Better understand the threats you face online to protect yourself from falling prey to them.

Suspicious Emails

Types of emails that are suspicious

Suspicious emails include advance-fee fraud and variants including lottery scams, employment scams and fund transfers

  • An advance-fee fraud is a trick in which the target is persuaded to advance relatively small sums of money in the hope of realising a much larger gain. Typically, such scams begin with a letterform email sent to many target recipients making an offer that will purportedly result in a large payoff for the intended victim. The stories behind the offers vary, but the standard plot is that a person or government entity is in possession of a large amount of money or gold.
    This person (who is fictional or a character impersonated by the scammer) is either unable to access the wealth directly or is no longer in need of it. The target recipients are promised a large share of the money or gold if they will assist the scammer in retrieving the money and/or dispensing of it.
  • The lottery scam involves fake notices of lottery wins. The winner will usually be asked to send sensitive information to a free email account. The scammer will then notify the victim that in order to release the funds, some small fee (insurance, registration, shipping etc.) is required. Once the fee has been sent, the scammer will invent another fee and attempt to collect it.
    The employment scam usually involves emails offering employment opportunities with extremely attractive terms and conditions. Generally, after the applicants have been "accepted", they will be asked to pay a fee either to process a visa or as a deposit on accommodation. (Source: Wikipedia)
  • In general, caution should be exercised when any email asks for your confidential information or login details, or directs you to a webpage that asks for such information.
How to spot a suspicious email

Typically, a suspicious email does not address the recipient personally. It may contain spelling or grammatical errors. As set out above, these emails usually ask for personal information. Further, the email address of the author of the email and return email addresses provided in the text of the email (e.g. xxx@standardchabnk.com) and the use of webmail are additional indicators that an email may be suspicious.

What to do in the event you receive a suspicious email

If you receive suspicious emails, do not respond or provide any information. In addition, do not click on any link contained in the email or provide any Internet or telephone banking login details.

Vishing

What is vishing?

Vishing is the term given to the practice of leveraging Voice over Internet Protocol (VoIP) technology to trick people into providing personal and financial details over the phone for financial reward by pretending to represent real companies such as banks, which the fraudster then uses to achieve some financial gain. The term is a combination of "voice" and phishing. A "visher" is a person who perpetrates a vishing attack.

Vishing exploits the public's trust of landline telephone services. Traditional landline services end in a physical location that is known to the telephone company, and is associated with a bill payer. With the advent of VoIP, telephone services may now terminate in computers, which make illegal acts easier to achieve than with traditional "dumb" telephony endpoints.

A typical vishing attack could follow a sequence such as described below:

  • The fraudster sets up an automatic dialler that uses a modem to call all phone numbers in a given region.
  • When the phone is answered, an automated recording is played to alert the customer that his/her credit card has had illegal activity and the customer should call the recorded phone number immediately. The phone number could be a toll free number often with a caller identifier that makes it appear that they are calling from the financial company they are pretending to represent. Net phone technology makes it easy to fake the number someone is calling from.
  • When the customer calls the number, it is answered by a computer generated voice that tells the customer they have reached 'account verification' and instructs the consumer to enter their 16-digit credit card number on the key pad.
  • Once the customer enters their credit card number, the "visher" has all of the information necessary to place fraudulent charges on the consumer's card. Those responding are also asked for the security number found on the rear of the card.
  • The call can then be used to obtain additional details such as security PIN, expiry date, date of birth, bank account number, etc.

How to avoid becoming a victim of vishing?

Take steps to protect your personal information and bank account. If you are called by a so-called "Bank" or an organisation purporting to be a "Bank", be aware of the following:

  • Legitimate banks already have some knowledge of your personal details. Be suspicious of any call that appears to be ignorant of basic personal details like first and last name (although it is unsafe to rely on this alone as a sign that the call is legitimate). If you receive such a call, report it to your bank.
  • Do not call and leave any personal or account details on any telephone system that you are directed to by a telephone message or from a telephone number provided in a phone message, an email or an SMS especially if it is regarding possible security issues with your credit card or bank account. When a telephone number is given, you should first call the phone number on the back of your credit card or on your bank statement to verify if the number given is actually an office number of the bank.
  • Make sure you call your bank or the company that is the subject of the call to check it is legitimate before disclosing any personal information.

Who are the intended victims?

Vishing calls are indiscriminate and randomly target people. The fraudsters are cunning and they may not know your name or any other information about you but they will try to convince you to provide your account details. Because it is unlikely they know your name they tend to address their victims in vague terms, like "sir" or "madam".

What to do in the event you receive a vishing call?

If you do receive a suspicious call, email or phone message, please contact our Customer Service Hotline at 1800 747 7000.

