request for your PIN, password or OTP through phone call, email or SMS. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing Alert

Date: 03 October 2018 (first posted on 21 Sept 2018)

Description: We have detected phishing SMSs leading to phishing webpages targeting POSB customers and mimicking POSB’s Internet Banking login page. Such phishing sites are designed to steal customer details, logins, PINs and OTPs in order to perform unauthorised, fraudulent transactions.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a non-DBS website.

Who might be at risk?
DBS and POSB iBanking customers

How can you protect yourself from this?

  1. Be alert and always verify the details in messages from DBS and POSB. Always check that the message reflects your intended actions and do not proceed or authorize suspicious transactions.
  2. Always type in the URL of DBS website directly into the address bar of your browser.
  3. Check that you are using the official DBS or POSB websites. Always type the DBS or POSB websites URL directly into the address bar of your browser. If you are on mobile, consider using our official DBS or POSB Digibank applications.
  4. Never reply to unsolicited SMSs or emails. Responses to such SMSs or emails could be used by fraudsters to socially engineer information or trick users into performing unwanted actions.
  5. DBS will never request for your PIN, password or OTP through phone call, email or SMS. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing Alert

Date: 08 October 2018 (first posted on 03 Sept 2018)

Description: We have detected phishing emails and webpages targeting DBS customers. These phishing emails come from a spoofed DBS email address and requests customers click on a link to reactivate their credit card.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a page requesting for a user’s information, credit card number and CVV followed by a request to provide an SMS OTP. Such websites are used to conduct card not present transactions but may also be utilized in order to steal personally identifiable data, username-password combinations, OTPs or infect a user’s device.

Who might be at risk?
DBS and POSB iBanking customers

  1. Always check that you are using the official DBS website. Always type the DBS website URL (https://dbs.com) directly into the address bar of your browser.
  2. Only provide your credit card details if you’re making a direct purchase. Always check that you intend to conduct a credit card transaction and do not provide an OTP to authorize payment if you are not.
  3. Always verify the details in messages from DBS. Always check that the message reflects your intended actions and do not proceed or authorize suspicious transactions.
  4. Take note of any suspicious transactions. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.

Scam Alert

DBS Phishing Email Alert

Date: 15 August 2018 (first posted on 12 Dec 2017)
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: We have detected phishing emails targeting DBS cardholder customers and containing links to phishing websites. Such phishing sites are designed to steal the customer's credit card information in order to conduct fraudulent transactions.

If a customer falls victim to this phishing email and clicks on the malicious link, they will be redirected to a non-DBS website requesting for credit card details and an OTP. A sample website is seen below:

hxxps://dal-shared-22.hostwindsdns.com/~oxfotwtl/DBS

Sample of the phishing email pretending to be sent from DBS.

Who might be at risk?
Customers

How can you protect yourself from this?

  1. Always type the DBS website URL directly into the address bar of your browser.
  2. Check that you are using the official DBS iBanking site. To do this, go to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Date: 26 June 2018 (Updated 31 July 2018)

Description: We have detected multiple SMS and online advertisements impersonating DBS or purporting to be from DBS. If a user clicks on the link, they will be redirected to a website purporting to be a DBS investment programme. Such websites are designed to trick users into conducting fraudulent bank transfers or credit card transactions.





Who might be at risk?
DBS Customers

How can you protect yourself from this?

  1. Be alert. Minimize clicking on links in advertisements as these may not be legitimate.
  2. Check that you are using the official DBS website. Always type the DBS website URL directly into the address bar of your browser. If you are on mobile, consider using our official DBS Digibank applications.
  3. Never reply to unsolicited SMSs. Responses to such SMSs could be used by fraudsters to socially engineer information or trick users into performing unwanted actions.
  4. Only provide your credit card details if you're making a direct purchase. Always check that you intend to conduct a credit card transaction and do not provide an OTP to authorize payment if you are not.
  5. DBS will never request for your PIN, password or OTP through phone call, email or SMS. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.

