Phishing
What is phishing?

Phishing is a cyber crime where fraudsters try to obtain your personal information by email, messaging apps, SMS (also known as smishing) or phone (also known as vishing). This information can be used for identity theft, payment scams and credit card fraud as well as many other forms of cybercrime. Malicious links or attachments are often included in phishing and vishing messages, designed to steal your information or infect your system with malware (malicious software).

Bank safely with us

• Phishing messages may appear as though they originated from the Bank. They may include our logo or even mimic our electronic mailers. Look carefully at the sender’s address for lookalike domains e.g. john@standardchartd.com.
• Fraudsters can send you fake bank account statements, overdraft notices or loan cancellations. Never respond to unsolicited emails, messages or phone calls. To access our banking services, visit our official website at https://www.sc.com/my/.
• For mobile banking, update your SC Mobile app and phone’s OS regularly to ensure your security is always up to date.
• If you need to change your password, use our Online Banking login webpage. Never click on hyperlinks or download attachments in unsolicited emails or texts. Our official domains include sc.com, m.sc.com and retail.sc.com.
• Standard Chartered will never ask you for your access code, one-time password (OTP) or credit card number. This is private information and you should never reveal these details to anyone.

Back to top>>​

​​Weak passwords

Why do I need a strong password?

Cyber criminals comb the internet and social media to find your personal information. So ensure you have a strong password to deter them. Weak passwords are uncomplicated and commonly used, for instance 12345678, or associated with your personal data, such as names or birthdays. As a matter of fact, it only takes a fraction of a millisecond to crack an uncomplicated 7-character password¹.

How you can secure your personal information?

• Do not use the same password for multiple sites or accounts. Ensure the password used for your Standard Chartered banking account is unique from your online and social networking accounts.
• Keep all passwords safe and confidential. Standard Chartered may verify the number of accounts you have, but we will never request your login credentials, whether by phone, email or text.
• Strengthen your password by using a combination of upper and lower case characters, numbers and special characters. Likewise, a 12-character password is significantly stronger than 7 characters.
• Memorise your banking password. Never write it down or store it on your devices. Additionally, make it a point to update your password regularly. Change the password immediately if you think it has been compromised.

​¹Web of Trust, Here’s How Long It Takes to Crack Your Password​

Back to top>>​

​​Mobile device threats

Why you need to secure your mobile device?

Mobile devices are not immune to security threats. Installing a malicious app or clicking on a phishing link, for example, can provide cyber criminals with a back door to your mobile device and sensitive data.

Bank safely with us

• Protect your phone and banking information by following these tips.
• Download SC Mobile App from Google Play or the App Store. Never download the app from third-party or unknown sites.
• Always log out from SC Mobile App after use, and never leave it running in the background especially after you have signed in.
• Do not store your passwords, access codes or account numbers on your mobile phone. Cyber criminals can steal this information if your device is hacked or stolen.
• Never use a ‘jailbroken’ (iOS) or ‘rooted’ (Android) device for your banking transactions. They make it easier for hackers to access and manipulate your phone’s operating system.
• Malicious links or attachments in phishing messages are designed to steal your banking details or infect your mobile device. Never click on hyperlinks or download attachments in unsolicited emails or texts.
• Ensure your phone’s operating system is updated regularly to fix any security gaps. Cyber criminals can exploit any software vulnerabilities to access your phone without your knowledge.​

Back to top>>​

Malware

What is malware?

Short for ‘malicious software’, malware is an intrusive programme installed on your computer or smartphone, often without your knowledge or permission. Once installed, it enables cyber criminals to commit fraud, like steal your banking credentials, run payment scams or hijack your system for a ransom.

Understand the common types of malware

• Virus: infects files and software, and spreads to other computers in the network
• Spyware: spies on your online activities and collects your information
• Ransomware: encrypts information and keeps it from you, in exchange for money
• Trojan: disguises itself as a legitimate software to modify, destroy or steal

Bank safely with us

• Malware can come from various sources, like fake Standard Chartered assets; including websites or emails with attachments containing malware. You can protect yourself from malware by taking these precautions.
• Never download files (including email attachments) without verifying that they are from a legitimate source. To access our banking services or resources, visit our website at https://www.sc.com/my/.
• Delete junk and chain emails. If you have opened one, do not click on any links or download any attachments. To change your Online Banking password, use our Online Banking login webpage. Never change it via any email links.
• Install anti-virus and anti-malware protection on your devices. Enable the ‘automatic updates’ feature to ensure the software is able to detect and remove newer malware.
• Never connect to unknown and unsecure Wi-Fi networks when carrying out online banking. If you are using your home network, ensure your router is secured.​

Back to top>>​

Social media threats

Security risks on social media

Cyber criminals often use social networks to gather your personal information. This helps them craft convincing phishing texts or emails, designed to steal your identity or takeover your social and banking accounts.

Practice safe social networking

• Be mindful of what you are sharing online as some of this information can be used to steal your identity. This includes your date of birth, address or phone number.
• Beware of cyber criminals who use a fake identity to start a relationship with you, this is known as catfishing. Their aim is to scam you of your money once they have earned your trust. Tell-tale signs include a reluctance to meet up in person or a lack of friends on their social networking account.
• Keep potential fraud and spam out of your regular email inbox by creating a separate email account for social networking purposes. Never click on hyperlinks or download attachments in unsolicited emails.
• Further protect your account by using a unique password for each of your social networking profiles. Ensure it doesn’t match the password used for your Standard Chartered bank account.
• Keep your social networking accounts private and restrict them to friends and family only. This makes it harder for cyber criminals to monitor your online activities on these platforms.​

Back to top>>​