Important points to remember
  • Standard Chartered will never randomly call you to ask for personal details including your PIN over the phone
  • If you receive a suspicious call, report it immediately by calling our Customer Service Hotline at 1800 747 7000
  • If you have disclosed information verbally or via your phone keypad, immediately contact Standard Chartered as above and the police

Phishing

What is phishing?

Phishing is the term given to the criminal practice of sending random emails purporting to come from genuine companies such as banks and ecommerce organisations. These emails try to convince customers of those companies to disclose personal information on fake websites operated by criminals.

The emails often contain emotive messages and claim that it is necessary to "validate" or "update" customer account information. The emails contain instructions to click on a link within the email which takes the recipient of the email to the fake website. Here, all information entered is collected and may be used to perpetrate different criminal acts.

Your funds could be stolen and used to finance criminal activities such as human trafficking, drugs and prostitution and your identity cloned and used for fraudulent purposes.

How to avoid becoming a victim of phishing?

It is important to remain vigilant and be suspicious of all unsolicited or unexpected emails you receive, even if they appear to originate from a trusted source such as Standard Chartered. It is important to remember that Standard Chartered would never ask you to reconfirm any personal information by clicking on a link in an email and visiting a website.

Where the email is sent from?

The structure of the Internet makes it relatively simple for criminals to create fake entries in the "From:" box of an email. This means that phishing emails often look like they come from a real bank email address. It is important to remember that the email address you see in the "From" field may not be from the person or organisation that it claims. The message is also likely to contain odd "spe11ings" or cApitALs in the "Subject:" box - this is designed to bypass spam filter software and increase their chances of delivery to a potential victim.

Who are the intended victims?

Phishing emails are sent out randomly using bulk email lists. The criminals are cunning and while they may not know your real name or indeed anything else about you they will try to convince you to provide your account details. Because it is unlikely they know your name they tend to address their victims in vague terms such as "Dear Customer".

The email may also include grammatical and spelling errors as it is likely that English is not their first language. Some emails may also contain a login form directly in the body of the email to add authenticity to the scam.

Fake hyperlinks

As with forging email addresses in the 'From' box, it is also very simple to hide a hyperlink's true destination. This means that the link displayed in an email and anything that shows up in the status bar at the bottom of your email programme can be faked.

The structure of a phishing website - The URL

Criminals are clever and use a number of techniques to hide the true location of a fake website in the address bar. The website address may begin with the genuine site's domain name (e.g.: online-banking.standardchartered.com.sg), but unfortunately that is no guarantee that it points to the real site. Other techniques may include using addresses made up of numbers (IP addresses), registering a similar domain name, or even inserting an image of the real address into the browser window. To add credibility to their fake sites, many criminals create direct links from their pages to the genuine website.

The structure of a phishing website - Pop-up windows

Another technique involves loading a genuine website into your web browser and then creating a fake 'pop-up' window over the top of it. Again this technique is employed by criminals to add credibility to the scam. When this is used, you would see the real website in the background; however any information you type into the pop-up window will be captured and used for criminal purposes. It is important to remember that you should always access your online banking account, by typing the bank's URL into a new window.

What to do in the event you receive a phishing email?

If you receive a suspicious email, please contact our Customer Service Hotline at 1800 747 7000.

Important points to remember

Standard Chartered will never send you an email requesting that you "verify" or "update" your password or any personal information by clicking on hyperlink and visiting a website.

  • Be cautious about all unsolicited emails and never click on hyperlinks from these emails or provide personal information
  • To connect to Online Banking, open your web browser and type the address in yourself (http://online-banking.standardcharted.com.sg)
  • If you are in any doubt about the validity of an email, or if you believe that you may have disclosed information on a fake website, contact our Customer Service Hotline at 1800 747 7000

Trojan Horses

What is a Trojan Horse?

Trojans are a type of computer virus and their name is derived from the term 'Trojan Horse' from Greek mythology. They can be downloaded and installed on a computer without the owner's knowledge.

Trojans are capable of performing sophisticated tasks; some variants can install a "keystroke logger", which will capture all keystrokes entered into a computer by a keyboard, others are designed to capture specific information entered at specific websites such as banks or ecommerce stores, either by keystroke logging or taking screen shots. As with phishing, the information is then sent to the criminals over the Internet, however this time directly by your computer.

Criminals typically send out random emails containing emotive or intriguing messages in an attempt to lure people to click on a hyperlink contained in the email and visit a malicious website. These websites may contain latent vulnerabilities on various web browsers that are exploited to download and install the specific Trojan. It is important to remember to be cautious if you receive unsolicited emails from unknown sources and never click on hyperlinks in emails to visit unknown websites.

How can I avoid being a victim of a Trojan Horse attack?

