Scam Defence for Business

Common signs of phishing emails or mails:

• Urgent language with threat such as “act now” or “immediate action required to avoid consequences”
• Requests for your personal information such as your username, password, bank details or verification codes
• Unexpected attachments or suspicious URL links provided
• Poor grammar or spelling, with images and graphics that are poorly formatted
• Email addresses are spelled weirdly or suspiciously, with characters replaced such as “1” for “I”

Common signs of scam websites:

• Lack of "HTTPS" in the URL address or lack of padlock symbol in the site information found on the address bar of web browser 
• Poor website design with outdated or unprofessional graphics, broken links or low-quality images
• Missing contact information
• No privacy policy or terms of service
• Unusual URL with weird or misspelled domain names

DBS official website URL addresses will always have this domain structure: dbs.com.sg/xxx. There will never be a suffix before or after “dbs”, such as “dbs-cash.com.sg” OR “sg-dbs.com”

Common signs of scam calls, SMSes or messages:

• Unrecognised number and an unfamiliar voice
• Urgent language with threat such as “act now” or “immediate action required to avoid consequences”
• Requests for your personal information such as your username, password, bank details or verification codes
• Unsolicited calls 

DBS will only send essential SMSes with no clickable links. Alerts in the form of push notifications will appear only via the DBS IDEAL mobile app.

Scammers impersonating insurance company representatives may call victims to enquire about recent insurance purchases or expired insurance policies. Scammers may offer to assist victims in cancelling the non-existent insurance, purportedly preventing automatic deduction of premiums. Or they may ask you to pay the insurance premium in order to reactivate the expired policy and prevent the total loss of the policy value.

They may pressure you to transfer large sums of money for “safekeeping” purposes. Scammers may also request for personal information via private channels (e.g. WhatsApp/Telegram). In some instances, the call might be transferred to other scammers pretending to be from "government agencies", who will assert that the victim’s accounts are compromised. The scammer would then tell victims to transfer money to assist in investigations. 

Signs to look out for: 

• Urgent request for money transfers:  Scammers aim to cause panic by claiming that failure to transfer money will result in consequences such as your account being frozen, delays in investigation, fines, getting arrested by the police, or other penalties.  
• Request for extensive personal details via private communication channels: Scammers bypass standard verification methods by shifting the conversation to WhatsApp or other private channels to receive your personal information.  
• Follow up call from another “agency”:  The user may receive a second call from someone posing as another bank staff or a different government agency to reinforce their claims and pressure you further. 

Protect yourself and your business: 

• Call back the insurance company to verify the claim. Do not trust callers claiming that your bank account has been compromised or is under investigation. 
• Do not share bank account, One-Time Passwords (OTPs) or personal information. Government officials, bank and insurance company representatives will never ask you to disclose such information or to transfer monies. 
• Install the ScamShield app to block potential scam calls and SMSs. Install the app from verified application stores (i.e. Apple App Store & Google Play Store). This tool helps you scan for suspicious messages, links or numbers. You can also use it to block calls and SMSs from scammers and report potential scams. 

Scammers impersonating a company's senior management team may reach out via messaging apps (e.g. WhatsApp) to lure victims into participating in a video conference. During the video conference, scammers use deepfake technology to convincingly mimic senior management and make an urgent request for a money transfer. They will also instruct the victim to keep the request confidential.
 

Signs to look out for:

• Unverified communication channels: Scammers bypass a company’s official communication channels by shifting the conversation to private channels such as WhatsApp.
• Urgent financial requests bypassing standard approval processes: Victims are pressured to make large, time-sensitive money transfers under the guise of confidentiality agreements or critical business deals. Scammers often fabricate consequences such as project delays or legal repercussions to compel immediate action.
• Transfers to unknown accounts: Victims are instructed to transfer funds to new accounts that have not been previously authorised as official company beneficiaries.
   

