Security and Privacy
Past Scam Alerts
Additional measures to protect you from scams
24 January 2022
Maybank Singapore, in consultation with the Monetary Authority of Singapore, will be implementing stricter measures by 31 January 2022 to lower the risks of online fraud. These safeguards include (but is not limited to) phasing out clickable links in SMSes and emails sent to you, revising the default threshold for local and overseas funds transfer notifications and delaying the activation of Secure2u (digital token) by at least 12 hours. For details, please refer to FAQ.
Please change your password immediately as soon as you suspect that you have fallen victim for a fraud. Call 1800-MAYBANK (1800-629 2265) or (65) 6533 5229 (Overseas) and press *1 to report any unauthorised transactions made to your account(s) and lodge a police report.
Increase in Ransomware Scam cases
9 July 2021
There has been a recent increase in ransomware cases involving small and medium-sized enterprises (SMEs).
Ransomware is a type of malware that criminals use to encrypt files on the victim’s computer or shared network drive, preventing the victim from accessing these files. The criminal will then demand a ransom in exchange for a decryption key to access these files again.
How can you protect yourself?
- Ensure your important files and data are regularly backed up.
- Beware of links provided in unsolicited emails.
- Call 1800-MAYBANK (1800-629 2265) or (65) 6533 5229 (Overseas) to report any unauthorised transactions made to your account(s) or if you suspect that you have been a victim of fraud.
Car Loan Scam
15 June 2021
We received reports of ongoing car loan scams involving emails which are sent from MAYBANK SINGAPORE LIMITED (fcs_services@maybank.com.sg). The email includes a letter with Maybank letterhead requesting the victim to perform full settlement under Fast Consumer Service “FCS” in order to enjoy early settlement rebates.
Please note that the email address, email contents and names of individuals mentioned in the letter are not from Maybank Singapore Limited. For car loan settlement, please refer to the payment modes under FAQ 6 . Funds transfer is not one of the listed payment options for car loan full settlement.
Sample of the scam email – June 2021
How can you protect yourself?
- Do not share your banking credentials such as username, password, One-Time Password (OTP) or bank account details with others.
- Use the official Maybank website by typing the Maybank website URL (www.maybank2u.com.sg) to find out information about Car Loan.
- Be alert and always verify the details from Maybank. Do not respond to requests to perform funds transfer for car loan full settlement.
- Call 1800-MAYBANK (1800-629 2265) or (65) 6533 5229 (Overseas) to verify the contents of the letter.
Covid-19 Vaccination Scam
04 June 2021
The Singapore Police Force is cautioning members of the public to be vigilant when they receive SMS messages on the vaccination exercise to avoid falling prey to scams.
Scammers will request for payment of the vaccines or to obtain early access to the vaccines. Vaccines are free for Singaporeans, Permanent Residents and long-term residents. The Ministry of Health (MOH) will not ask for payment to schedule or to receive the vaccinations.
How can you protect yourself?
- Check the messages for grammatical errors.
- Ensure that the unique link ends with gov.sg before clicking on it.
- When in doubt, verify the authenticity of messages by calling MOH’s hotline at 1800- 333 9999.
- Call 1800-MAYBANK (1800-629 2265) or (65) 6533 5229 (Overseas) to report any unauthorised transactions made to your account(s) or if you suspect that you have been a victim of fraud.
Covid-19 Related Scam: Donations for oxygen machines to India
04 June 2021
The Singapore Police Force alerted the public to a new type of scam where scammers use compromised WhatsApp accounts to solicit donations for the purchase of oxygen concentrator machines to be sent to India.
The scammer would communicate with the victims using compromised WhatsApp accounts belonging to the victim’s friends. They would claim to be raising funds to purchase oxygen concentrator machines for donation to India and request for the victims to assist with the purchase or to donate to patients in India.
How can you protect yourself?
- Beware of unusual requests received over WhatsApp, even if they were sent by your WhatsApp contacts.
- Verify whether the request is legitimate by checking with your family and friends offline.
- Never send money to people whom you do not know or have not met in person
- Call 1800-MAYBANK (1800-629 2265) or (65) 6533 5229 (Overseas) to report any unauthorised transactions made to your account(s) or if you suspect that you have been a victim of fraud.
