An alert on 6 February 2017 by The Development Bank of Singapore Limited (DBS) highlighted phishing emails sent to DBS IDEAL customers. The DBS email contained links to phishing websites that disguised themselves as legitimate DBS IDEAL websites.
This is how real the fake DBS email looks like.
In order to steal authorisation credentials such as Organisation ID, User ID, PIN and Security Access Codes, scammers targeted these emails at unsuspecting customers. These emails contained DBS logos and credentials that masked the true intent from the sender.
After clicking on the fraudulent links in the fake DBS email, the victim would then be redirected to a phishing website that was cloned to mimic the original DBS IDEAL page. Some of the URLs used include:
Should the customer fall prey to the phishing attempt, the information gathered by the scammers can be used to perform unauthorised, fraudulent transactions.
An advisory from DBS showed 3 ways to protect yourself:
- Always type in the URL of DBS website directly into the address bar of your browser.
- Check that you are using the official DBS IDEAL site. To do this, go to the address bar of your web browser and look for the “padlock” icon. When you click on the icon, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.
- Never reply to unsolicited emails. Call DBS immediately at 1800 111 1111 (Personal Banking) or 1800 222 2222 (Business Banking), if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.
Always stay updated with LeoProtect to find out the latest in scam alerts and news.