What is an Impersonation scam?
Have you ever received an unexpected phone call from:
If you do, please stop and think very carefully before taking any action. They may not be who they claim they are.
Fraudsters use impersonation tactics to scam their victims, often using persuasion or pressure so you might disclose personal information, transfer sums of cash to unknown accounts, or even request access to your computer on the pretext of fixing an issue.
Sample of life case:
In May 2021, information of 1,166 UOB customers were disclosed after a United Overseas Bank (UOB) employee fell prey to a China police impersonation scam. The employee had disclosed clients’ information such as names, nationalities, telephone and bank account numbers to the fraudster.
How do I spot the signs?
– Calls or messages asking for your personal particulars, OTPs or bank account details: Be wary of callers claiming they’re from government agencies, courier companies or telcos requesting for your personal particulars, bank account details, or OTPs.
Please note that no local government agency/police will instruct you to transfer money to designated bank accounts for investigation or ask for your personal banking or SingPass information.
– Scare tactics:These callers may threaten to link you to crimes such as pending court cases, your mobile number being used in a crime, your Wi-Fi being compromised, or that you had committed a criminal offence and need to assist in investigations.
Often, you are pressured to act immediately with threats such as ‘your money will be at risk’, ‘your account will be blocked’ or ‘you will be arrested if you do not cooperate’.
– Callers from a ‘+’ number: ‘+65’ does not mean it’s from Singapore. The ‘+’ sign prefix will be displayed for all international incoming calls.
How do I stay safe?
Tip #1: Check and verify the authenticity of the information with the official website or sources e.g. the Bank’s official website
Our official domain and sub-domains include:
Check that you are using the official Standard Chartered website in two steps:
Step 1 : Type the Standard Chartered URL directly in the address bar of your web browser on your desktop or your mobile phone and look for the padlock icon beside the address bar.
Step 2 : Click on the padlock icon and a drop-down window will appear. If the drop-down window displays that the security certificate of the website is valid, it means that the Standard Chartered page you are on is valid and will encrypt any information you enter on the page.
Note: We also encourage you to use the latest versions of web browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, you are advised to turn them on.
Sample of the padlock:
Tip #2: Never click on suspicious URLs in emails or SMS
Verify the URL that is on the messages. The Bank will only use sc.com as our main domain.
Watch out for any SMS or email which pleads for assistance, invokes a sense of fear, urgency or curiosity. This might be a phishing attempt to steal your personal information or commit fraud.
Tip #3: Be vigilant when talking to strangers
Verify that the caller is indeed who they claim to be.
No foreign law enforcement or authority can investigate offences in Singapore, and no public authority can require you to open a bank account or add iBanking to your account. Be wary if the caller threatens to involve the police when you do not comply.
Tip #4: Never disclose sensitive personal information to anyone
While the Bank’s IT systems remain secure with controls in place, your vigilance is required to ensure your personal particulars, SingPass information, banking details and OTPs are not disclosed to anyone.
Fraudsters may use these information to link your bank account to online wallets and set up eGIRO top-ups. If you are asked to scan a SingPass QR code, ensure that the domain URL displayed on your SingPass app’s consent page matches that on your browser before proceeding.
Tip #5: Do not install any software or grant remote access to your devices
Fraudsters may also impersonate tech support personnel via pop-up alerts on your internet browser or unsolicited calls claiming to be working for Internet Service Providers. Beware if they ask you to download a remote access application to gain access to your devices.
Learn to avoid becoming a victim by taking the anti-scam quiz by the National Crime Prevention Council.