Phishing Alert

Date: 27 May 2018 (Updated 30 July 2018)

Description: We have detected phishing emails and webpages targeting DBS customers. These phishing emails comes from a non DBS email address and requests customers click on a link to unlock their iBanking account.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a page requesting for a user’s information, credit card number and CVV followed by a request to provide an SMS OTP. Such websites are used to conduct card not present transactions but may also be utilized in order to steal personally identifiable data, username-password combinations, OTPs or infect a user’s device.




Who might be at risk?

DBS and POSB iBanking customers

How can you protect yourself from this?

  1. Always check that the email comes from a DBS address. DBS emails are sent from an @dbs.com email address.
  2. Check that you are using the official DBS website. Always type the DBS website URL directly into the address bar of your browser. You may also check that this is the official website by going to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Only provide your credit card details if you’re making a direct purchase. Always check that you intend to conduct a credit card transaction and do not provide an OTP to authorize payment if you are not.
  4. Always verify the details in messages from DBS.Always check that the message reflects your intended actions and do not proceed or authorize suspicious transactions.
  5. Take note of any suspicious transactions. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.

Customer Advisory

Date: 20 July 2018

Description: SingHealth has reported a data breach affecting more than 1.5 million SingHealth patients. Patient data stolen included personally identifiable information such as names, addresses, birthdays, and NRIC numbers. Approximately 160,000 patients had details of medical prescriptions stolen.

Customers are advised to be alert. Stolen credentials may be used to conduct social engineering and phishing scams. Such scams utilize personally identifiable information to appear legitimate.

How can you protect yourself from this?

  1. Be alert. Do not provide personal or bank information to unsolicited callers.
  2. Never give out any sensitive personal information (including login passwords or one-time passwords) over the phone or via email. Our staff will never ask you for such information.
  3. Hang up and call DBS directly if you are in any doubt of a call, SMS or email’s validity. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you receive such calls.

Phishing Alert

Date: 19 June 2018

Description: We have detected a phishing website targeting DBS IDEAL customers and mimicking the DBS IDEAL login page. Such phishing sites are designed to steal customer details, logins, PINs and OTPs in order to perform fraudulent transactions.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a non-DBS website which requests for their Organisation ID, User ID and PIN. Once these details have been provided, customers are directed to a page requesting for the customer’s IB Secure PIN and redirected finally to a fake MAS webpage.




Who might be at risk?
DBS IDEAL customers

How can you protect yourself from this?

  1. Always type the DBS website URL directly into the address bar of your browser. If you are on mobile, consider using our official DBS IDEAL application.
  2. Never reply to unsolicited emails. Responses to such emails could be used by fraudsters to socially engineer information or trick users into performing unwanted actions.
  3. Always verify the details in messages from DBS. Always check that the message reflects your intended actions.
  4. Customers are also encouraged to use the latest versions of internet browsers available. Using the latest browsers may provide advanced security features such as anti-phishing and forged website identification.
  5. Be Alert. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.

Malware Alert

Date: 12 June 2018

Description: There are emails impersonating DBS and claiming to be details of a SWIFT wire transfer. These emails have malicious files attached and opening these attachments may trigger an infection of a user’s device with Lokibot, an information-stealing trojan. Such malware is used to steal sensitive information, which may include banking credentials and credit card details.

Who might be at risk?
DBS Customers

How can you protect yourself from this?

  1. Be alert. Be careful when opening attachments if you have not verified its source or sender.
  2. Protect your computer by updating your PC regularly as well as using anti-virus and anti-spyware software that automatically updates daily.
  3. Never reply to unsolicited emails. Responding to such emails could be used by fraudsters to trick users into performing unwanted actions.
  4. Take note of any suspicious transactions. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.

