Let’s Bank Safely Together

Common signs of phishing emails or mails:

• Urgent language with threat such as “act now” or “immediate action required to avoid consequences”
• Requests for your personal information such as your username, password, bank details or verification codes
• Unexpected attachments or suspicious URL links provided
• Poor grammar or spelling, with images and graphics that are poorly formatted
• Email addresses are spelled weirdly or suspiciously, with characters replaced such as “1” for “I”

Common signs of scam websites:

• Lack of "HTTPS" in the URL address or lack of padlock symbol in the site information found on the address bar of web browser 
• Poor website design with outdated or unprofessional graphics, broken links or low-quality images
• Missing contact information
• No privacy policy or terms of service
• Unusual URL with weird or misspelled domain names

DBS official website URL addresses will always have this domain structure: dbs.com.sg/xxx. There will never be a suffix before or after “dbs”, such as “dbs-cash.com.sg” OR “sg-dbs.com”

Common signs of scam calls, SMSes or messages:

• Unrecognised number and an unfamiliar voice
• Urgent language with threat such as “act now” or “immediate action required to avoid consequences”
• Requests for your personal information such as your username, password, bank details or verification codes
• Unsolicited calls 

DBS will only send essential SMSes with no clickable links. Alerts in the form of push notifications will appear only via the DBS IDEAL mobile app.

• Be careful of links and attachments sent through emails or SMS or posted online on social media sites. Such links and attachments may lead to phishing pages or install malware onto your device without your permission.
• Always go to our website by typing https://www.dbs.com.sg/sme/day-to-day/ways-to-bank/online_banking_ideal.page to ensure you’re reaching DBS's website.
  TIP: If you wish to visit a webpage, it is safer to type the URL on the address bar of your browser than to click on it from an email or another site.
• Stay current with latest news, check our Security Alerts & News frequently to be in the know of the latest threats and scams targeting DBS and POSB customers.
• Avoid performing online transactions on public or shared devices or devices that you suspect are compromised.
• Never reply to unsolicited emails or SMSes. Responses to such emails or SMSes could be used by fraudsters to socially engineer information or trick users into performing unwanted actions.
• Verify any odd or suspicious requests through official contact numbers or channels. Ensure that you're communicating directly with official DBS accounts on social media, especially when asking for assistance.

• Enable Transaction Alerts so that you can be informed instantly of transactions on your account via SMS or email. As part of the E-Payments User Protection Guidelines, it’s a good practice to set up transaction alerts.
• Check the details on transaction alerts that are sent to you and inform the bank immediately if in doubt.
• Always check that you intend to conduct a transaction and do not provide an OTP to authorize payment if you are not.
• Keep your contact details updated with the Bank. Learn more.
• When accessing IDEAL Mobile, never leave your session unattended and log out after use.

• Avoid jailbreaking or rooting your devices. Doing so makes your device more prone to security vulnerabilities like viruses and malicious software.
• Protect your device by using anti-virus software and updating it with the latest anti-virus signature.
• Update your web browser to the latest available patches.
• Set your operating system, anti-virus and anti-spyware software to perform automatic updates daily.
• Install the latest software updates on your device. This helps to ensure that software bugs and security vulnerabilities are addressed.
• Be mindful of the applications you install on your devices. Install apps from official app stores such as Apple App Store or Google Play Store. Unofficial app stores may modify and inset malware into legitimate, non-malicious apps.
• When installing applications, verify that the permissions granted to the application are necessary and avoid downloading unnecessary applications as these applications may contain malicious code or social engineering scams.
• Regularly backup critical data.

• Be aware of what information you share and how it can be used by a receiving party.
• Avoid sharing personal details such as your identity card information, address, phone number, DBS IDEAL account details, or other personal information unnecessarily.
• Consider setting your social network profile to private or use custom audience settings. This way, only people you invite can see what you post.
• Consider using a nickname instead of your real name. This can help reduce the chances of you being harassed online.
• When using public Wi-Fi, avoid accessing websites that require you to login. Consider limiting your activities to only non-sensitive ones. Enable security settings such as 2FA whenever possible adds an additional layer of security.
• Stop and consider before sharing any posts as information posted may cause harm to yourself or people around you.