Impersonation Scams
04 June 2021
The Singapore Police Force would like to caution the public to be vigilant of scammers impersonating staff from local telecommunication service providers or officers from government agencies who are offering technical support.
Since 15 April 2020, only overseas calls will show a ‘+’ prefix before the number showing on your caller ID. Calls received from local numbers will no longer carry a ‘+’ prefix.
Example 1: +6955 0221
This is likely to be a spoofed call. For local numbers, there will not be a ‘+’ prefix.
Example 2: +4241 2345
This is an overseas caller; be vigilant if you are not expecting an overseas call.
The scammers might instruct victims to install applications, type commands into their computers or log onto their online banking account.
Government agencies or service providers will not request for your personal details or access to your online banking account over the phone or through automated voice machines.
How can you protect yourself?
- Beware of unsolicited calls from persons claiming to be service provider staffs or government officials
- Be more vigilant and exercise greater care when answering calls showing a ‘+’ prefix, especially if you are not expecting any overseas calls.
- Verify the authenticity of the call with the organization
- Do not share your personal or internet banking details and OTP with anyone.
- Call 1800-MAYBANK (1800-629 2265) or (65) 6533 5229 (Overseas) to report any unauthorised transactions made to your account(s) or if you suspect that you have been a victim of fraud.
Vulnerability of Data Synchronisation of Mobile Devices
03 May 2021
Some smart phones have features that support the synchronisation of data such as SMSes and emails between the mobile device and online storage or cloud services in near real time.
For smart phone users who have enabled data synchronisation on their devices, sensitive information such as One-time Passwords (OTP) sent via SMS or emails by financial institutions, can be accessed by criminals if their login credentials to the online storage or cloud services have been compromised. Exposed OTPs together with online banking credentials or credit card information harvested from customers can potentially be used by criminals to perform fraudulent financial transactions.
Customers are advised to be vigilant to these cyber risks and keep their mobile devices and related online accounts secured.
How can you protect yourself?
- Do not share your banking credentials such as username, password, OTP or bank account details with others.
- Change your passwords periodically.
- Use unique passwords that do not include any personal information such as your name or date of birth.
- Call 1800-MAYBANK (1800-629 2265) or (65) 6533 5229 (Overseas) to report any unauthorised transactions made to your account(s) or if you suspect that you have been a victim of fraud.
Impersonation Scams
23 April 2021
We received reports of ongoing SMS scams sending from 79899 impersonating Maybank that we have temporarily suspended customers’ card and to call 31386333 for verification of customers’ details and to reactivate their cards.
These SMS are not sent by Maybank.
Sample of the SMS – April 2021
How to protect yourself from scams
- Be alert and always verify the details in the messages from Maybank. Always check that the message reflects your intended actions and do not proceed or authorise suspicious transactions.
- Contact us at 1800-MAYBANK (1800-629 2265) or (65) 6533 5229 (Overseas) to verify the contents of the SMS.
- Never reply to unsolicited SMS or emails. Responding to such SMSes or emails may be used by scammers for social engineering or trick the victims into divulging confidential account and internet banking information.
WhatsApp Takeover Scam
17 February 2021
The Singapore Police Force has noted an increase in the number of reports received for WhatsApp Account Takeover Scams involving the 2 variants below:
Variant 1 – Direct Contact with Victim
The scammer would impersonate support staff from WhatsApp and request a 6-digit verification code for account recovery to gain access to the account.
Variant 2 – Indirect Contact using Victim’s Voicemail
The scammer would repeatedly fail the 6-digit verification code on the victim’s phone number. If the victim did not answer the resulting voicemail, the scammer would then use the default PIN used by telco providers to retrieve the 6-digit verification code from the victim’s voicemail and take over the victim’s WhatsApp account.
Note: Upon accessing the victim’s account, the scammer could then enable two-step verification to prevent the victim from regaining control over the WhatsApp account.
What can you do to protect yourself?
- Never share your WhatsApp verification code with anyone regardless of who they claim to be.