Fake Bank Alert

Date: 08 June 2018

Description: We have detected a fake banking website targeting DBS Hong Kong customers. The fraudsters behind this website utilize email and/or voice messages in order to trick users into believing this is a legitimate DBS page. Once a user has landed on the page, they are prompted to provide their login PINs before being requested to perform a wire transfer.

Such websites are used to conduct advance fee fraud but may be utilized to steal personally identifiable data, username-password combinations, OTPs or infect a user’s device.

Who might be at risk?
HK DBS customers

How can you protect yourself from this?

  1. Always type in the URL of the DBS or POSB website directly into the address bar of your browser.
  2. Check that you are using the official DBS or POSB website. To do this, go to the address bar of your web browser and look for the "padlock" icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never give out any sensitive personal information (including login passwords or one-time passwords) over the phone or email. Our staff will never ask you for such information.
  4. Hang up and call DBS directly if you are in any doubt of the call’s validity. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you receive such calls.
  5. Take note of any suspicious transactions. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.
  6. Customers are also encouraged to use the latest versions of internet browsers available. Using the latest browsers may provide advanced security features such as anti-phishing and forged website identification. If such features are available.

Fake Bank Alert

Date: 30 May 2018

Description: We have detected a fake banking website targeting DBS customers. This fake bank mimics DBS’s webpage in order to trick customers. The fraudsters behind this website utilizes both email and voice to trick users into providing their personal information such as residential address and government issued ID numbers.

Such websites are used to conduct advance fee fraud but may be utilized to steal personally identifiable data, username-password combinations, OTPs or infect a user’s device.

Who might be at risk?
DBS and POSB customers

How can you protect yourself from this?

  1. Always type in the URL of the DBS or POSB website.directly into the address bar of your browser.
  2. Check that you are using the official DBS or POSB website. To do this, go to the address bar of your web browser and look for the "padlock" icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never give out any sensitive personal information (including login passwords or one-time passwords) over the phone or email. Our staff will never ask you for such information.
  4. Hang up and call DBS directly if you are in any doubt of the call’s validity. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you receive such calls.
  5. Take note of any suspicious transactions. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.
  6. Customers are also encouraged to use the latest versions of internet browsers available. Using the latest browsers may provide advanced security features such as anti-phishing and forged website identification. If such features are available.

Phishing Alert

Date: 27 May 2018

Description: We have detected phishing emails and webpages targeting DBS customers. These phishing emails comes from a non DBS email address and requests customers click on a link to unlock their iBanking account.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a page requesting for a user’s information, credit card number and CVV followed by a request to provide an SMS OTP. Such websites are used to conduct card not present transactions but may also be utilized in order to steal personally identifiable data, username-password combinations, OTPs or infect a user’s device.

Who might be at risk?
DBS and POSB iBanking customers

How can you protect yourself from this?

  1. Always check that the email comes from a DBS address. DBS emails are sent from an @dbs.com email address.
  2. Check that you are using the official DBS website. Always type the DBS website URL directly into the address bar of your browser. You may also check that this is the official website by going to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Only provide your credit card details if you’re making a direct purchase. Always check that you intend to conduct a credit card transaction and do not provide an OTP to authorize payment if you are not.
  4. Always verify the details in messages from DBS. Always check that the message reflects your intended actions and do not proceed or authorize suspicious transactions.
  5. Take note of any suspicious transactions. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.

Phishing Alert

Date: 23 May 2018

Description: We have detected phishing websites targeting DBS and POSB customers and leading to a fake POSB Internet Banking login page.

Sample Websites are below:

hxxps://jungfernstieg[.]ga/secure/mas[.]go[.]com[.]sg/online insurance/posb/
hxxps://staromiejski[.]gq/secure/mas[.]go[.]com[.]sg/online
insurance/posb/
hxxps:// koepenicker[.]ml/secure/online insurance/mas[.]gov[.]com[.]sg/posb/index[.]html
hxxps:// kirchenplatz[.]ga/online insurance/mas[.]gov[.]com[.]sg/posb/index[.]html

Who might be at risk?
DBS and POSB iBanking customers

How can you protect yourself from this?

