#BeAProAgainstCons with OCBC's security measures and anti-scam tips

Back

Phishing scams

Learn to spot and avoid one of the most prevalent scams in Singapore

WHAT ARE phishing SCAMS?

Phishing scams happen when cyber criminals try to trick victims into disclosing confidential information (e.g. their NRIC number, online banking or Singpass credentials, card details, passwords) either by pretending to be someone they are not or by offering something that is not real.

HOW DO phishing SCAMS WORK?

The approach:

The fraud:

  • Tempt victims with the promise of rewards

    Preying on people’s desires, some scammers will call their targets and claim that the targets have won a reward or a giveaway which they did not enter. The calls would be unsolicited and from unverified organisations.

    When questioned, the scammers may claim that another person had entered the victim into the giveaway on his/her behalf.

    The scammers may also offer highly attractive deals (e.g. tax rebates) or talk about a surprise inheritance. They may ask targets to fill out a survey (designed to steal personal information) in exchange for a participation prize.

    The scammers will make the fake prize sound very enticing. This is to lure their victims into revealing their personal details, which they will claim are necessary to verify their identity and obtain the prize.

  • Use fear to get their victim’s attention

    Other scammers prey on people’s fears. Under the guise of a bank, they will send emails or SMSes claiming to have identified an ‘unauthorised transaction’ or ‘suspicious activity in the account’ that needs urgent attention.

    The emails or SMSes will include links to bogus websites or phone numbers for their target to contact. They may contain threats of ‘deactivating’ the target’s account if the target does not comply with their instructions to, for example, provide his/her banking details.

    The target may be told that a large purchase has been made under his/her account, sometimes in foreign currency, and asked if the payment was authorised by him/her. Once the target says no, the scammer will get him/her to confirm his/her bank account or credit card details – supposedly so that the case can be ‘investigated’. In some instances, the scammer has already obtained their target’s credit card number; they may then ask the target for the 3 digits on the back of his/her card (i.e. the card’s security code).

  • Impersonate the government to seem legitimate

    Other scammers may impersonate members of the government or the Courts. They will contact their targets with claims of serious legal issues that the targets must resolve immediately (e.g. a court summons against them or a fine they must pay to avoid imprisonment). 

    They will ask for the target’s personal details, including his/her NRIC number. They will claim that these details are needed to verify the target’s identity so that they can provide more details on the supposed issue to the victim. 

  • Impersonate e-commerce websites and delivery businesses

    Some scammers target online shoppers and will claim to be from delivery companies or e-commerce sites. 

    They will email, SMS or even call their targets with claims that they are experiencing delivery issues relating to orders that were never placed. They will claim that their targets must confirm certain personal and account details (e.g. their online banking credentials or login credentials for the e-commerce site) before the delivery can be made.

  • Use seasonal events to widen their target pool

    Phishing activity tends to increase during newsworthy and seasonal events. This includes natural disasters, epidemics, health scares, periods of economic downturn or crisis, major political elections and holidays.

  • Copy legitimate communications to trick victims

    Most often, the emails and SMSes will mimic the look of messages that originate from legitimate banks or organisations. At times, the imitation may be so good that it will be almost impossible to differentiate the legitimate and the bogus.

    There are tell-tale signs. Scammers usually cannot properly identify themselves. The emails and SMSes they send will not address their target by name and may also contain typographical and grammatical errors.

How a phishing scam might look

Here is an example of a phishing scam.

A scammer may use a victim’s details for a number of criminal activities once a victim reveals them. For example, the scammer might transfer money out of the victim’s bank account(s) to an untraceable destination or use their stolen card details to make purchases (including purchases of illegal products).

How a phishing scam might look
HOW TO AVOID BECOMING A VICTIM OF PHISHING SCAMS
  • Be sceptical

    Do not trust lofty promises, deals that seem too good to be true, or individuals who call or message you – unsolicited – to ask you to divulge personal information over the phone.

    Do an online search using the names or exact text from the suspicious email or SMS sent to you – you may discover that others have received similar scam messages. This can help you identify common scams.

  • Do not give in to pressure

    Never make financial decisions, give away sensitive details about yourself or anyone you know or sign any documents under pressure.

  • Ignore, block and report

    When contacted, hang up immediately if the caller cannot properly identify themselves.