Protect yourself and your business:

• Verify instructions carefully: Establish procedures to independently verify instructions from senior management, especially regarding financial transactions. Never rely solely on a phone call or email. Use established communication channels and contact individuals directly to confirm instructions.
• Stay updated on deepfake technology: Learn how to recognise deepfakes. Conduct regular security awareness training for all employees.
• Learn some of these telltale signs of deepfake videos/images:
  o  Blurry or irregular edges around faces or body
  o  Inconsistencies in facial features (e.g. mismatched age between skin, hair and eyes, overly smooth or wrinkled skin)
  o  Unnatural shadows
  o  Unnatural blinking or sudden changes in facial features
  o  Uneven skin tone or lighting
  o  Discrepancies between audio and lip movements
  o  Persons with an unnatural sounding voice

Signs to look out for:

Scammers impersonating bank staff and/or government officials may reach out through unsolicited phone calls or in-app calls (e.g. WhatsApp video calls) claiming your bank account has been compromised and is being used for illegal activities, or that it is under investigation. They may pressure you to transfer large sums of money to prevent your account from being frozen or to expedite the investigation. Scammers may also request for personal information via private channels (e.g. WhatsApp/Telegram). 

• Urgent request for money transfers: Scammers aim to cause panic by claiming that failure to transfer money will result in consequences such as your account being frozen, delays in investigation, fines, getting arrested by the police, or other penalties. 
• Request for extensive personal details via private communication channels: Scammers bypass standard verification methods by shifting the conversation to WhatsApp or other private channels to receive your personal information. 
• Follow up call from another “agency”: The user may receive a second call from someone posing as another bank staff or a different government agency to reinforce their claims and pressure you further.  

Protect yourself and your business:

• Call DBS to verify the claim. Do not trust callers claiming that your bank account has been compromised or is under investigation.
• Do not share bank account, One-Time Passwords (OTPs) or personal information. Government officials and bank staff will never ask you to disclose such information or to transfer monies.
• Install the ScamShield app to block potential scam calls and SMSs. Install the app from verified application stores (i.e. Apple App Store & Google Play Store). This tool helps you scan for suspicious messages, links or numbers. You can also use it to block calls and SMSs from scammers and report potential scams.
   

Scammers are creating fake DBS phishing websites to collect your personal information.

Screenshot of Fake DBS Website

Signs to look out for:

Scammers request for personal information via private channels (e.g. WhatsApp/ Telegram) after advertising a fake DBS phishing website on social media (e.g. Facebook)

• Unrealistic offers: The advertisement presents deals that sound too good to be true.
• Unverified communication channels: The scammer bypasses standard verification methods by using Facebook or shifting the conversation to WhatsApp or other private channels.
• Suspicious Document or Link: The user receives a document or link that claims to lead to DBS official website. But beware! The link will include minor differences while any websites will have errors in branding.

Protect yourself and your business:

• Install the ScamShield app from verified application stores (i.e. Apple App Store & Google Play Store). This tool helps you scan for suspicious messages, links, or numbers. You can also use it to block calls and SMSs from scammers and report potential scams.
• Always use DBS official website, hotline number and mobile apps to conduct DBS bank-related requests.
• Report suspicious activity to DBS if you come across any suspicious advertisement or link, especially if you suspect that your personal information has been compromised.

Signs to look out for:

• Suspicious Message: Beware of text messages claiming that your PayNow certificate is about to expire. These urge you to take immediate action by clicking on a hyperlink.
  
  For example: “PayNow: Your PayNow certificate has expired. Update it on <Phishing URL link> now to avoid any blocking of your services”
  
  
   
• The hyperlink leads you to a fake PayNow phishing website. The following sensitive information may be requested:
  •   Credit card information
  •   Personal data (e.g., phone number, billing address, name, date of birth, email)
  
  Screenshots of Fake PayNow Phishing Website
  
  
  
  
  
  
   

• Urgency: Scammers aim to cause panic by claiming your access to PayNow will be disrupted if you do not renew the service by providing your sensitive information.

