What is phishing?
Phishing is a cybercrime where potential victims are lured into providing sensitive data such as personal information, bank & credit card details, account usernames, and passwords.
Cyber-criminals will send phishing emails, SMS, or online messages posing as an authentic source from a legitimate institution (e.g. bank, service provider, social networking site, etc) that the potential victim has dealings with. The collected information can then be sold off to other cyber-criminals and used to access the victim's various accounts for purposes of stealing their identity or withdrawing money from their banks and credit cards.
Scammers often detect the IP address of your internet connection (whether it be on mobile or your home internet connection) to ascertain your telecommunications provider. By adding your provider’s name to the phishing attempt, scammers attempt to add false legitimacy to their message.
Signs of phishing scams
Common phishing scams
Emails that look like they are from your bank or telecommunications provider, asking you to click on a link to update your bank details on a bogus website.
Online advertisements or pop-up messages are seen while browsing, informing you of a prize or lottery won or if you have an unclaimed refund.
Suspicious or out-of-character messages or posts on social media from a friend asking you to click a link. This usually happens if your friend’s account is being hacked by a scammer (human or machine) designed to phish, scam or infect other accounts.
Websites impersonating a charity or shop, or made to look like popular websites, with slightly different spelling in the website address.
Telephone calls from someone pretending to be from a company you interact with, asking you to confirm all your personal or payment information before they will give you an important message.
Common “hooks” of phishing attempts and tips for dealing with them
- Too good to be true – Phishing scams use attention-grabbing statements such as “you have won an iPhone, a holiday, a lottery, or that you will be receiving a large sum of money.” Remember that if it seems too good to be true, it probably is. It's advisable to take caution of such messages and report to the authorities should you be harassed.
- Links - Phishing attempts almost always include a link or a button that is just begging to be clicked. Once clicked, it often leads to a fake website that mimics the look and feel of a legitimate institution's real website. Viruses and other malware may also end up infecting your device upon clicking such links. If you receive any suspicious emails with links in them, simply copy the link and paste it into Google. If it's a common scam, you'll see plenty of search results about it.
- Request for personal information: Ask yourself why your personal information is being requested, especially if the request appears to come from an organisation that should already have your details. Head directly to the bank's (or other organisation's) website as you normally would instead of using any links in the email. If they really do require you to update your details, you will almost always be notified after you log in. If you’re concerned, ring your bank or visit your local branch to see if they know what's going on.
- Threats - Another approach used by cyber-criminals is creating fear that something is at risk, like your bank account getting closed or your internet service getting suspended. These statements cause concern and are hard to ignore. Remember, you can always contact your bank or mobile service provider to confirm exactly what's going on.
- Sense of Urgency - An impending account closure or a time-limited prize pressures the victim to act immediately and disregard the need to take caution to verify the authenticity of the message.
- Poor grammar – Often phishing attempts can include unusual phrasing, poor grammar or spelling, broken formatting or images that don’t load properly. The company’s name may be listed slightly differently, for example, “SIMBA Internet” instead of “SIMBA Telecom”.
- Attachments - Phishing attempts may also entice you to open an attachment, like photos, videos, documents, etc. Viruses and other malware may end up infecting your device upon opening of such attachments. To protect yourself, do not open or download any attachment if you do not know or trust the sender. Verify the sender’s email address (not just their name).
What to do if you think you’ve received a scam message purporting to be from SIMBA?
- Please do remember, SIMBA will never send an unsolicited email, SMS, or message requesting you to provide your username, password, or personal and banking details. If you've received a suspicious email, SMS, or message purporting to be from SIMBA, you should forward it as an attachment to firstname.lastname@example.org.
- Always make sure the URL (website address) such as https://www.simba.sg/ or https://novus.tpgmobile.sg/ is spelt correctly in the address bar of your web browse
- Do not click any links, survey forms or buttons in the phishing message.
- Do not open or save any attachments.
- SIMBA advocates and encourages all our subscribers to remain vigilant about phishing scams and online security breaches. It is important to exercise discretion and caution when revealing personal data to unverified sources.
- For more information on phishing scams in Singapore and how to spot them, visit the Ministry of Communications and Information website: https://www.csa.gov.sg/gosafeonline/go-safe-for-me/homeinternetusers/spot-signs-of-phishing.