  1. Always type in the URL of the DBS or POSB website directly into the address bar of your browser.
  2. Check that you are using the official DBS or POSB website. To do this, go to the address bar of your web browser and look for the "padlock" icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Take note of any suspicious transactions. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.
  4. Customers are also encouraged to use the latest versions of internet browsers available. Using the latest browsers may provide advanced security features such as anti-phishing and forged website identification. If such features are available.

SMS Phishing Alert

Date: 19 May 2018

Description: We have detected phishing SMSs leading to phishing webpages targeting DBS customers.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a page requesting for user ID and pin combinations as well as credit card number, expiration date and CVVs. Such websites are used to conduct card not present transactions but may also be utilized in order to steal personally identifiable data or promote fraudulent applications.

Who might be at risk?
DBS iBanking customers

How can you protect yourself from this?

  1. Be alert. Minimize clicking on links in SMSs as these may not be legitimate.
  2. Check that you are using the official DBS website. Always type the DBS website URL directly into the address bar of your browser. If you are on mobile, consider using our official DBS Digibank applications.
  3. Never reply to unsolicited SMSs. Responses to such SMSs could be used by fraudsters to socially engineer information or trick users into performing unwanted actions.
  4. DBS will never request for your PIN, password or OTP through phone call, email or SMS. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.

DBS Phishing Email Alert

Date: 13 May 2018 (first posted on 12 Dec 2017)
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: We have detected phishing emails targeting DBS cardholder customers and containing links to phishing websites. Such phishing sites are designed to steal the customer's credit card information in order to conduct fraudulent transactions.

If a customer falls victim to this phishing email and clicks on the malicious link, they will be redirected to a non-DBS website requesting for credit card details and an OTP. A sample website is seen below:

hxxp[:]//dal-business-28.hostwindsdns.com/~bezakhja
hxxp[:]//yepnim.estate
hxxp[:]//hwsrv-269164.hostwindsdns.com
hxxp[:]//dal-business-28.hostwindsdns.com/~cpbvpoaf
hxxps[:]//sea-business-16[.]hostwindsdns[.]com/~hmzofvdj/
hxxp[:]//mohdyasin[.]tech/amstel/

Sample of the phishing email pretending to be sent from DBS.

Who might be at risk?
Customers

How can you protect yourself from this?

  1. Always type the DBS website URL directly into the address bar of your browser.
  2. Check that you are using the official DBS iBanking site. To do this, go to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing Alert

Date: 10 May 2018

Description: We have detected a phishing email and website targeting DBS customers and leading to a fake DBS Internet Banking login page. Such phishing sites are designed to steal customer details, logins, PINs and OTPs in order to perform fraudulent transactions.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a non-DBS website. Post login, the phishing page requests for an OTP before prompting for the customer to wait for fifteen minutes

Sample Websites are below:

hxxp://190[.]14[.]38[.]131/itssl/?ln=activate.dbs&tk=

hxxp://activate[.]dbs[.]online-client[.]services/?tk=

Who might be at risk?
DBS and POSB iBanking customers

How can you protect yourself from this?

  1. Always type in the URL of the DBS or POSB website directly into the address bar of your browser.
  2. Check that you are using the official DBS or POSB website. To do this, go to the address bar of your web browser and look for the "padlock" icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Responses to such emails could be used by fraudsters to socially engineer information or trick users into performing unwanted actions.
  4. DBS will never request for your PIN, password or OTP through a phone call or SMS. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.
  5. Customers are also encouraged to use the latest versions of internet browsers available. Using the latest browsers may provide advanced security features such as anti-phishing and forged website identification. If such features are available.

