Security Advisory – How to protect yourself from the security threat?

 

What is a Phishing scam?

 

Phishing is a form of identity theft or data theft that attempts to trick you into revealing personal or financial information by visiting a website or by clicking on a link. Phishing attacks typically use phony websites or email messages that appear to be from trusted businesses and brands in order to steal personal information such as usernames, passwords, credit card numbers etc.

The attachments may purport to be invoices, business accounting documents, user account information or other seemingly work-related attachments. When the attachments are opened, the malware infects your computers or devices to steal personal information, as well as login credentials.

There have been recent reports of phishing SMSes being sent to customers of financial institutions in Singapore, where fraudsters masquerade as the financial institute by adopting the same alphanumeric sender ID, also known as alpha tag, as the financial institute.

Here is an example of what SMSes received in such a situation could look like.

 

The spoofed SMS alpha tag places both phishing and legitimate SMS messages in the same SMS conversation thread. This makes the phishing text message seem legitimate which increases the likelihood of people being tricked into clicking the link.

Once you click on the link, you would be directed to a fraudulent website requesting your user credentials like your customer portal username, password and One-Time Password. Once these are entered, the fraudsters can use these stolen credentials to log into your customer account and perform unauthorised transactions.

How to protect yourself?

 

  • Do not click on any suspicious link, open any attachment or respond to suspicious SMSes as this is the first clue of a phishing attempt. Instead, always enter the full URL for Income web site into your browser address bar.

  • Avoid downloading applications from unofficial third-party application stores.

  • Always ensure that you’re using a secure website when submitting personal or other sensitive information via your web browser.

  • Ensure your devices are updated with the latest anti-virus software, software security patches and have a personal firewall installed and activated.

  • Do not reveal your online login password, One-Time-Password (OTP) or hardware token details to anyone. (Note: Income will never ask you for your password for whatever reasons.)

  • Watch out for usage of urgent or threatening langauge. Fraudsters hope to instill panic and fear to trick you into providing confidential information. Be wary of phrases like 'urgent action required' or 'your account will be terminated'. If you have a good reason to believe it is a scam, delete the message immediately.

  • If you notice any security issues, suspicious activities or fraud on your Income accounts, please let us know via this online form. (Select Rewards, Apps & Services > Fraud, Security Issues or Suspicious Activity Reporting)

    Learn more on how to spot phishing

     


What is a Phone Scam?

 

There are recent scams targeting Singapore residents via interactive automated voice message. The calls claim to be made from courier companies, banks or the police. If you receive an unexpected phone call from someone purporting to be an official from banks, DHL, customs, police, be wary as this could be a scam call.

In another variant of this scam, the caller might claim to be an employee or representative of financial / banking institutions who then asks – and even threatens – you to give them personal particulars such as passport or online login credentials or One-Time Password (OTP).

 

How to protect yourself?

 

  • Do not follow the caller’s instructions

  • Refrain from giving online login details, credit card numbers, OTP codes from tokens or passport numbers to strangers over the phone.

  • If you have any information related to such crime, please call the Police hotline.

 

What is a Malware?

 

Malware (short for “malicious software”) is considered an annoying or harmful type of software intended to secretly access a device without the knowledge of the owner. Once your computers or devices are infected, the malware will attempt to steal your login and authorization credentials (such as password, one time password (OTP) or other personal information.) by altering the login flow of the Income website.

You should take precaution and not let your devices be infected by malware.

 

How to protect yourself from Malware:

 

  • Do not click on hyperlinks, attachments provided in emails messages from suspicious or unknown sources.

  • Avoid accessing unknown and unsecured websites.

  • Install and maintain the latest anti-virus software on your mobile devices / computer.

  • Secure your mobile device with a password, pin or a relevant mechanism to prevent unauthorised use.

  • Do not reveal your online login password, One-Time-Password (OTP) or hardware token details to anyone.

  • Keep us updated with your current mobile number and email address so you are alerted to transactions or account activity.

 

Creating a strong password:

 

  • Your password should comprise at least 8 alphanumeric characters with a mix of upper and lower case letters.

  • Use the passphrase method to create a password that is difficult for others to guess.

  • Do not choose a dictionary word as your password.

  • Do not reveal your password to anyone.

  • Do not store your passwords on your computer or write them down.

  • Change your passwords regularly.

  • Log out and clear the browser cache after all transactions.

Learn more about online security guidelines

We use cookies to enhance your experience on our website.

ACCEPT cookies
loading