Scam Alert: POSB Internet Banking Phishing Scheme Email

Always follow these steps when accessing your bank account to keep your money safe!

Singaporeans beware! A new scam has popped up in the cyber world and this time, it is even harder to spot than before.

DBS Bank issued a warning of a phishing scheme targeting POSB Bank customers. The scheme is sent out via email and its link mimics the POSB Internet Banking login page.

Source: DBS

DBS has provided a sample of the "malicious email" that was sent to some customers, on their website. The scam email claims that hackers have attacked banks in Singapore. It also claims that the Monetary Authority of Singapore has mandated customers to update their accounts and keep their money safe.

Those who click on the link will then be redirected to sites with addresses like:




Source: DBS

"Such phishing sites are designed to steal customer details, logins, PINs and OTPs in order to perform fraudulent transactions," the bank said in its security alert.

Though it does not seem that anyone has fallen for the scam yet, the bank has sent out alerts for users to be vigilant.

DBS takes action on scam alert

Source: DBS

The bank was aware of the phishing email and took down the website on Thursday evening, a DBS spokesperson told Channel News Asia, adding that it actively takes down phishing sites to protect customers.

“We are mindful of the threats from phishing, virus and malware targeting online and mobile devices," the spokesperson said.

"We actively alert our customers to any unusual Internet banking login experience that may be caused by phishing or malware intrusions via our website. We also continuously raise awareness among customers on how they can better protect themselves via communications channels such as emails, online banners and bank statements."

According to the spokesperson, customers should never give out their userID, iBanking PIN or OTP over phone or email. DBS staff do not ask for such information as well, the spokesperson added.

Users should protect themselves

Source: DBS

No matter how careful we think we are being, it is always good to be informed on how to avoid scams. DBS advises that customers should always type in the URL of the DBS or POSB website directly into the address bars of their browsers, and to never reply to unsolicited emails.

On the official DBS or POSB website, there should be a "padlock" icon on the address bar of the web browser and when this icon is clicked, a window should appear confirming that VeriSign has identified that the certificate is issued to DBS.

Customers are also encouraged to use the latest versions of Internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification.

If ever you find an unknown transactions in your account, you should call the bank immediately at 1800 111 1111 for personal banking or 1800 222 2200 for business banking, DBS added.

This is the seventh phishing security alert DBS has issued on its website since the start of the year.


This may be the 7th DBS scam circulating online for the year, but being equipped with the right knowledge on cyber security can prevent you from losing money to scammers. 

Read more cyber-security related articles here.

Scammers Are Getting Savvier, So We All Need To Get Smarter

Here Are The 5 Most Common Types Of Data Stolen And Why

How To Keep Data Private: 9 Steps To Protect Your Cyber Security