Phishing Alert

Date: 30 April 2018

Description: We have detected a phishing email and webpages targeting DBS customers. These phishing emails came from a non DBS email address and purport to be an official DBS survey.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a page purporting to be an official DBS survey and requesting for a user’s information, credit card number and CVV followed by a request to provide an SMS OTP. Such websites are used to conduct card not present transactions but may also be utilized in order to steal personally identifiable data, username-password combinations, OTPs or infect a user’s device.

Who might be at risk?
DBS iBanking customers

How can you protect yourself from this?

  1. Always type in the URL of the DBS or POSB website directly into the address bar of your browser.
  2. Check that you are using the official DBS website. Always type the DBS website URL directly into the address bar of your browser. You may also check that this is the official website by going to the address bar of your web browser and look for the "padlock" icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Always verify the details in messages from DBS. Always check that the message reflects your intended actions and do not proceed or authorize suspicious transactions.
  4. Never reply to unsolicited emails. Responses to such emails could be used by fraudsters to socially engineer information or trick users into performing unwanted actions.
  5. Customers are also encouraged to use the latest versions of internet browsers available. Using the latest browsers may provide advanced security features such as anti-phishing and forged website identification. If such features are available.

Phishing Alert

Date: 03 May 2018
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: We have detected a phishing website targeting POSB customers and mimicking POSB Internet Banking login page. Such phishing sites are designed to steal customer details, logins, PINs and OTPs in order to perform fraudulent transactions.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a non-POSB website.

Sample Websites are below:

hxxp[:]//dal-business-28.hostwindsdns.com/~bezakhja
hxxp[:]//yepnim.estate
hxxp[:]//hwsrv-269164.hostwindsdns.com
hxxp[:]//dal-business-28.hostwindsdns.com/~cpbvpoaf
hxxps[:]//sea-business-16[.]hostwindsdns[.]com/~hmzofvdj/
hxxp[:]//mohdyasin[.]tech/amstel/

Who might be at risk?
DBS and POSB iBanking customers

How can you protect yourself from this?

  1. Always type in the URL of the DBS or POSB website directly into the address bar of your browser.
  2. Check that you are using the official DBS or POSB website. To do this, go to the address bar of your web browser and look for the "padlock" icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing Alert

Date: 30 April 2018
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: We have detected a phishing email targeting DBS customers. These phishing emails came from a non DBS email address and purport to be an official DBS survey. Such emails often link to malicious pages in order to steal personally identifiable data, username-password combinations, OTPs or infect a user’s device.

Who might be at risk?
DBS iBanking customers

How can you protect yourself from this?

  1. Always check that the email comes from a DBS address. DBS emails are sent from an @dbs.com email address.
  2. Check that you are using the official DBS website. Always type the DBS website URL directly into the address bar of your browser. You may also check that this is the official website by going to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phone Scam Alert

Date: 02 April 2018
Threat Type: Phishing Calls / Vishing
Alert Level: Amber
Criticality: Low

Description: We have detected a phishing campaign targeting DBS customers and Singaporean residents with automated phone calls. These calls claim that a customer’s account is disabled and request for the customer to follow a sequence of instructions before being routed to an individual impersonating a DBS staff member.

Such phone scams are designed to trick customers into divulging sensitive information such as logins, PINs, OTPs or credit card details or to conduct advance fee fraud.

Who might be at risk?
DBS iBanking customers

How can you protect yourself from this?

  1. Be alert. Do not provide personal or bank information to unsolicited callers.
  2. Never give out any sensitive personal information (including login passwords or one-time passwords) over the phone or via email. Our staff will never ask you for such information.
  3. Hang up and call DBS directly if you are in any doubt of the call’s validity. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you receive such calls.

Phishing Alert

Date: 23 March 2018
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: We have detected a phishing website targeting DBS customers and mimicking DBS’s Internet Banking login page. Such phishing sites are designed to steal customer details, logins, PINs, OTPs and credit card details in order to perform unauthorised, fraudulent transactions.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a non-DBS website.

Sample of the phishing email pretending to be sent from DBS.