At present, Trojans take advantage of vulnerabilities in web browsers. To prevent Trojan Horses from infecting your operating system and web browser, you should:

  • Be cautious about all unsolicited email (especially those from unknown senders) and never click on hyperlinks from these emails to visit unknown websites. Some criminals use emails to trigger the download and installation of Trojans when your email programme uses HTML (Hypertext Markup Language) to display the message and the images contained. It is always safer to open all your emails in 'plain text' format
  • Install and keep updated anti-virus software and run regular scans (once a week as a minimum)
  • Install and use a personal firewall (hardware or software based)
  • Install the latest security updates, for your browser and operating system
We strongly advise that you ensure your operating system and web browser remain patched with the latest version or security updates as issued by the vendor. Many of the patches are designed to prevent criminals from exploiting vulnerabilities in current software versions. It may also be worth reviewing your current choice of browser to one less popular as many of the Trojans are created to exploit vulnerabilities in the most popular browsers.

Suspicious emails

In addition to targeted emails requesting bank account details, the criminals behind Trojan emails often use emotive or intriguing subjects such as ('Typhoon Warning' or 'Your ISP account is expiring) to lure people into clicking a hyperlink from the email to visit an unknown website. By employing a good anti-spam filter you should be able to significantly lessen the chances of receiving Trojan related emails.

Malicious websites

These websites try to harm your computer by installing malicious programmes (malware) such as viruses, Trojans or spyware. The websites themselves can appear to be completely benign as they install the malware in the background, although you might notice your computer running slower than normal on your Internet connection is very busy.

Mule Operations

What are mules?

As the criminals behind these frauds are mainly located overseas they attempt to recruit "mules" or "money transfer agents" to launder the funds obtained as a result of phishing and Trojan crimes. Following recruitment, they transfer money from stolen accounts to the mules, who in turn withdraw the money and make overseas payments using wire transfer services minus their commission as payment.

The criminals recruit mules through a variety of methods including spam emails, by placing adverts on genuine recruitment sites and in newspapers. They have also been known to approach directly people who have placed their resumes online.

Typically, the criminals create fake companies or charities that they use to recruit for positions such as "shipping manager", "financial manager" or "donations manager". The offers give people the chance to earn money easily for a few hours work each week. The only requirements are usually that you have a bank account (often from a specific list) and a private Internet connection.

How to avoid being involved in a scam?

As with phishing and Trojans, be wary of any unsolicited job offers or any offer that sounds too good to be true.

  • Exercise caution if you receive unsolicited offers or opportunities for work, especially if the company is based overseas
  • Attempt to verify the details of any organisation you are actively considering dealing with (including searching on the Internet for their name and reputation). This should include checking with the appropriate chamber of commerce or government office for corporate or charity registrations. A simple search on Google with the company name or email address may also reveal whether the company is known to be a criminal front
  • Never give your bank account details to someone you don't know or trust
  • Contact your local enforcement authority if you believe you may have become involved in or are a victim of mule activity
It is important to remember that allowing someone to use your bank account to launder the proceeds of phishing or Trojan activity is also considered a criminal act. Mules are also the easiest part of the criminal organisation to identify.

Mule recruitment campaigns

The adverts and offers may take a number of different forms. Criminals may copy the website of a genuine company or charity and register a similar domain names to increase its legitimacy. There are common threads to the adverts; most will claim to be overseas companies or charities seeking representatives or agents to act on their behalf. You may find that the advert is written in poor English with simple grammatical and spelling errors.

How to report a mule scam?

If you believe you may have disclosed your bank account details or received funds into your account as part of what you now believe may be mule activity, you should contact our Customer Service Hotline at 1800 747 7000

Call Us

Call our hotline for further information.

1800 747 7000

Locate Us

Visit the branch that is nearest to you.

Find a Branch »

Back to Top

Speaking Up

Standard Chartered Bank (the “Bank”) is committed to maintaining a culture of the highest ethics and integrity, and in compliance with all applicable law, regulation and internal policy. As part of this commitment, the Bank has a ‘Speaking Up’ programme through which genuine concerns in this regard can be raised. Members of the public can securely raise Speaking Up concerns through this hyperlink, which is hosted on behalf of the Bank by a third party ‘InTouch’. Examples of concerns that can be raised through this website are concerns that relate to accounting, internal accounting controls or auditing matters and concerns relating to bribery or banking and financial crime. Concerns received will be forwarded to the Bank’s investigations team for review. Complaints relating to SCB banking services should not be raised through this site in the first instance, but through the SCB branch network, contact centres, Relationship Managers or the ‘Contact Us’ webpage.

Disclaimer

Please note that this hyperlink will bring to you to another website on the Internet, which is operated by InTouch, an independent company appointed by the Bank to support its Speaking Up programme. Please be mindful that when you click on the link and open a new window in your browser, you will be subject to the additional terms of use of the website that you are going to visit.

Proceed