- Be aware of any unusual requests received on WhatsApp, even if they were sent from your WhatsApp contacts.
- Enable the two-step verification feature on WhatsApp. This can be done by opening WhatsApp and go to ‘Settings’ → ‘Account’ → ‘Two-step verification’ → ‘Enable’.
- Change your voicemail account’s default PIN. Alternatively, contact your telco to deactivate the feature if you have no need for it.
- If you suspect that you have been a victim of scams, please call 1800-MAYBANK (1800-629 2265) or (65) 6533 5229 (Overseas).
Scam Advisory
16 November 2020
The Singapore Police Force would like to alert the public about the re-emergence of scams spoofing as banks and targeting bank customers. Victims would receive SMSes from “banks” informing them that their ATM cards have been blocked. When the victims click on the link, they will be led to a phishing website which resembles the official bank’s website requesting for their personal particulars, internet banking details and one-time passwords (“OTP”). Thereafter, the scammers will make unauthorised withdrawals from the victim’s bank account(s).
How to protect yourself from being a victim of scams
- Do not click on URL links provided in unsolicited text messages;
- Always verify the authenticity of the information with the official website or sources;
- Never disclose your personal or internet banking details and OTP to anyone; and
- Report any fraudulent credit/debit card charges to your bank and cancel your card immediately.
If you suspect that you have been a victim, please call 1800-MAYBANK (1800-629 2265) or (65) 6533 5229 (Overseas) to report it.
Sample Phishing SMSes
Are banks liable for your losses to scams?
11 December 2020
In the first half of this year, SGD102 million was lost to various types of scams.
Being scammed by someone impersonating a staff from a Telecommunications Company? Is the bank liable for your losses? Can banks recover your money if it is reported immediately?
Below are some questions and answers to understand the roles and responsibilities and extent of liabilities of Customers and the bank.
Q1. I received a call from a service provider who informed me that I am facing some issues with my Internet. He requested to access my laptop by downloading a software into my computer. Is the bank able to stop the funds going out if I realised that it was a scam after immediately after the call?
A. It is unlikely as the funds transfers are carried out instantly in most cases. Therefore, it is difficult to stop the transfer. However, the bank will try to assist in recovering the funds on best effort basis as soon as the bank alerted to the transaction. Please lodge a police report for such incidents.
Q2. Why is it necessary to alert the bank immediately if the fraudulent transactions cannot be stopped?
A. The bank will disable your online banking access and cards to prevent any further fraudulent transactions.
Q3. Is the bank able to stop fraudulent transactions that take days to complete?
A. Once an instruction is given, the funds will be deducted from your account. The funds could be transferred to an interim bank before reaching the recipient’s bank account. It would be difficult to intercept the transaction as the interim bank has an obligation to pass the funds to the recipient's bank.
Q4. Can the Singapore police help me to recover my funds, including transfers to overseas banks?
A. Yes, if the funds are transferred to a local bank account and the funds are still in that bank account. The police can issue an order to the bank to freeze the recipient’s account to prevent any further fund transfers. The funds will then be transferred back to the rightful owner after a court order has been issued. For overseas transfers, chances of recovery is low. However, the police will work with their international partners to trace the money.
Q5. When can I expect the bank to give me a reply after I have reported a fraudulent transaction?
A. The bank will conduct an investigation of your claim and give you a reply within 21 business days for straightforward cases, and up to 45 business days for complex cases.
Q6. I have been scammed by someone impersonating a bank employee and asked me to make a transfer to another bank account. Is the bank liable?
A. The bank’s liability will depend on whether the transfer occurred as a result of the customer’s negligence. Customers are generally liable for losses from transactions that they have authorised, even if they subsequently realised that they had been scammed.
Q7. What is the bank's duty of care to me?
A. The bank's duty of care is contractual in nature and most of the duty is imposed on the customer.
The MAS has issued the E-Payment Guidelines to protect users of electronic payments.
The guidelines set out the responsibilities of banks. For instance, banks are expected to provide real-time transaction notifications and a reporting channel so that you may be alerted to unauthorised transactions and report them should they happen.
