There’s a new phishing scam in town, this time in the form of an SMS alert targeted at DBS and POSB Internet banking customers.
In a warning issued on Thursday (Nov 22), DBS said that the SMS, disguised as security alerts, are leading victims to phishing webpages which look similar to DBS and POSB’s Internet banking login pages.
“Such phishing sites are designed to steal customer details, logins, PINs and OTPs in order to perform unauthorised, fraudulent transactions,” the bank said.
“If a customer falls victim to the phishing email and clicks on the link, they will be redirected to a non-DBS website”, it added.
Here’s how to tell if that security alert you received is genuine.
The SMS you receive will look something like this, with the sender identified as POSB or DBS.
These SMSes will warn or alert you of a breach to your account, or other security-related issues. They will also include links to websites, where you will be asked to log in to your account.
Phishing websites will contain URLs that look similar to the official bank’s webpage. The link ‘posb.validation-details.info’, for example, is not an authentic POSB URL.
Another link you could see is”posb.account-acces.info”.
Upon logging in, you will be redirected to a page with a similar URL, like the one below which ends with “.info”.
After entering your login info, the phishing website will even ask you to enter a one-time password or PIN provided on a bank-supplied dongle.
This may look very similar to official bank processes, but often, there are small clues you can look out for such as incomplete text and spelling errors on the page shown.