Who might be at risk?
DBS iBanking customers

How can you protect yourself from this?

  1. Always type in the URL of DBS website directly into the address bar of your browser.
  2. Check that you are using the official DBS website. To do this, go to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing Alert

Date: 08 March 2018
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: We have detected phishing emails being sent to DBS customers informing them of a ‘login format change’ and requesting them to click on a link to update their details. Once the link is clicked, the customer will be redirected to a phishing site asking for his iBanking login ID, password, credit card, and other personal information. Such information may then be used by the attacker to perform fraudulent transactions.

A sample website is seen below:

URL: hxxp[:]//190.14.38.22:8443/redirect.secure-forms[.]com/?id=xqgkhox6u6gk35o7eofuwvp0pv9s007v&url=online.dbs
Redirect to: hxxps[:]//online.dbs.secure-form[.]services/?id=xqgkhox6u6gk35o7eofuwvp0pv9s007v

Sample of the phishing email pretending to be sent from DBS.

Who might be at risk?
DBS iBanking customers

How can you protect yourself from this?

  1. Always type in the URL of DBS website directly into the address bar of your browser.
  2. Check that you are using the official DBS website. To do this, go to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing Alert

Date: 27 January 2018
Threat Type: Phishing
Alert Level: Amber
Criticality: Low

Description: We have detected a phishing website targeting DBS customers and mimicking DBS’s Internet Banking login page. Such phishing sites are designed to steal customer details, logins, PINs and OTPs in order to perform unauthorised, fraudulent transactions.

If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a non-DBS website.


Who might be at risk?
DBS iBanking customers

How can you protect yourself from this?

  1. Always type in the URL of DBS website directly into the address bar of your browser.
  2. Check that you are using the official DBS website. To do this, go to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Malware Alert

Date: 23 January 2018
Threat Type: Malware
Alert Level: Amber
Criticality: Low

Description: There are emails with malicious attachments and links being circulated to banking customers. These emails claim to represent DBS and are disguised as a "Payment on behalf of customer" and informing recipients that they have received a deposit. These emails may contain malicious attachments and links. Opening these links and attachments trigger malware designed to steal passwords and other personal information, and virtual currencies found in wallets on PCs.

See sample of the email below. Customers are assured that DBS is not the source of this email and are reminded not to click on attachments from suspicious origin. Do not open attachments with the extension name ‘.exe’ or ‘.ace’. DBS will never send executable files (.exe) or Ace Compressed Archive (.ace) files to its customers.

Who might be at risk?
Customers with iBanking accounts

How can you protect yourself from this?

You are reminded to remain cautious when banking online:

  1. Be careful when opening attachments (especially files with extension name ‘exe’ and ‘ace’) if you have not verified its source or sender. Remember that DBS will never send executable or Ace Compressed Archive files to its customers.
  2. Protect your computer by using anti-virus and anti-spyware software that are set to perform automatic updates daily.
  3. Never reply to unsolicited emails. Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.
 

Security Tips

Be proactive when safeguarding your information. Check out these security tips to protect yourself from scams.

Adapt these security practices

Stay alert

Always Stop, THINK, before you Act!

  • Verify messages you receive come from DBS through one of our official channels.
  • Check your account statements on a frequent basis.
  • Always go to our website by typing https://www.dbs.com/ to ensure you’re reaching DBS’s website.
  • Only use DBS’s official mobile applications to view or access your accounts on mobile devices.
  • Avoid using any bank account aggregators to prevent unauthorized access to your accounts or card details.
  • Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unauthorized transactions appearing on your account.

Protect your DBS accounts

Make sure only you have access to your DBS account in order to prevent unauthorized transactions and changes to your account.

