Trust is the foundation of every financial relationship – and it’s precisely what fraudsters target. As scams become more sophisticated and technology-led, your awareness becomes your strongest defence.
This resource is an extension of those efforts – bringing together everything you need to stay informed, from breakdowns of emerging scams to practical online safety tips for both businesses and families.
Together, we can stand strong against these threats and protect what matters. We encourage you to explore the topics below, empower yourself with knowledge, and learn the right way to report fraudulent activities.
Latest scams and how to stay one step ahead
Scams are becoming more sophisticated, but the right awareness can help you stay safe. Learn how to spot the suspicious signs that could indicate you’re being targeted and how to take simple steps to safeguard yourself and your money.
We’re committed to safeguarding our clients’ information by maintaining a security-first mindset, continuously improving our practices and utilising advanced technology.
A culture built on security
A strong security culture is central to everything we do, and we are advancing it further through initiatives that enhance our protection for clients:
Our products and services are designed with robust encryption, phishing resistance, and stringent access controls to safeguard your data.
A comprehensive ‘defence-in-depth’ strategy is employed to detect, protect against, and respond to cyber threats, with systems in place to help maintain critical operations and recover from incidents.
As a key line of defence, our employees are regularly trained in cybersecurity and fraud prevention to help ensure customer safety against cyber threats.
We identify third party security threats and provide timely threat intelligence to support the security of our clients and customers.
We understand that trust is the foundation of our client relationships. Our approach to security is not just about protecting data, but also about ensuring peace of mind for our clients.
Continuous innovation
Staying ahead of emerging threats demands a proactive approach, continually seeking new ways to strengthen our security. Our security teams work to detect risks early and develop cutting-edge solutions that help keep our systems one step ahead.
Protecting our clients from fraud and cyber-related incidents is an ongoing journey. As the threat landscape evolves, so do our strategies and technologies.
Instant notifications: You receive prompt notifications via in-app alerts or SMS for every transfer performed using online banking, whether on your computer or in the SC Mobile Banking app.
Automatic logouts: You’ll be logged out after a period of inactivity to keep your account safe.
Continuous monitoring: We continuously monitor banking systems and transactions to proactively detect and respond to threats.
Custom alerts: You have the option to configure alerts for important account changes or transactions.
Secure statements: Your eStatements are encrypted, password-protected, and sent only to your registered addresses.
Secure transactions and payments:
Multi-factor authentication (MFA) is required for adding payees, bill payments, or fund transfers.
The SC Mobile Banking App allows you to view, manage, control accounts and cards anywhere, anytime.
Users are advised to keep the SC Mobile Banking App updated and to set spending limits on cards and accounts.
The app also enables you to instantly block cards or accounts if you suspect a security concern.
Standard Chartered is committed to safeguarding the trust and assets of our clients. Through vigilance and proactive measures against rapidly evolving fraud and cyber threats, we help ensure your banking experience remains secure and reliable.
Suspicious calls, texts, emails, or social media accounts: If you receive any suspicious communication or spot an account claiming to represent our Bank, report it to us at phishing@sc.com. Please include any relevant information, attachments, screenshots, or links to help us with our investigation.
Security issues with online services or applications: For any concerns related to our online platforms, please contact: security@sc.com.
For corporate clients: If you’re a corporate client, please speak to your Relationship Manager or contact Client Services by calling or emailing your local market.
For retail customers: If you are a retail customer who suspects fraud, call the number on the back of your debit/credit card or your bank statement. You can also tell us about suspected fraud by contacting your local Bank branch or office using the contact details below.
Investment scams occur when victims are approached by individuals pretending to represent a bank or investment firm, often offering “quick and risk free” investment schemes. They may present official-looking documents to convince people to buy bonds or make payments as part of the scheme.
What to watch out for:
Unexpected calls, emails, or offers. Always do your own research before committing to financial investments.
Complicated or “too good to be true” investment schemes.
Pressure to make immediate decisions to enrol in the scheme and transfer money.
Being told to treat the investment deal as “confidential”.
What you can do:
Speak to a trusted family member, registered financial advisor or your bank representative.
Validate and check the local regulator’s website for registered investment companies.
