Scam Advisory

Home / Scam Advisory

Protecting yourself from scams

At Etiqa, we will not send emails or SMSes with clickable links without our customers’ consent to prevent phishing / smishing scams.

We urge customers to stay vigilant by keeping up-to-date with relevant police news releases and security advisories here.

What are phishing/smishing scams?

Phishing
 – a method used by scammers to obtain confidential information such as your NRIC details, credit card numbers, One-Time Passwords (OTPs) and login credentials through the internet so that they can make unauthorised transactions.

Smishing
 – also known as SMS phishing, this is a common form of phishing cybersecurity attack carried out by scammers over mobile text messaging.

Since 13th October 2022, the police have received at least 112 reports regarding phishing scams, with losses amounting to at least $133,000. Please read these tips on how to protect yourself from becoming the next victim.

How the scam works

  1. Victims would receive text messages that were purportedly from LTA notifying them of unpaid bills or fines
  2. They would then click on a link embedded in the message to view information regarding the supposed bills or fines.
  3. The link would redirect the victim to fraudulent websites where they would be prompted to provide their credit or debit card details and one-time passwords (OTPs).
  4. After providing these details, they would discover unauthorised transactions made with their cards.


Watch the video: Beware of SMS Phishing Scams involving the use of LTA

Recent reports show an increasing number in scams of all types – involving phone calls, SMSes, emails and even social media. The importance of cyber security must not be overlooked, and we ask for your alertness to join us in taking preventive measures to protect yourself from scams.

There are scams targeting Singapore residents via unsolicited video calls or automated voice messages. These calls claimed to be made from courier companies, financial institutions or government agencies such as the police.
 
The scammers typically try to connect with target members of public via messaging applications such as WhatsApp, Viber, WeChat, FB Messenger, etc. and will request for personal information, credentials and one-time password (OTP) under the guise of ‘verification purposes’ or ‘assisting in investigation’.
Phishing is a common cyberattack method adopted by scammers to steal sensitive personal data such as your NRIC details, credit card numbers, One-Time Passwords (OTPs) and login credentials through the Internet.

It is usually conducted via official-looking email messages or SMSes that appear to come from legitimate organisations. Such emails and SMSes typically contain a hyperlink to a spoof website and mislead account holders to enter credentials and security details on the pretext that security details must be updated or changed.

There has been a recent rise in SMS phishing scams targeting customers of financial institutions. Scammers impersonate the FI with fraudulent links.

Example of a phishing email:
An email with spoofed headers or fictitious email addresses may appear to be sent from Etiqa Singapore and include links to unfamiliar websites. This is likely to be a phishing attempt and is not sent by Etiqa Singapore even though it may appear in the same thread as the legitimate email.

Example of a SMS phishing scam:

Also known as smishing, SMS scams are carried out via SMS spoofing techniques where the SMS sender information appear to be from legitimate organisations.These fake SMSes often contain links to fraudulent websites that resemble the organisation’s website that the scammers are impersonating.
Sometimes, the fake messages may even appear within existing legitimate SMS thread from financial institutions. Do not click on any URL links in the SMS Alert without checking on the authenticity first, even if it appears in an existing SMS conversation with a legitimate organisation. If in doubt, type the link directly into your browser address bar.

Please note that Etiqa will not request customer to unlock or change password via SMS. Please call Customer Care at +65 6887 8777 or submit a form at https://www.etiqa.com.sg/contact-us/ if you are in doubt.
Check and verifyTake preventive measuresReport immediately

Always verify the authenticity of the information with the official Etiqa website URL www.etiqa.com.sg. You may also verify the authenticity of the information with official websites or sources like https://www.scamalert.sg.

Do not respond to requests to perform any transaction to unknown account numbers.

To block unsolicited messages and calls (only available on iOS devices), download the ScamShield mobile app developed by the Singapore Police Force and the National Crime Prevention Council.

If you suspect that you have fallen victim to a scam, change your password immediately.

Call +65 6887 8777 or email us at customer.service@etiqa.com.sg to report any unauthorised transactions made to your account(s) and lodge a police report.

