New POSB Email Phishing Scam Promises Cash Reward Or Air Miles
It seems like a new scams emerges almost every day in Singapore, especially those linked to banks.
The dust had barely settled on the OCBC bank scam earlier this year when DBS Bank reported an SMS phishing scam targeting its customers.
A month after that, POSB customers have again been targeted by a scam, this time over email.
It tells recipients to click on a link to take a survey, but the email isn’t legitimate, the bank warned.
Beware of phishing email
DBS alerted the public about the latest scam in a Facebook post on Friday (25 Feb), warning of a phishing email.
The email contains a clickable link to a “POSB-PAssion Rewards 2022!” survey, and promises a possible cash reward upon completion of this “survey”.
This is not a legitimate email from POSB, the bank said.
Comes from non-DBS/POSB email address
The phishing email, which was seen by MS News, was from a sender named “PAssion POSB”, probably aiming to make recipients think it had something to do with the PAssion Card.
It also had the vague subject “Congratulations! Customer Satisfaction Survey”.
Screenshot of the phishing email
However, one telltale sign that all is not right was that the email address of the sender had nothing to do with DBS/POSB.
Instead, it had the “.jp” domain assigned to Japanese websites.
While the content of the email even had the PAssion Card logo, it was riddled with grammatical errors – another sign that it’s dubious.
The email said the recipient had been “selected” as 1 of 500 “lucky customer” to take part in a survey.
To entice victims, it also indicated that they’ll get $110 after taking the “survey”.
Link redirects to phishing site
In a further advisory on its website, DBS said those who click on the link will be directed to a website that looks kinda like a legit survey.
However, the website address won’t be a valid DBS/POSB one.
If that doesn’t set off alarm bells in your head, this surely should: The site will proceed to ask for personal details like date of birth, mobile number and credit card number, including expiration date and CVV.
Do not, we repeat, do not provide this info.
If you do it, the next page will then ask for an SMS One-Time Password (OTP), according to DBS. This is disguised as a way to send the customer a “reward” in the form of 3,000 air miles or $110.
“The scammer will exploit the stolen information to conduct unauthorised card transactions,” DBS said.
Thus, customers who’ve provided their personal info, including card details, to the website should contact the bank immediately.
They can call its anti-fraud hotline at 1800-339-6963, which operates 24/7.
No clickable links will be sent
DBS stated that they and POSB, which they operate, will not send customers emails/SMSes with clickable links, as per the new security measures rolled out in Jan.
Knowing this, customers should go directly to the bank’s website to verify any banking-related requests or offers.
Also, DBS and Government officials will never ask for info such as card details, CVV, OTPs, or Digital Token approvals.
Customers should thus not disclose such info to unverified sources, and avoid calling phone numbers, clicking links or scanning QR codes in unsolicited emails, SMS, or messaging apps.
Share scam prevention tips with friends & family
With the recent spate of scams wiping out millions from hundreds of unsuspecting victims, it’s important to keep updated over the latest scams in town.
Thus, be sure to also teach friends and family, especially those who’re not digitally savvy, of ways to protect themselves.
While we can always count upon law enforcement to have our back, the public also needs to play their part by staying alert and not falling for scams in the first place.
Have news you must share? Get in touch with us via email at news@mustsharenews.com.
Featured images adapted from Google Maps and DBS.
Drop us your email so you won't miss the latest news.