Customers would also need to take reasonable steps to protect their own interests. These include adopting good security practices such as protecting your device, login credentials and one-time passwords.
If you suspect that you have been a victim of scams , please call 1800-MAYBANK (1800-629 2265) or (65) 6533 5229 (Overseas).
Source:
The Straits Times (27 November 2020) - Is the customer or bank responsible for fraudulent transactions in Singapore?
Re-emergence of scams targeting bank customers with spoofed SMSes
16 November 2020
The Singapore Police Force would like to alert the public about the re-emergence of scams spoofing as banks and targeting bank customers. Victims would receive SMSes from “banks” informing them that their ATM cards have been blocked. When the victims click on the link, they will be led to a phishing website which resembles the official bank’s website requesting for their personal particulars, internet banking details and one-time passwords (“OTP”). Thereafter, the scammers will make unauthorised withdrawals from the victim’s bank account(s).
How to protect yourself from being a victim of scams
- Do not click on URL links provided in unsolicited text messages;
- Always verify the authenticity of the information with the official website or sources;
- Never disclose your personal or internet banking details and OTP to anyone; and
- Report any fraudulent credit/debit card charges to your bank and cancel your card immediately.
If you suspect that you have been a victim, please call 1800-MAYBANK (1800-629 2265) or (65) 6533 5229 (Overseas) to report it.
Sample Phishing SMSes
Spot the signs. Stop the crimes.
13 October 2020
The Singapore Police Force and the National Crime Prevention Council (“NCPC”) have rolled out the sixth edition of their annual anti-scam campaign: "Spot the signs. Stop the crimes." The campaign runs from August 2020 to March 2021, with a focus on sharing real scam examples with the public to educate people on how to spot the various telltale signs of scams.
E-commerce scams, social media impersonation ruses, loan scams and banking-related scams topped the list of common scams, with surges in the number of cases in each of these categories. The amount lost in the 10 most common types of scams doubled to S$82 million, up from the $41.6 million that scammers made off with in the first six months of 2019. A sharp 139 per cent year-on-year rise in cases in the 10 main categories of scams for the first six months of this year.
Mr Gerald Singham, Chairman of NCPC encouraged members of the public to not only stop and think before revealing personal details or handing over one-time passwords, but to also take the extra step of verifying information with a third party or the authorities.
"If someone approaches you for personal information or asks for banking details, it must raise suspicion. The onus must be on us - the potential victim - to stop the crimes from happening and cut off communication before any important information can be divulged."
Learn to spot the signs and stop the crimes - https://www.scamalert.sg/
Source:
The Straits Times (26 August 2020) - $82 million lost through top 10 scams in first half of 2020, double the amount from a year ago
The Straits Times (27 August 2020) - New education campaign launched to address rising scam numbers
Impersonation Scams
2 October 2020
We received reports of ongoing SMS scams impersonating Maybank to offer loans. If the victim contacts the number in the SMS, the scammer may attempt to impersonate Maybank staff to place a “deposit” before the loan is disbursed.
Sample of the SMS – September 2020
How to protect yourself from scams
- Be alert and always verify the details in the messages from Maybank. Always check that the message reflects your intended actions and do not proceed or authorise suspicious transactions.
- Contact us at 1800-MAYBANK (1800-629 2265) or (65) 6533 5229 (Overseas) to verify the contents of the SMS.
- Never reply to unsolicited SMS or emails. Responding to such SMSes or emails may be used by scammers for social engineering or trick the victims into divulging confidential account and internet banking information.
24 July 2020
The Singapore Police Force (“SPF”) would like to educate the public regarding the increase in impersonation scams involving bank officials and authorities such as IRAS officers. These scammers will usually ask for the following Internet banking details:
- Account Usernames
- Personal Identification Numbers (PIN)
- One-time Passwords (OTP)
These scammers will try to impersonate bank officials or authorities and request the victim to conduct the following actions:
- provide their Internet banking credentials over the phone or on fraudulent websites
- provide SMS OTP or security token approval
- update funds transfer limit
- perform funds transfers to a new account
Scammers would then proceed to transfer money out of their victims’ accounts using the details provided.
How to protect yourself
- Do not reply or click on URLs in suspicious SMSes or emails.