What you need to watch out for:

  • International calls – Be wary of unexpected international calls, especially those that are allegedly from local organisations. All international calls will come with a ‘+’ prefix, and yes that includes numbers starting with ‘+65’, which are likely spoofed local numbers.
  • Email address/phone number – Always look at the address or number instead of just the sender name. Is the email address from the official domain of the alleged sender? If it isn’t, it is most likely fake. Also, do not call or reply to unofficial telephone numbers provided in unsolicited emails and text messages. Always verify the authenticity of the information with official websites or sources.
  • Unsolicited SMSes – Some scammers use fake SMSes (i.e. job ads, lucky draw wins, etc.) for social engineering or to trick the victims into divulging confidential account and internet banking information.
  • Urgent messages – Don’t be too quick to act on urgent or threatening language. Scammers will try to make you act fast without thinking by using phrases like “urgent action required” or “your account will be terminated”.
  • Bad grammar – Is the email or SMS poorly written and filled with typos? No official communications will be riddled with grammar mistakes. The same applies for website as well.
  • Suspicious links – Hover across the link to check the URL address. Does it match the context of the email? Is it from a legitimate domain e.g. URL starts with the bank’s official website domain? Is it a secured website that starts with https://? Many fake websites have slight spelling differences from the real domain name. If unsure, go via the official website or app instead of clicking through.
  • Unsolicited attachments – Legitimate sources don’t usually send across attachments if you did not ask for it. You should also look out for attachments ending in .exe or .zip, which could be malware.
  • Confidential information – Never disclose your banking or card credentials such as username, password, One-Time Password (OTP) or Card CVV numbers to anyone.
  • Passwords – When creating your passwords, use a complex combination of letters and numbers, perhaps the one suggested by your computer. You can store your passwords securely with a good password manager.For more information on how to protect yourself from scams, please visit https://www.ncpc.org.sg/ or https://www.scamalert.sg/.
The Singapore Police Force (SPF) has observed a surge in phishing scams where victims were targeted through the Short Messaging Service (SMS) to direct them to a phishing website and trick them into disclosing their Singpass login credentials.
There had been reported attempts by scammers to conduct fraudulent activities using the stolen Singpass login credentials. For these schemes,

  • Victims would receive unsolicited SMSes with the sender’s ID containing similarities to “Singpass” (e.g. MySingpass, SGSingpass). The SMSes would indicate that the recipients’ Singpass accounts had been or would be deactivated, and that they were required to conduct facial verification. Recipients would be required to login to Singpass via a web link provided in the SMSes.
  • Upon clicking on the web link, the victims would be directed to a spoofed Singpass login webpage, where they would be required to enter their Singpass ID and password. Victims will then be led to a 2FA page where they would be prompted for their Singpass One-Time Password (OTP).
  • Victims would then realise that they have been scammed when they receive alerts from Singpass that their profiles had been updated. In some cases, unauthorised transactions were also charged to their credit card accounts.


Please refer to the SPF page (https://www.police.gov.sg/Media-Room/News/20221002_advisory_on_phishing_scams_involving_singpass) for an advisory on phishing scams involving Singpass provided by the Police and GovTech

We would like to remind all our customers on the following:

  • Etiqa has removed clickable links in all marketing emails and SMSes. To protect yourself,
    • Do not provide your Passwords, or OTPs to anyone. Etiqa employees will never ask you to reveal your Password/OTP for purpose of transactions.
    • Do not key such information into unverified webpages. We will never send you any SMSes or emails with clickable URLs.
    • If in doubt, call our Customer Care hotline at 6887 8777 for assistance.
  • To avoid being a victim of Phishing Scams, please refer to below:
  • Keeping Up to Date with Scam
    Alerts Refer to the relevant Police news releases and advisories to raise security awareness, and be watchful and vigilant against phishing scams.

DOWNLOAD
 the ScamShield mobile app developed by the Singapore Police Force and the National Crime Prevention Council to block unsolicited messages and calls (now available on iOS and Android devices). Learn more at https://www.scamshield.org.sg/.