Disclaimer

This is to inform that by clicking on the hyperlink, you will be leaving sc.com/sg and entering a website operated by other parties.

Such links are only provided on our website for the convenience of the Client and Standard Chartered Bank does not control or endorse such websites, and is not responsible for their contents.

The use of such website is also subject to the terms of use and other terms and guidelines, if any, contained within each such website. In the event that any of the terms contained herein conflict with the terms of use or other terms and guidelines contained within any such website, then the terms of use and other terms and guidelines for such website shall prevail.

Thank you for visiting www.sc.com/sg


Proceed
Sg scam articles

Phishing

Beware of phishing scams

What is a Phishing scam?

Phishing is an attempt by fraudsters posing as trusted entities to steal personal and sensitive information such as usernames, passwords, Singpass login credentials, One-Time Password (OTP), online banking and credit/debit card details for malicious reasons.

Not all phishing attacks require a fake website or email. Doing this via a phone call is known as voice phishing or vishing. Targets are often lured by communications purporting to be from trusted parties such as social web sites, banks, online payment processors, government agencies or IT administrators.

How is it done?

– A scammer contacts a target via email, text message or call impersonating representatives from banks or government agencies seeking personal information.

– The target is directed to fake websites created to resemble official sites of organisations or banks.

– Personal and sensitive information such as online banking credentials, OTP, Singpass login are stolen or compromised when the target keys in these details on the fake websites.

How do I spot the signs?

 1. Inconsistent and misleading information

– Emails viewed on desktop:  Pay attention to the sender’s email address, which may closely resemble a company’s official email address. Hover your mouse cursor over links in emails to reveal the true destination of the link. A small window will appear above the link to display the actual URL. If the URLs do not match, it could be an indication of a phishing attempt.

– Emails viewed on mobile device:  A long-press on the link will display a window with the actual URL. If the URL looks suspicious, do not open the link.

– Websites: Scammers create phishing websites that are visually similar to legitimate websites.. Look out for the lock icon beside the URL link in the address bar or https:// which signals that data traffic within the site is encrypted.

 2. Requests for confidential information

The Bank will never ask for your personal information such as national identification number, Singpass or online banking login credentials and credit/debit card details to be sent over email or text message. If the sender claims to be a bank representative and requests for your bank account number, this should raise a red flag immediately.

 3. Suspicious attachments

Scammers may send attachments in their emails or text messages to infect a target’s device with malware and steal data. Beware of suspicious file names and types.

 4. Unexpected emails or text messages

Scammers frequently send mass emails or text messages to large groups of people, hoping to catch someone who responds. If you receive an email or message with links or attachments regarding a transaction that you did not perform, do not click on the links or open the attachments. Verify the authenticity of message or request through the organisation’s official channels.

Sample of phishing email and text message

Advertisement, Poster, TextElectronics, Mobile Phone, Phone

What should I do if I am a victim of a phishing scam

 – Change your password immediately.If the compromised password is commonly used across other accounts, change those too. It is advisable to use a different password for each of your online accounts.

 – Run a full system scan with an anti-virus software if you have clicked on a link or opened an attachment.

 – Call the bank if you have revealed your banking details or credit/debit card credentials.

 – Monitor your bank accounts for suspicious activities such as unauthorised purchases or withdrawals.

 – Lodge a police report online on the Singapore Police Force website or in person at a police station.

 – Report the phishing attempt to the Singapore Computer Emergency Response Team (SingCERT) at singcert@csa.gov.sg.

How do I stay safe?

Tip #1: Only access our banking services via our official website

Our official domain and sub-domains include:

– sc.com

– sc.com/sg

– retail.sc.com/sg

Check that you are using the official Standard Chartered website in two steps

Step 1:

Type the Standard Chartered URL directly in the address bar of your web browser on your desktop or your mobile phone and look for the lock icon beside the URL link in the address bar.

Step 2:

Click on the lock icon and a drop-down window will appear. If the drop-down window displays that the connection is secured, it means that any data traffic on the webpage is encrypted.  

Sample of the lock icon:

 Note: Ensure that you are using the latest version of web browser or mobile operating system available, as these may provide advanced security features such as anti-phishing and forged website identification. If such features are available, you are advised to turn them on.

Tip #2: Do not act on suspicious links or QR codes

Verify the URL in the email or text messages. Ensure that the website is legitimate by keying in the organisation or bank’s official web address on the web browser.

Watch out for any message or email which pleads for assistance, invokes a sense of fear, urgency or curiosity. This might be a phishing attempt to steal your personal information.


Tip #3: Use Push Notifications in SC Mobile

Turn on in-app push notifications in SC Mobile to get notified via a secure channel.

  

Learn to spot the signs by taking the anti-scam quiz by the National Crime Prevention Council.

Sources:

https://www.csa.gov.sg/gosafeonline/go-safe-for-me/homeinternetusers/spot-signs-of-phishing