- Beware of phishing websites that may look genuine.
- Do not give out your Internet Banking credentials, SMS OTP or security token approval to other individuals.
If you suspect you have provided your internet banking credentials, SMS OTP, or security token approval to unauthorized parties, please contact 1800-MAYBANK (1800-629 2265) or (65) 6533 5229 (Overseas) immediately.
China Officials Impersonation Scam
13 April 2020
The Singapore Police Force (SPF) would like to alert the public to a new variant of the China Officials impersonation scam whereby callers impersonated as staff from the Ministry of Health (MOH) before referring victims to scammers claiming to be China Officials.
MOH will not ask for your banking credentials or to transfer monies to bank accounts.
You are advised to take the following precautions when you receive unsolicited calls from unknown parties:
- Don’t Panic – Ignore the calls and caller’s instructions. No government agency will request for transfer of money, personal details or bank account login credentials over the phone. Call a trusted friend or talk to a relative before you act as you may be overwhelmed by emotion and err in your judgment.
- Don’t Believe – Scammers may use caller ID spoofing technology to mask the actual phone number and display a different number. Calls that appear to be from a local number may not actually be made from Singapore. From 15 April 2020, all incoming international calls will be prefixed with a plus (+) sign. Stay vigilant when receiving any unexpected international calls, and reject those which spoof local numbers.
- Don’t Give – Do not provide your name, identification number, passport details, contact details, bank account or credit card details, and One-Time-Password (OTP). Such information are useful to criminals.
Scammers Impersonating Staff From Local Telecommunication Service Providers Or Officers From Government Agencies Offering Technical Support
10 April 2020
The Singapore Police Force (SPF) would like to alert the public about scammers impersonating staff from local telecommunication service providers, or officers from government agencies who are offering technical support.
You are advised to adopt the following preventive measures:
- Beware of unsolicited calls from persons claiming that they are staff of telecommunication service providers or from a government agency, even if they claim there are issues with your telecommunication devices or allege that you are implicated in a criminal offence. Scammers may use Caller ID spoofing technology to mask their actual phone numbers and display different numbers. Calls that appear to be from a local number may not actually be made from Singapore.
- Do not panic and do not follow instructions to install applications, type commands into your computer or log onto your online banking accounts. No telecommunication service provider or government agency will request for your personal details or access to your online bank account over the phone or through automated voice machines. When in doubt, always call the official hotline of your telecommunication service provider to verify. It may also be wise to call a trusted friend or talk to a relative before you act on such instructions, in order to get a second opinion which can help counter possible misjudgements on your part.
- Never provide your name, identification number, passport details, contact details, bank account numbers, credit card details, or One-Time-Passwords (OTPs) over the phone to unfamiliar or unverified persons. Such information can be very useful to criminals.
COVID-19 Phishing Calls
6 April 2020
The Singapore Police Force (“SPF”) has alerted the public regarding scams using the COVID-19 outbreak as a bait. These scammers purport to be from Singapore’s Ministry of Health (MOH) and claim to conduct contract tracing to detect potential infected individuals. If an individual falls victim to these claims, the scammer may ask for the following information or request the victim to conduct the following actions:
- Internet banking credentials
- SMS OTP or security token approval
- Update funds transfer limit
- Perform fund transfers to a new account
How to protect yourself
- MOH will never ask for your financial details during contact tracing calls. Verify these calls with the official MOH hotline if you receive such calls. Do not proceed further if you suspect a caller is asking you to conduct suspicious, unfamiliar actions or transactions.
- Do not give out your Internet Banking credentials, SMS OTP or security token approval to other individuals. If you suspect you have provided your internet banking credentials, SMS OTPs, or security token approval to unauthorised parties, please contact 1800-MAYBANK (1800-629 2265) or (65) 6533 5229 (Overseas) immediately.
COVID-19 Cyber Scams and Campaigns
26 March 2020
It has been observed that there are multiple malicious campaigns taking advantage of the current COVID-19 situation by spreading malware through emails with malicious attachments and links to phishing websites related to the COVID-19 topic. The objective of these campaigns are to trick the victims into revealing sensitive information such as online banking login credentials.