If you suspect fraud, contact your bank immediately. By acting quickly, you can make it easier to try stop or recover payments. You can also report to local law enforcement.
There are many kinds of impersonation scams where fraudsters pose as trusted organisations or individuals, such as retailers, charities, government officials, or banks, to steal information or money.
These are often carried out in-person or through phishing emails, texts, or fake websites. They follow the same playbook: build trust, create urgency, then ask for payment or personal details.
What to watch out for:
Unexpected calls, texts, or emails claiming to be from trusted companies.
Urgent payment or donation requests without verified proof.
Messages or links asking for personal, banking, or login details.
Unusual sender addresses, spelling errors, or slightly altered website links.
What you can do:
Don’t share personal payment details unless you’ve verified the source.
Avoid clicking on links or opening attachments from unverified emails or messages.
Report suspicious activity to your bank or local law authorities.
Social engineering uses data harvesting, psychological tactics, and deception to trick people into revealing passwords, OTPs (one-time passwords), or other sensitive information. Tactics include phishing emails, phone calls (vishing), SMS messages (smishing), or QR codes (quishing), fake customer support requests and – increasingly – AI-generated voices or ‘deepfakes’ that impersonate trusted contacts.
What to watch out for:
Unsolicited messages or calls asking for OTPs, passwords, or your card or bank account details.
Requests that create urgency or pressure you to act immediately.
Links or attachments in unexpected emails or texts.
Messages that appear to come from colleagues or trusted brands but use slightly altered addresses or phone numbers.
What you can do:
Never share OTPs, passwords or PINs with anyone, even if they claim to be from your bank.
Enable multi-factor authentication (MFA) and keep your device’s software updated.
Report suspicious messages or calls to your bank and local law authorities.
Card fraud occurs when fraudsters steal or misuse your debit or credit card information to make unauthorised transactions. This can happen through lost or stolen cards, card skimming at ATMs, counterfeit cards, or by stealing details online using malware, phishing, or fake websites.
What to watch out for:
Unexpected transactions or unfamiliar charges on your card.
Calls, texts, or emails asking for your card number, PIN, or OTP (one-time password).
ATMs or payment terminals that look tampered with or unusual.
Websites that look suspicious or lack secure payment icons (such as a padlock symbol).
What you can do:
Regularly review your bank and card statements for any unusual activity.
Never share your card details, PIN, CVV number, or OTP – even if the request appears to come from your bank.
Use ATMs in well-lit or trusted locations and shield your PIN when entering it.
Report a lost or stolen card immediately and ask your bank to block it.
Scammers now leverage advanced artificial intelligence (AI) models to create highly realistic video, audio, or images – known as ‘deepfakes’ – to impersonate people you trust. They can clone a trusted contact’s voice to request a funds transfer. Because the deepfakes can be so convincing, even the most cautious individuals can be deceived.
What to watch out for:
A ‘familiar’ voice or face asking for urgent money or sensitive data.
Unannounced video calls with requests that deviate from usual channels.
Slight mismatches in lip movement, background lighting, or voice tone.
Content that pressures you to act before you verify the person’s identity.
What you can do:
Pause and verify – contact the person through a separate, trusted channel (phone, official website or in-person) to confirm their identity.
Use multi-layer verification – require at least two separate checks, such as a video call, a unique code or phrase that is only known to you and the sender, or another form of verification, rather than relying solely on one (e.g. voice).
Report suspicious calls, videos, or requests to your bank or local law enforcement.
In a Business Email Compromise (BEC) scam, fraudsters impersonate a known contact – such as a supplier, client, or senior executive – and send convincing emails requesting payments or sensitive information. These frauds often target businesses that handle frequent fund transfers or international transactions.
What to watch out for:
Sudden requests to update bank details or transfer money to new or overseas accounts.
Urgent or confidential payment instructions with no time to verify internally.
Emails or invoices showing slight changes in addresses, contact details, or domain names.
Impersonation of senior executives or suppliers claiming organisational changes.
What you can do:
Always verify changes in bank details directly with your supplier or client using trusted contact channels.
Confirm large fund transfers through independent approval or documentation.