    Do not call any numbers or click on any links in SMSes that claim to be from OCBC. OCBC will never send you SMSes or emails with clickable URLs. Block and report the number used to contact you.

  • Do your checks
    Always verify the authenticity of the information shared with you, or requests made to you, by contacting the organisation directly (e.g. at their website or email address, or via their app or hotline).

    To ensure you are on the correct website, personally enter the URL of the organisation’s website that you intend to visit into your browser’s address bar. View a list of OCBC’s official contact and banking channels.

    If in doubt, seek a second opinion from someone you trust.
  • Be alert

    Enable transaction alerts for your bank accounts and credit cards. Learn more about transaction alerts from OCBC, discover how to set up transaction alerts for card and deposit transactions via the OCBC Digital app, and select your preferred notification channels and threshold limits.

    To ensure you receive OCBC alerts and notifications, let us know immediately if you change your mobile number or email address. Learn how to update your contact details.

    Always read your bank notifications carefully and notify us immediately if any transactions shown are not made by you.

  • Keep your accounts secure

    Do not key your personal information and banking details into unverified webpages.

    Stay vigilant and never give out your Online Banking login credentials (i.e. Access Code and PIN), card details or One-Time Password (OTP) to anyone, including people claiming to be from OCBC. OCBC employees will never ask you to reveal your PIN/OTP or transfer funds to personal accounts.

    Log in to OCBC Internet Banking by typing out www.ocbc.com directly into your browser, or via the OCBC Digital app to make sure that your log in is secure. If you suspect that your account has been compromised, call us at 1800 363 3333 (or +65 6363 3333 if you are overseas) and press 8 to report fraud or temporarily freeze all your accounts. You can also activate the emergency kill switch via the OCBC Digital app and selected OCBC ATMs.

  • Protect your money

    Do not send money to someone whom you have not met.

    Be responsible for all banking transactions involving your account and do not allow others to perform transactions on your behalf. You may be unknowingly laundering money for criminals – this is a criminal offense that carries hefty fines and prison time.

    Never authorise a transaction or login unless you know its purpose.

    Set daily transaction limits for payments and transfers according to your preference via OCBC Internet Banking or the OCBC Digital app.

  • Take precautions

    Enable two-factor authentication (2FA) for each of your online accounts for services such as email, social media, and online shopping, to list a few. This provides your accounts and personal data with an additional layer of protection.

    Be wary of any calls with the ‘+65’ prefix and of international calls with the ‘+’ prefix where the caller claims to be from a legitimate business, government, or organisation such as your bank, especially if you are not expecting an international call. When in doubt, verify the identity of the person(s) and the organisation(s) by calling their hotline numbers.

    The +65 prefix was implemented by Singapore’s Ministry of Communication and Information with telcos in 2020. The purpose is to alert the public that these are calls coming from overseas and that the public should not pick up such calls if they are not expecting anyone calling from overseas.

  • Keep yourself up to date

    Visit the National Crime Prevention Council’s ScamAlert.sg website to learn – and take a short quiz – about the latest scams and how to avoid being a victim.

WHAT TO DO IF YOU HAVE BEEN SCAMMED

Call us

If you believe you have fallen prey to such scams and/or your OCBC account details/funds may be or may have been compromised, please call our Personal Banking hotline at 6363 3333 (or +65 6363 3333 if you are overseas) and press 8 to report fraud or temporarily freeze all your accounts and cards.

Contact the Police and file a report

You can file a police report online or in person at a police station

Find out what information you will need to share if you have fallen prey to a scam.

Contact the platforms involved

Report the scammer to the e-commerce platform, social media website or classified ads website that you purchased the product from and/or where the scammer approached you.

Spread the word

Tell others you know of your experience to help educate and protect them. You can also share your stories on social media or anonymously at www.scamalert.sg.
LEARN ABOUT OTHER SCAMS

E-commerce Scams

Learn how to stay safe when shopping online

E-commerce Scams

Learn how to stay safe when shopping online

Impersonation Scams

Uncover impersonators by understanding their tactics of deceit

Impersonation Scams

Uncover impersonators by understanding their tactics of deceit

Money Mules

Learn how criminals prey on the vulnerable and make them money mules

Money Mules

Learn how criminals prey on the vulnerable and make them money mules