How to protect yourself.
- Always verify any information received from emails, text messages and social media posts regarding COVID-19
- Stay alert. Do not reveal personal or financial information in an email and do not respond to email solicitations for this information.
- Do not click on links that that are provided to you which are related to COVID-19.
- Use trusted sources such as legitimate, government websites for up-to-date, fact-based information about COVID-19.
Security Alerts
Malicious Cyber Activities Leveraging COVID-19 Situation
5 March 2020
There are reports of cases whereby cyber criminals are leveraging the COVID-19 situation to conduct malicious cyber activities through means such as email or messages to entice users to open malicious attachments by offering more information related to the COVID-19 situation. The malicious files in these emails or messages could be masked under the guise of links, pdf, mp4 or docx files with link or file names that are associated with the COVID-19 situation such as how to protect yourself from the virus, updates on the threat or virus detection procedures. These files could host a range of threats from Trojans to worms which are capable of destroying, blocking, modifying or copying data, as well as interfering with the operation of the computers or computer networks, when users click on the links or open the attachments.
How to protect yourself
- Do not click on links or open attachments found in suspicious-looking emails or messages.
- Refer to official sources such as the Ministry of Health (MOH) website for the latest information on the COVID-19 situation.
Phone Scams
24 January 2020
It has been brought to our attention that there is a party or parties involved in making phishing telephone calls purporting to be representing Maybank. The caller impersonates a Maybank staff and informs the victim that his/her account will be closed within 10 minutes, and requests for the victim to provide personal information (e.g. NRIC/Passport number, bank account number and name of account holder) if he/she does not wish for the account to be closed. We wish to alert the public to phone scams and customers should never divulge their personal information to unsolicited callers. Maybank will not request for customers’ PIN, password or OTP through phone call, email or SMS. Do not proceed with the call if you suspect that the caller is asking you to conduct suspicious transactions.
How to protect yourself
- Stay alert. Never provide personal or confidential banking account information to unsolicited callers.
- Alert Maybank if you receive an email, letter or a telephone call requesting for personal or confidential banking account information.
- Contact us at 1800-MAYBANK (1800-629 2265) or (65) 6533 5229 (Overseas) to verify the contents of the call.
Customer Advisory (SMS Scams)
14 January 2020
We have received reports of ongoing SMS scams impersonating Maybank to offer loans. If the victim contacts the number provided in the SMS, the scammer may attempt to impersonate Maybank staff in order to steal personal information (e.g. NRIC details) from the victim.
Samples of the SMS – January 2020
How to protect yourself from scams
- Be alert and always verify the details in the messages from Maybank. Always check that the message reflects your intended actions and do not proceed or authorise suspicious transactions.
- Contact us at 1800-MAYBANK (1800-629 2265) or (65) 6533 5229 (Overseas) to verify the contents of the SMS.
- Never reply to unsolicited SMS or emails. Responses to such SMS or emails could be used by fraudsters to socially engineer information or trick users into performing unwanted actions. Be cautious of “unsubscribe” links as these may also be used to socially engineer information as well.
Technical Support Scams
There are reports of cases whereby the call scammers contact the members of the public claiming to be investigating a cybersecurity issue. The victims were led to believe that they were talking to a staff of the Cyber Security Agency of Singapore (CSA) or a government agency that deals with cybersecurity. The scammers would then attempt to trick victims into logging into their online banking accounts and transferring money to them. We would like to share that government agencies will never request for access to your online banking accounts or ask for transfers of money over the phone.
How to protect yourself from scams
- Beware of any unsolicited calls from persons claiming to be a staff of a government agency.
- Do not install any applications suggested by the scammers.
- Do not panic and do not follow any instructions to install any applications, type the commands into your computer or log into your online banking accounts.
- Ignore the calls and the callers' instructions.
- Call us immediately at 1800-MAYBANK (1800-629 2265) or (65) 6533 5229 (Overseas) if you notice any unknown transactions appearing on your account or if you suspect that you have been a victim of fraud.