• Knowledge is power! Protect yourself: 
  •   PayNow does not issue any digital certificates to the public. There is no PayNow website for members of public to share their personal and credit card details. All details provided to PayNow should be through the linked bank’s official sites or applications.
  •   DBS will never send you any SMS with clickable links

Protect yourself and your business:

• Install the ScamShield app from verified application stores (i.e. Apple App Store & Google Play Store). This tool helps you scan for suspicious messages, links, or numbers. You can also use it to block calls and SMSs from scammers and report potential scams.
• Authenticate email senders, avoid clicking on suspicious links, and don’t use compromised devices for transactions
• Keep up with the latest scam tactics and potential threats targeting businesses. Equip your staff with knowledge on recognising common scam scenarios by visiting this webpage for tips and updates

Signs to look out for:

Scammers reach out to request for fraudulent payments through unsolicited phone calls or in-app calls (e.g. WhatsApp video calls) and impersonating various roles:

• Government Officials
  Scammers claim your business may be involved in illegal activities such as money laundering or identity theft. They request a money transfer to a fraudulent bank account to facilitate the investigation.
   
• Bank Staff
  Scammers claim to have found issues with your corporate card, bank account, digital tokens or bank transactions. They request your bank account details including banking credentials or One-Time Passwords (OTPs), or personal information, to help resolve the issue.
   
• Potential Customers
  Scammers pretend to place an order for your products or services, on condition that a permit or insurance is obtained to deliver the goods. They refer you to another scammer to apply for the permit or insurance with a secured deposit.
   
• Property Agents
  Scammers use unofficial emails or phone numbers for communication. They also use forged documents including property agent licenses from the Council for Estate Agencies (CEA) or fake information property ownership from Singapore Land Authority, to gain your trust. They then request for you to transfer your rental deposit to a fraudulent account.

Protect yourself and your business:

• Do not share bank account /card details, One-Time Passwords (OTPs) or other personal information. Government officials and bank staff will never ask you to disclose such information or to transfer monies.
• Install the ScamShield app from verified application stores (i.e. Apple App Store & Google Play Store). This tool helps you scan for suspicious messages, links, or numbers. You can also use it to block calls and SMSs from scammers and report potential scams.
• Always verify payment requests and insist on making payments to local business partners via Unique Entity Number (UEN) instead of via mobile number or direct transfers.
• Do not make advance payments to new business partners to secure the orders.

Signs to look out for:

• Scammers impersonate business partners or suppliers via a hacked email account or a spoofed email address to send false invoices with altered account numbers.
• Scammers may use spoofed email addresses that look similar to legitimate ones with slight errors or changes to letters/symbols.
• Email contains fake invoices asking for a change of payment modes and threats of losing the contract if instructions are not followed. These include transferring funds to a new account number urgently.
• Scammers urge you to contact them via different communication channels.

Protect yourself and your business:

• Treat any new or sudden changes in payment instructions or bank account details of your suppliers with extreme caution, especially when informed via email.
• Always verify directly with your supplier through alternate communication channels like a phone call using a verified phone numbers.
• Verify invoices and the payment details against known records. Make payments to local companies via Unique Entity Number (UEN) instead of via mobile number or direct transfers.

Signs to look out for:

• Scammers reach out via unofficial communication channels (e.g., WhatsApp, SMS, Phone Call from unknown number) impersonating school staff and place large orders for school projects with promising revenues. They later change the order to include high-value or unrelated items.
• Scammers will request businesses to purchase additional items from a fraudulent supplier with advance payments.
• Scammers claim to transfer the funds to reimburse businesses for the purchase and provide unauthenticated screenshots of payment proof.
• After the victim makes payment, both scammer and supplier will disappear without delivering the goods.

Protect yourself and your business:

• Always insist on making payments to local companies via Unique Entity Number (UEN), instead of mobile or direct transfer.
• Avoid making advance payments to new business partners or suppliers. Only initiate payments to known bank accounts.
• Always verify the authenticity of the purchaser by checking independently with the organisation they claim to be from.