• Review your privacy settings and practice good social media etiquette.
• Read the transaction details in the SMS or email alerts carefully. Validate that the messages reflect your actual transaction requests. For example, check that the account number is correct.
• Check your last login and transaction history regularly for any abnormal transaction and notify us immediately at 1800 222 2200 (Business Banking), if you notice unknown transactions appearing on your account.
• Think before sharing and post online, what you share online can be re-shared and made public by others. You cannot take it back or delete it later.
• Treat others the way you would like to be treated. Practise kindness in both the physical and digital world.
• Be cautious when you come across promotional offers that sound too good to be true.
• Apply a healthy dose of scepticism if you read any news articles that are sensational and discern if the articles come from a credible source.

• Secure your device with a strong password, PIN or a relevant mechanism to prevent unauthorised use.
  TIP: A strong password is one that is difficult to guess and contains a mix of letters, numbers or symbols. You can use this on top of your device’s biometric security feature (if available).
• Never disclose your IDEAL User ID, PIN & One-Time Password (OTP) to anyone. DBS will never request for your PIN, password or OTP.
• Avoid providing your account details (such as passwords and PIN) to third-party financial aggregator applications as these applications may not be secure.
• Avoid registering other people’s biometrics such as facial or fingerprint registration on your devices if you use biometrics to access DBS applications.
• Use a different PIN or password for web-based services such as email, online shopping or subscription services.

Let's keep our guard up and maintain good digital habits. For more information, you may refer to our e-Payment FAQ.

Scammers impersonating a company's senior management team may reach out via messaging apps (e.g. WhatsApp) to lure victims into participating in a video conference. During the video conference, scammers use deepfake technology to convincingly mimic senior management and make an urgent request for a money transfer. They will also instruct the victim to keep the request confidential.
 

Signs to look out for:

• Unverified communication channels: Scammers bypass a company’s official communication channels by shifting the conversation to private channels such as WhatsApp.
• Urgent financial requests bypassing standard approval processes: Victims are pressured to make large, time-sensitive money transfers under the guise of confidentiality agreements or critical business deals. Scammers often fabricate consequences such as project delays or legal repercussions to compel immediate action.
• Transfers to unknown accounts: Victims are instructed to transfer funds to new accounts that have not been previously authorised as official company beneficiaries.
   

Protect yourself and your business:

• Verify instructions carefully: Establish procedures to independently verify instructions from senior management, especially regarding financial transactions. Never rely solely on a phone call or email. Use established communication channels and contact individuals directly to confirm instructions.
• Stay updated on deepfake technology: Learn how to recognise deepfakes. Conduct regular security awareness training for all employees.
• Learn some of these telltale signs of deepfake videos/images:
  o  Blurry or irregular edges around faces or body
  o  Inconsistencies in facial features (e.g. mismatched age between skin, hair and eyes, overly smooth or wrinkled skin)
  o  Unnatural shadows
  o  Unnatural blinking or sudden changes in facial features
  o  Uneven skin tone or lighting
  o  Discrepancies between audio and lip movements
  o  Persons with an unnatural sounding voice

Signs to look out for:

Scammers impersonating bank staff and/or government officials may reach out through unsolicited phone calls or in-app calls (e.g. WhatsApp video calls) claiming your bank account has been compromised and is being used for illegal activities, or that it is under investigation. They may pressure you to transfer large sums of money to prevent your account from being frozen or to expedite the investigation. Scammers may also request for personal information via private channels (e.g. WhatsApp/Telegram). 

• Urgent request for money transfers: Scammers aim to cause panic by claiming that failure to transfer money will result in consequences such as your account being frozen, delays in investigation, fines, getting arrested by the police, or other penalties. 
• Request for extensive personal details via private communication channels: Scammers bypass standard verification methods by shifting the conversation to WhatsApp or other private channels to receive your personal information. 
• Follow up call from another “agency”: The user may receive a second call from someone posing as another bank staff or a different government agency to reinforce their claims and pressure you further.  

Protect yourself and your business:

• Call DBS to verify the claim. Do not trust callers claiming that your bank account has been compromised or is under investigation.
• Do not share bank account, One-Time Passwords (OTPs) or personal information. Government officials and bank staff will never ask you to disclose such information or to transfer monies.
• Install the ScamShield app to block potential scam calls and SMSs. Install the app from verified application stores (i.e. Apple App Store & Google Play Store). This tool helps you scan for suspicious messages, links or numbers. You can also use it to block calls and SMSs from scammers and report potential scams.
   

Scammers are creating fake DBS phishing websites to collect your personal information.