  • Keep your username and password private and never share these details with others.
  • Do not change your contact details (email, contact numbers, addresses) to accounts that don’t belong to you.
  • Avoid registering other people’s biometrics such as facial or fingerprint registration on your devices if you use biometrics to access DBS applications.
  • Avoid sharing personal details without cause.
  • Avoid providing your DBS account details (such as passwords and pins) to non-official DBS applications as these applications may not be secure.
  • Always pay attention to SMS and authentication prompts to ensure you’re approving the correct action.
  • Use a unique password for your DBS logins.

Protect your personal devices

Keep your devices secure and up to date to help prevent scammers from installing malware.

  • Always ensure your computers and mobile devices are kept updated by enabling automatic update.
  • If available for your device, install antivirus software and keep this software updated via automatic updates.

Beware of these online threats

Social Engineering

Scammers may use social engineering to trick you into giving them your personal or financial information. There are many types of social engineering such as phishing, social media impersonation.

If you fall victim to social engineering, scammers may be able to trick you into conduct the following actions:

  • Download malicious applications onto your phones, desktops or laptops
  • Provide internet banking credentials and/or OTP or Digital Token approval
  • Perform fund transfer(s) to another account
  • Change your contact details to accounts they control to lock you out of your account

Phishing

Phishing may be conducted through email, SMS, social messaging platforms (Facebook, WhatsApp), or a phone call. Scammers utilizing phishing may come across as trustworthy or official parties and may claim to assist with or alert recipients of legal, financial, or cybersecurity issues or events.

  • Be careful of and avoid responding to unsolicited emails, SMSs and phone calls.
  • Always access our services through our official website https://www.dbs.com/.
  • Avoid clicking on links in unsolicited emails and SMSs. Go directly to our website at https://www.dbs.com/security to view the latest alerts.
  • If you receive phone calls purporting to be from DBS or another company, hang up and call the company’s official phone line to verify.
  • Use our mobile applications from the official Apple App store, Google Play store or other DBS authorized stores instead of using a web browser.
  • Call us immediately at 1800 111 1111 (Personal Banking) or 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.

Business Email Compromise Scams (BEC Scams)

BEC Scams are a subset of phishing scams. These are sent to unsuspecting employees and purport to be high-ranking executives, managers, officials, or familiar parties such as a known business.

Such phishing scams may request an employee to conduct unauthorized wire transfers, purchase gift cards, open malicious links or attachments, or send sensitive information.

In certain cases, the scammer may use this to compromise an employee’s mailbox and use the official mailbox to impersonate the employee.

  • Verify such requests through official contact numbers or channels. Do not reply to the email or use any provided contacts within the email.
  • Only act on expected instructions and double check before acting.
  • If available, enable email labelling to distinguish between outside parties and utilize colour coding to visually identify emails from external parties.

Social Media Impersonation

Social media impersonations work by pretending to be official and legitimate pages or people.

Scammers may attempt to hijack communications between yourself and DBS by using official sounding usernames and responding directly to your posts.

  • Ensure you’re communicating directly with official DBS accounts on social media, especially when asking for assistance.
  • Avoid giving your sensitive or personal details to accounts you can’t verify as being official DBS accounts.
  • Be careful of the information you share online. Avoid sharing images or details of your bank statements, credit cards, and username and PIN combinations.
  • Limit the information unknown parties may see through the sharing privacy options on social media.

 

Malware

Malware or malicious software is designed to gain access to your devices without your consent. Malware may be installed by opening a malicious document (e.g. pdfs, word or excel documents), visiting a malicious link, or installing a malware-laden program or app. After being installed, such malware may steal your personal and financial data or utilize your device to conduct other malicious activities.

  • Be careful of attachments and links received in emails and avoid opening attachments and links in unsolicited emails, SMSes, or social messaging platform posts or messages.
  • Avoid downloading unneeded programs or apps as these may contain malware.
  • Avoid using third-party app stores as unknown parties can modify such apps to include malware.
  • Only download DBS apps from the official Apple App store, Google Play store or other DBS authorized stores.
  • Always ensure that your computers and mobile devices’ software and antivirus are kept up to date.