MAS Cautions Consumers about Scams Asking for Information on Bank Accounts

Singapore, 6 May 2018… The Monetary Authority of Singapore (MAS) advises consumers to exercise utmost caution when dealing with emails requesting for sensitive information associated with their bank accounts.

2     There has been an increasing number of “phishing attempts” over the past week, with emails purportedly from banks asking customers to update their personal particulars, including information on their bank accounts, online banking user names and passwords. Some of the emails claim it is an MAS requirement for bank customers to do so. Customers who receive such emails should not follow the instructions of the senders and should report them promptly to their banks.

3     MAS also expects all financial institutions (FIs) to take action to protect their customers. They should promptly alert their customers of any phishing activity and remove phishing websites that target their customers.

4     Consumers who suspect that their user ID, personal identification numbers (PIN) or security tokens have been compromised, or if they identify any suspicious activities on their banking accounts, should contact their banks immediately. For more tips to guard against phishing activities, please refer to the MoneySense website: http://www.moneysense.gov.sg/Understanding-Financial-Products/Banking-and-Cash/Things-to-Watch-Out-for/Phishing.aspx

*****

Additional information

What is phishing?

Phishing is a way of obtaining sensitive personal information such as one’s banking account details, PIN, one-time passwords (OTP), credit card number, user ID or password through the Internet, in order to perform unauthorised banking transactions.

The most common phishing method is a spoofed email purporting to be from an FI, credit card issuer or service provider. The emails usually use the following tactics to get the consumer to release their personal information:

  • "Your account is currently being updated as we are introducing a new security system. Follow the instructions below to reactivate your account."
  • "Your credit card is the subject of a police investigation for fraud. Please follow the instructions below."
  • "Our records indicate that payment for your Internet account is due. We are also currently introducing a new e-payment service. Please follow the instructions below."
  • "You are the lucky winner of our lucky draw. Please submit your credit card details so that we can verify your identity."

The phishing emails typically contain URL links, which when clicked, direct the consumer  to  fake webpages (e.g. a login page) which mimic the websites of legitimate FIs. These fake webpages are often used by perpetrators to harvest the sensitive personal information belonging to consumers. The webpages may also contain malware aimed at infecting consumers’ computing devices.

Steps to protect against phishing

Below are some quick tips that can help identify potential phishing attacks, as well as best practices that consumers can adopt to guard against phishing attempts:

  • Your bank will never send you emails asking you to divulge any confidential or personal information.
  • Never reveal your PIN or OTP to anyone. No bank would ever ask you for your PIN or OTP (via email or phone) for whatever reason.
  • Do not click on any link to log on to bank websites or open attachments in emails purportedly sent to you by your bank, credit card issuer or service provider. Instead, always enter the full URL or domain name of your bank or credit card issuer into your browser address bar. If you are unsure of the web address, contact your bank for the information.

Check your bank's website regularly for more information on announcements and advisories related to Internet security.

Last Modified on 06/05/2018