Screenshot of Fake DBS Website

Signs to look out for:

Scammers request for personal information via private channels (e.g. WhatsApp/ Telegram) after advertising a fake DBS phishing website on social media (e.g. Facebook)

• Unrealistic offers: The advertisement presents deals that sound too good to be true.
• Unverified communication channels: The scammer bypasses standard verification methods by using Facebook or shifting the conversation to WhatsApp or other private channels.
• Suspicious Document or Link: The user receives a document or link that claims to lead to DBS official website. But beware! The link will include minor differences while any websites will have errors in branding.

Protect yourself and your business:

• Install the ScamShield app from verified application stores (i.e. Apple App Store & Google Play Store). This tool helps you scan for suspicious messages, links, or numbers. You can also use it to block calls and SMSs from scammers and report potential scams.
• Always use DBS official website, hotline number and mobile apps to conduct DBS bank-related requests.
• Report suspicious activity to DBS if you come across any suspicious advertisement or link, especially if you suspect that your personal information has been compromised.

Signs to look out for:

• Suspicious Message: Beware of text messages claiming that your PayNow certificate is about to expire. These urge you to take immediate action by clicking on a hyperlink.
  
  For example: “PayNow: Your PayNow certificate has expired. Update it on <Phishing URL link> now to avoid any blocking of your services”
  
  
   
• The hyperlink leads you to a fake PayNow phishing website. The following sensitive information may be requested:
  •   Credit card information
  •   Personal data (e.g., phone number, billing address, name, date of birth, email)
  
  Screenshots of Fake PayNow Phishing Website
  
  
  
  
  
  
   

• Urgency: Scammers aim to cause panic by claiming your access to PayNow will be disrupted if you do not renew the service by providing your sensitive information.

• Knowledge is power! Protect yourself: 
  •   PayNow does not issue any digital certificates to the public. There is no PayNow website for members of public to share their personal and credit card details. All details provided to PayNow should be through the linked bank’s official sites or applications.
  •   DBS will never send you any SMS with clickable links

Protect yourself and your business:

• Install the ScamShield app from verified application stores (i.e. Apple App Store & Google Play Store). This tool helps you scan for suspicious messages, links, or numbers. You can also use it to block calls and SMSs from scammers and report potential scams.
• Authenticate email senders, avoid clicking on suspicious links, and don’t use compromised devices for transactions
• Keep up with the latest scam tactics and potential threats targeting businesses. Equip your staff with knowledge on recognising common scam scenarios by visiting this webpage for tips and updates

Signs to look out for:

Scammers reach out to request for fraudulent payments through unsolicited phone calls or in-app calls (e.g. WhatsApp video calls) and impersonating various roles:

• Government Officials
  Scammers claim your business may be involved in illegal activities such as money laundering or identity theft. They request a money transfer to a fraudulent bank account to facilitate the investigation.
   
• Bank Staff
  Scammers claim to have found issues with your corporate card, bank account, digital tokens or bank transactions. They request your bank account details including banking credentials or One-Time Passwords (OTPs), or personal information, to help resolve the issue.
   
• Potential Customers
  Scammers pretend to place an order for your products or services, on condition that a permit or insurance is obtained to deliver the goods. They refer you to another scammer to apply for the permit or insurance with a secured deposit.
   
• Property Agents
  Scammers use unofficial emails or phone numbers for communication. They also use forged documents including property agent licenses from the Council for Estate Agencies (CEA) or fake information property ownership from Singapore Land Authority, to gain your trust. They then request for you to transfer your rental deposit to a fraudulent account.

Protect yourself and your business:

• Do not share bank account /card details, One-Time Passwords (OTPs) or other personal information. Government officials and bank staff will never ask you to disclose such information or to transfer monies.
• Install the ScamShield app from verified application stores (i.e. Apple App Store & Google Play Store). This tool helps you scan for suspicious messages, links, or numbers. You can also use it to block calls and SMSs from scammers and report potential scams.
• Always verify payment requests and insist on making payments to local business partners via Unique Entity Number (UEN) instead of via mobile number or direct transfers.
• Do not make advance payments to new business partners to secure the orders.

Signs to look out for:

• Scammers impersonate business partners or suppliers via a hacked email account or a spoofed email address to send false invoices with altered account numbers.
• Scammers may use spoofed email addresses that look similar to legitimate ones with slight errors or changes to letters/symbols.
• Email contains fake invoices asking for a change of payment modes and threats of losing the contract if instructions are not followed. These include transferring funds to a new account number urgently.
• Scammers urge you to contact them via different communication channels.