Your safety when banking online remains our top priority. As part of our multi-layered defence against fraud, we:

Use secure technology and protocols to ensure your information and money are safe, whenever they bank online. For example, we employ multi-factor authentication when our customers perform online transactions.

Have a dedicated anti-scam team to monitor, intervene in and review fraud alerts. The team includes full-time personnel stationed at the Singapore Police Force’s anti-scam centre to ensure timely freezing of any suspicious/compromised accounts.

Carry out transaction screening with our advanced monitoring and surveillance systems, which help us to detect unauthorised activities on customer accounts. This allows us to detect distinct changes in user behavioural patterns, cross-reference unusual account changes, as well as screen unusual transfers and block flagged transfers.

Fighting scams is a collective effort. We encourage you to remain vigilant when performing any banking transactions online, including checking and verifying the sender’s identify before clicking on any link.

We do not provide any integration services to third party sites that are not fully validated by our internal teams.  Any integrations with external platforms, such as accounting platforms or marketplaces, are strictly controlled and must pass our rigorous due diligence process.

As an additional layer of security, users must authenticate using their existing credentials and security protocols each time they access banking services via validated external platforms or marketplaces. 

While MAS guidelines do not prohibit the inclusion of links in emails to corporate customers, only important links that enhance your customer experience will be included in our mailers.

We urge you to remain vigilant when performing any banking transactions online, including checking and verifying the sender’s identify before clicking on any link. 

When in doubt, contact DBS and always verify directly with us for any requests.  You may call 1800 222 2200 / +65 6222 2200 (overseas), Monday to Friday, 8.30am to 8.30pm (excluding Public Holidays) and we’d be happy to assist.

For important alerts like transaction approval alerts, you will receive notification via SMS and email by default after each approved transaction to enhance the safety and security of your account.

You may create and manage additional alerts in DBS IDEAL to be notified on payment status updates, which may help detect fraud early. Please click here for more information.

For these additional alerts you have created, we will use email and push notifications as our default channels of communication. 
Please ensure your registered email address is valid and up to date.

You will receive notifications on both the old and new mobile number and/or email address when you successfully change your account’s mobile number and/or email address.

If you did not initiate these changes, contact us immediately at 1800 222 2200 / +65 6222 2200 (overseas), Monday to Friday, 8.30am to 8.30pm (excluding Public Holidays).

Yes, the Digital Token is built with global security standards and forms part of our multi-layered authentication to enhance the safety and security of your accounts.

Yes. From July 2025 onwards, there will be a 12-hour cooling period after setting up the digital token, during which certain high-risk transactions (such as adding or editing payees, or changing contact information, etc.) will not be allowed.

Upon suspected compromise of user account, access to DBS IDEAL will be revoked to prevent any transaction authorisation via DBS IDEAL.

The pop-up message is part of our efforts to protect you against scams which involve fraudsters requesting for payments to be made to their bank accounts. 

We urge all customers to verify that the payee details are legitimate before proceeding with adding or editing a payee.

If you did not initiate the addition or editing of a payee, contact us immediately at 1800 222 2200 / +65 6222 2200 (overseas), Monday to Friday, 8.30am to 8.30pm (excluding Public Holidays).

From July 2025 onwards, we will reject transactions flagged as high risk to protect you from transferring funds to a recipient who is likely to be a scammer.

To safeguard your funds, please do not attempt further transfers to the recipient.
Please call 1800 222 2200 / +65 6222 2200 (overseas), Monday to Friday, 8.30am to 8.30pm (excluding Public Holidays) for further assistance.

This email is part of our security measures to keep you notified on your IDEAL account activity. If you did not perform the login, contact us immediately at 1800 222 2200 / +65 6222 2200 (overseas), Monday to Friday, 8.30am to 8.30pm (excluding Public Holidays).