Be cautious with social media posts that reveal company or client information, as they could be exploited.
Hover over the sender and confirm it is a genuine company email.
If unsure, report suspicious requests immediately to your finance team or local law enforcement.
Together, we can help employees recognise risks sooner and report potential cybercrime. Please use the guides provided in Cyber Space and share the information across your teams.
Cheque fraud occurs when criminals illegally alter, forge, or reproduce cheques to divert funds. This can happen through intercepted cheques, duplicated signatures, or manipulated cheque values. Fraudsters may also exploit overpayment scams – sending a fake cheque for a higher amount and asking the victim to return the excess before the cheque bounces.
What to watch out for:
Requests to refund an “overpayment” made by cheque.
Cheques with altered handwriting, misspelled names, or inconsistent amounts.
Unusual requests to validate or cash cheques from unknown buyers.
Cheques that appear tampered with or written with erasable ink.
What you can do:
Verify any cheque received with your bank before processing or refunding.
Store cheque books securely and keep track of issued cheques.
Avoid signing blank cheques or leaving them unattended.
Cross-check details like payee name, date, and amount before approval.
Report suspicious cheques or cheque stubs missing from your cheque book.
When your business works with external vendors, you also inherit their risks. A cyberattack, data breach, or operational failure at a supplier can quickly impact your own systems, disrupt services, or expose sensitive customer or company data. Even one weak link in your supply chain can create financial, regulatory, and reputational damage.
What to watch out for:
Suppliers using outdated software or handling sensitive data without proper safeguards.
Lack of transparency around how third parties store or process your information.
No proof of compliance with industry or regulatory standards.
Infrequent security audits or poor incident-reporting processes.
What you can do:
Keep an updated list of all suppliers and the systems/data they can access.
Review cybersecurity certifications and security controls before onboarding vendors.
Strengthen contracts with clauses on data protection, breach notification, and audit rights.
Monitor vendor performance regularly and reassess risk exposure.
Have a clear incident-response plan for supplier-related breaches to maintain continuity.
Employees are often the first line of defence against cyber threats. Scammers commonly target staff with phishing emails, fake invoices, urgent requests, malware links, or impersonation attempts. Training your workforce to recognise these signs can prevent fraud, data breaches, and financial loss.
What you can do:
Provide regular and engaging cybersecurity training and simulations.
Encourage employees to verify unusual requests through official channels.
Promote the use of strong passwords and multi-factor authentication (MFA).
Set clear reporting processes for suspicious emails or incidents.
Share examples of recent scams so staff know what to look for.
Together, we can help employees recognise risks sooner and report potential cybercrime. Please use the guides provided in Cyber Space and share the information across your teams.
The internet is part of daily life, from shopping and banking to social networking. However, it also comes with many risks. Fraudsters may lure you with attractive online deals, send fake invoices, or use fake websites, phishing links, or misleading posts to steal information or money.
Staying alert and following safe online practices can help protect your identity and data.
What to watch out for:
Beware of spelling or grammatical errors, pop-ups, or unusual payment requests.
Avoid deals that sound too good to be true.
Check for mixed or fake reviews, or only positive reviews written in a similar style.
Unknown friend requests or invites to subscribe on social media platforms.
What you can do:
Keep your social media profiles private and avoid oversharing personal information.
Use strong, unique passwords and update them regularly.
Social media is a great way to share your expertise, but it can also put your organisation’s data at risk. Even well-intentioned posts about your work, colleagues, or projects can reveal sensitive information. Following a few best practices can help you stay secure online while maintaining a professional presence.
What to watch out for:
Sharing non-public or confidential information, even unintentionally, in posts, messages, or discussions.
Posting photos that show screens, IDs, or documents containing sensitive details.
Using your work email for personal social media accounts or vice versa.
What you can do:
Use only official communication channels for work-related conversations.
Avoid mixing personal and professional discussions on public platforms.
Refrain from giving advice or opinions on company products, services, or internal matters.
Keep work and personal account passwords separate and never share them with anyone.
Enable multi-factor authentication (MFA) and login alerts for added protection.
Think before you post – when in doubt, leave it out.
