Scam Advisory
Protecting yourself from scams
At Etiqa, we will not send emails or SMSes with clickable links without our customers’ consent to prevent phishing / smishing scams.
We urge customers to stay vigilant by keeping up-to-date with relevant police news releases and security advisories here.
Phishing – a method used by scammers to obtain confidential information such as your NRIC details, credit card numbers, One-Time Passwords (OTPs) and login credentials through the internet so that they can make unauthorised transactions.
Smishing – also known as SMS phishing, this is a common form of phishing cybersecurity attack carried out by scammers over mobile text messaging.
Since 13th October 2022, the police have received at least 112 reports regarding phishing scams, with losses amounting to at least $133,000. Please read these tips on how to protect yourself from becoming the next victim.
How the scam works
- Victims would
receive text messages that were purportedly from LTA notifying them of
unpaid bills or fines
- They would then
click on a link embedded in the message to view information regarding the
supposed bills or fines.
- The link would
redirect the victim to fraudulent websites where they would be prompted to
provide their credit or debit card details and one-time passwords (OTPs).
- After providing
these details, they would discover unauthorised transactions made with
their cards.
Watch the video: Beware of SMS Phishing Scams involving the use of LTA
Recent reports show an increasing number in scams of all types – involving phone calls, SMSes, emails and even social media. The importance of cyber security must not be overlooked, and we ask for your alertness to join us in taking preventive measures to protect yourself from scams.
Example of a phishing email:
Example of a SMS phishing scam:
Also known as smishing, SMS scams are carried out via SMS spoofing techniques where the SMS sender information appear to be from legitimate organisations.These fake SMSes often contain links to fraudulent websites that resemble the organisation’s website that the scammers are impersonating.
Please note that Etiqa will not request customer to unlock or change password via SMS. Please call Customer Care at +65 6887 8777 or submit a form at https://www.etiqa.com.sg/contact-us/ if you are in doubt.
Check and verify | Take preventive measures | Report immediately |
---|---|---|
Always verify the authenticity of the information with the official Etiqa website URL www.etiqa.com.sg. You may also verify the authenticity of the information with official websites or sources like https://www.scamalert.sg. | Do not respond to requests to perform any transaction to unknown account numbers. To block unsolicited messages and calls (only available on iOS devices), download the ScamShield mobile app developed by the Singapore Police Force and the National Crime Prevention Council. | If you suspect that you have fallen victim to a scam, change your password immediately. Call +65 6887 8777 or email us at customer.service@etiqa.com.sg to report any unauthorised transactions made to your account(s) and lodge a police report. |
What you need to watch out for:
- International calls – Be wary of unexpected international calls, especially those that are allegedly from local organisations. All international calls will come with a ‘+’ prefix, and yes that includes numbers starting with ‘+65’, which are likely spoofed local numbers.
- Email address/phone number – Always look at the address or number instead of just the sender name. Is the email address from the official domain of the alleged sender? If it isn’t, it is most likely fake. Also, do not call or reply to unofficial telephone numbers provided in unsolicited emails and text messages. Always verify the authenticity of the information with official websites or sources.
- Unsolicited SMSes – Some scammers use fake SMSes (i.e. job ads, lucky draw wins, etc.) for social engineering or to trick the victims into divulging confidential account and internet banking information.
- Urgent messages – Don’t be too quick to act on urgent or threatening language. Scammers will try to make you act fast without thinking by using phrases like “urgent action required” or “your account will be terminated”.
- Bad grammar – Is the email or SMS poorly written and filled with typos? No official communications will be riddled with grammar mistakes. The same applies for website as well.
- Suspicious links – Hover across the link to check the URL address. Does it match the context of the email? Is it from a legitimate domain e.g. URL starts with the bank’s official website domain? Is it a secured website that starts with https://? Many fake websites have slight spelling differences from the real domain name. If unsure, go via the official website or app instead of clicking through.
- Unsolicited attachments – Legitimate sources don’t usually send across attachments if you did not ask for it. You should also look out for attachments ending in .exe or .zip, which could be malware.
- Confidential information – Never disclose your banking or card credentials such as username, password, One-Time Password (OTP) or Card CVV numbers to anyone.
- Passwords – When creating your passwords, use a complex combination of letters and numbers, perhaps the one suggested by your computer. You can store your passwords securely with a good password manager.For more information on how to protect yourself from scams, please visit https://www.ncpc.org.sg/ or https://www.scamalert.sg/.
- Victims would receive unsolicited SMSes with the sender’s ID containing similarities to “Singpass” (e.g. MySingpass, SGSingpass). The SMSes would indicate that the recipients’ Singpass accounts had been or would be deactivated, and that they were required to conduct facial verification. Recipients would be required to login to Singpass via a web link provided in the SMSes.
- Upon clicking on the web link, the victims would be directed to a spoofed Singpass login webpage, where they would be required to enter their Singpass ID and password. Victims will then be led to a 2FA page where they would be prompted for their Singpass One-Time Password (OTP).
- Victims would then realise that they have been scammed when they receive alerts from Singpass that their profiles had been updated. In some cases, unauthorised transactions were also charged to their credit card accounts.
Please refer to the SPF page (https://www.police.gov.sg/Media-Room/News/20221002_advisory_on_phishing_scams_involving_singpass) for an advisory on phishing scams involving Singpass provided by the Police and GovTech
We would like to remind all our customers on the following:
- Etiqa has removed clickable links in all marketing emails and SMSes. To protect yourself,
- Do not provide your Passwords, or OTPs to anyone. Etiqa employees will never ask you to reveal your Password/OTP for purpose of transactions.
- Do not key such information into unverified webpages. We will never send you any SMSes or emails with clickable URLs.
- If in doubt, call our Customer Care hotline at 6887 8777 for assistance.
- To avoid being a victim of Phishing Scams, please refer to below:
- Keeping Up to Date with Scam
Alerts Refer to the relevant Police news releases and advisories to raise security awareness, and be watchful and vigilant against phishing scams.
DOWNLOAD the ScamShield mobile app developed by the Singapore Police Force and the National Crime Prevention Council to block unsolicited messages and calls (now available on iOS and Android devices). Learn more at https://www.scamshield.org.sg/.