Protect yourself and your business:

• Treat any new or sudden changes in payment instructions or bank account details of your suppliers with extreme caution, especially when informed via email.
• Always verify directly with your supplier through alternate communication channels like a phone call using a verified phone numbers.
• Verify invoices and the payment details against known records. Make payments to local companies via Unique Entity Number (UEN) instead of via mobile number or direct transfers.

Signs to look out for:

• Scammers reach out via unofficial communication channels (e.g., WhatsApp, SMS, Phone Call from unknown number) impersonating school staff and place large orders for school projects with promising revenues. They later change the order to include high-value or unrelated items.
• Scammers will request businesses to purchase additional items from a fraudulent supplier with advance payments.
• Scammers claim to transfer the funds to reimburse businesses for the purchase and provide unauthenticated screenshots of payment proof.
• After the victim makes payment, both scammer and supplier will disappear without delivering the goods.

Protect yourself and your business:

• Always insist on making payments to local companies via Unique Entity Number (UEN), instead of mobile or direct transfer.
• Avoid making advance payments to new business partners or suppliers. Only initiate payments to known bank accounts.
• Always verify the authenticity of the purchaser by checking independently with the organisation they claim to be from.

Your safety when banking online remains our top priority. As part of our multi-layered defence against fraud, we:

Use secure technology and protocols to ensure your information and money are safe, whenever they bank online. For example, we employ multi-factor authentication when our customers perform online transactions.

Have a dedicated anti-scam team to monitor, intervene in and review fraud alerts. The team includes full-time personnel stationed at the Singapore Police Force’s anti-scam centre to ensure timely freezing of any suspicious/compromised accounts.

Carry out transaction screening with our advanced monitoring and surveillance systems, which help us to detect unauthorised activities on customer accounts. This allows us to detect distinct changes in user behavioural patterns, cross-reference unusual account changes, as well as screen unusual transfers and block flagged transfers.

Fighting scams is a collective effort. We encourage you to remain vigilant when performing any banking transactions online, including checking and verifying the sender’s identify before clicking on any link.

We do not provide any integration services to third party sites that are not fully validated by our internal teams.  Any integrations with external platforms, such as accounting platforms or marketplaces, are strictly controlled and must pass our rigorous due diligence process.

As an additional layer of security, users must authenticate using their existing credentials and security protocols each time they access banking services via validated external platforms or marketplaces. 

While MAS guidelines do not prohibit the inclusion of links in emails to corporate customers, only important links that enhance your customer experience will be included in our mailers.

We urge you to remain vigilant when performing any banking transactions online, including checking and verifying the sender’s identify before clicking on any link. 

When in doubt, contact DBS and always verify directly with us for any requests.  You may call 1800 222 2200 / +65 6222 2200 (overseas), Monday to Friday, 8.30am to 8.30pm (excluding Public Holidays) and we’d be happy to assist.

For important alerts like transaction approval alerts, you will receive notification via SMS and email by default after each approved transaction to enhance the safety and security of your account.

To create and manage additional alerts in DBS IDEAL, please click here for more information.

For these additional alerts you have created, we will use email and push notifications as our default channels of communication. 
Please ensure your registered email address is valid and up to date.

You will receive notifications on both the old and new mobile number and/or email address when you successfully change your account’s mobile number and/or email address.

If you did not initiate these changes, contact us immediately at 1800 222 2200 / +65 6222 2200 (overseas), Monday to Friday, 8.30am to 8.30pm (excluding Public Holidays).

Yes, the Digital Token is built with global security standards and forms part of our multi-layered authentication to enhance the safety and security of your accounts.

Yes. From July 2025 onwards, there will be a 12-hour cooling period after setting up the digital token, during which certain high-risk transactions (such as adding or editing payees, or changing contact information, etc.) will not be allowed.

Upon suspected compromise of user account, access to DBS IDEAL will be revoked to prevent any transaction authorisation via DBS IDEAL.

The pop-up message is part of our efforts to protect you against scams which involve fraudsters requesting for payments to be made to their bank accounts. 

We urge all customers to verify that the payee details are legitimate before proceeding with adding or editing a payee.

If you did not initiate the addition or editing of a payee, contact us immediately at 1800 222 2200 / +65 6222 2200 (overseas), Monday to Friday, 8.30am to 8.30pm (excluding Public Holidays).

From July 2025 onwards, we will reject transactions flagged as high risk to protect you from transferring funds to a recipient who is likely to be a scammer.

To safeguard your funds, please do not attempt further transfers to the recipient.
Please call 1800 222 2200 / +65 6222 2200 (overseas), Monday to Friday, 8.30am to 8.30pm (excluding Public Holidays) for further assistance.