Your online accounts hold more than personal data – they hold your identity. Weak passwords, reused credentials, or unverified apps can make it easy for cybercriminals to gain access. Keeping your accounts secure helps protect your privacy and your digital reputation.
What to watch out for:
Suspicious login alerts or unrecognised devices accessing your account.
Links or pop-ups asking you to re-enter passwords or personal details.
Unauthorised third-party apps connected to your profiles.
What you can do:
Avoid password reuse across multiple platforms or accounts – use strong, unique passwords and update them regularly.
Turn on multi-factor authentication (MFA) for all important accounts.
Regularly review connected devices and apps, removing any you don’t use.
Log out from shared or public devices after each session.
Malware is harmful software that criminals install onto devices such as desktop computers, laptops, and mobile phones to take control of the device and steal personal and financial information. It can be installed by having victims download fake apps or files, click malicious links, or use compromised websites. Once installed on a device, malware can capture passwords, intercept text containing one-time passwords and let attackers access victims’ bank accounts or personal data.
What to watch out for:
Unexpected requests to install mobile apps outside of official app stores.
Strange pop-ups, links, or files asking you to download software or apps.
Unusual device behaviour, such as frequent overheating, slow performance, or unexpected notifications.
Missing SMS notifications or one-time passwords (OTPs) you were expecting.
What you can do:
Download apps only from official app stores and avoid file downloads from unknown links.
Keep your device and apps up to date to fix security vulnerabilities.
Use antivirus or anti-malware software and scan devices regularly.
If you suspect a compromise, turn off the device, disconnect from the internet, and report it to local law enforcement.
Children today are growing up in a digitally-connected world. While the internet offers endless opportunities to learn, play and connect, it also exposes them to online risks like age-inappropriate content, cyberbullying, doxing, extortion and phishing or malware scams. Helping children build safe habits early sets the foundation for a secure life.
What to watch out for:
Excessive screen time or sudden changes in behaviour when using devices.
Social media accounts with friend lists consisting of names and profiles you don’t recognise.
Chats with strangers.
Unrestricted access to websites, apps, or games which are not suitable for their age.
Sharing personal information or photos publicly, including details about your family.
What you can do:
Engage openly about online safety and encourage them to share any concerns.
Set screen time limits and clear rules on permitted apps, games, or websites.
Use parental controls and child-friendly search engines.
Explore online activities together and teach them to not to blindly trust all content on the internet.
Technology helps elders stay connected with family, manage finances, and explore new interests. However, it also makes them a target for online scams. With patience and guidance, you can help them use technology confidently while staying alert to fraud.
What to watch out for:
Unsolicited calls, emails, or messages asking for personal or financial details.
Fake tech support or investment schemes promising quick returns.
Links to unknown websites or requests for remote access to devices.
Emotional manipulation or pressure to act urgently.
What you can do:
Explain scams in simple terms and remind them not to panic and never to share passwords or OTPs (one-time passwords).
Encourage them to verify information with family or the bank before taking action.
Help them set up strong passwords and enable multi-factor authentication (MFA).
Stay engaged – talk often about what they do online and review suspicious messages together.
Holidays are a time to relax and reconnect, but scammers can also take advantage of people planning trips or family getaways. They lure families with attractive offers on flights, hotels, and rental accommodation, often through fake booking sites or ‘spoofed’ listings. Some impersonate travel agents or holiday platforms, asking for payments by bank transfer or outside secure systems, then disappear once the money is sent.
By staying cautious and booking only through trusted channels, families can enjoy their holidays safely and stress-free.
What to watch out for:
Deals that look unusually discounted, or claim to be for an extremely limited time or “for exclusive people only” may be scams.
Requests to pay by bank transfer instead of a secure card platform.
Listings with few reviews, or reused photos across multiple sites claiming to be different companies.
Messages urging quick payment or asking you to bypass the booking platform.
What you can do:
Book through reputable travel sites and use credit cards or buyer-protected methods.
Verify listings and contact hosts or agents only through official channels.
Check refund and cancellation policies before paying.
Report suspicious listings to the booking platform and any suspicious payment requests to your bank.
Judy HsuCEO, Wealth & Retail Banking