Reference
SingCERT, last retrieved on 06/12/2019
Business Email Scams
There are email scams targeting businesses by impersonating the businesses' CEOs, business partners or suppliers. Scammers used spoofed email accounts to pose as business partners, requesting for funds. Victims were led to believe that they had received genuine requests and transferred funds to the requested bank accounts.
Spoofed email addresses often include slight misspellings or replacement of letters, which may not be obvious at first glance.
Genuine email address |
Spoofed email address |
123@gmail.com |
I23@gmail.com |
abc@deshipping.com |
abc@deshpping.com |
lisa@faber.com.cn |
lisa@faber-cn.com |
Some scams may also imitate legitimate emails sent by businesses using logos, adding links to the business websites or adopting the business messaging formats.
What to do next?
- Educate your employees.
- Update your business operating system with new security patches regularly.
- Ensure that the sender's email address is genuine.
- Verify such requests by using the sender's official contact details, instead of using the contact details provided in the emails.
Reference
Channel News Asia, last retrieved on 26/11/2019, 1747hrs GMT+8.
Debt Collection, Kidnapping and Other Scams
Debt Collection Scams
It has been brought to our attention that there is a party or parties involved in making telephone calls to members of the public, purporting to be representing Maybank, collecting debts on behalf of the Bank. The caller(s) will claim that the customer has outstanding amounts owing to the Bank due to their spending on their credit cards, and request that they pay up the money by cheque. Most of these calls are made via an Overseas Number and on some occasions, the party has identified himself as a "Steven Lim Mun Kin" or "Vincent Tan".
We wish to inform members of the public that these calls are not made by representatives of Maybank and these people are not Maybank staff. You may make a report to the Police if you should receive similar calls.
Kidnapping scams
There has been a rise in the number of cases reported on people being threatened with the lives of their loved ones in exchange for ransom money which the "kidnappers" demand to be transferred to an overseas bank account. These "kidnap conmen" would insist that the victims continue with the telephone conversation and not hang up their mobile phones for as long as the transfer has not been completed. Under duress, for fear that the lives of their loved ones may really be threatened, the victims give in to the conmen's request.
On 4 Sep 2007, one such incident occurred at Maybank@JurongEast. The staff attending to the victim then was vigilant and calm, hence, managed to understand the situation by asking the victim to scribble useful information on a piece of paper. The conmen's plans were then thwarted after the victim's son contacted her upon being alerted by our staff.
Other scams
Whatever the reasons the conmen have, the ultimate request on the victims will be to transfer their hard-earned money to another account. Some of the ploys used to entice or coerce the victims to comply include:
- Lure of fictitious lottery or lucky draw winnings
- Lure of fortune from a fictitious will
- Prey on fear of the law (posing as police officers or Supreme Court staff)
Please do not hesitate to call us on 1800-MAYBANK (1800-629 2265) or (65) 6533 5229 (Overseas) if you need further clarification.
SMS Scams
It has been reported widely that an ongoing scam targets victims not familiar with Internet Banking (IB) and its related controls.
- A potential victim receives an SMS congratulatory text or call to inform that they have won prizes from a well-known organisation
- He/She is then tricked into applying for Internet Banking features for his/her account using the fraudster's mobile number
- Victim is also asked to reveal the User ID and Password to the fraudster
- With the Internet Banking User ID and Password, the fraudster can then log into the victim's account and receive a One-Time Password (OTP) via SMS (as a result of applying for IB features with the fraudster's mobile number) to perform illegal transactions
Please be reminded that all information used to perform banking transactions should never be disclosed to any unknown parties. When applying for Internet Banking, customers should use ONLY their personal mobile number for registration and to receive their SMS OTP.
Customers should always contact the Bank when in doubt and to report any discrepancies.
Phishing - SingHealth Data Breach
24 July 2018
SingHealth reported that its database containing about 1.5 million patient particulars and outpatient dispensed medicines had been the target of a major cyberattack. The patient data stolen included information such as name, NRIC number, addresses, gender, race and date of birth. Information on the dispensed medicines of about 160,000 of these patients had also been stolen.
Customers are advised to be cautious of the potential use of these stolen credentials by hackers to conduct social engineering and phishing scams on your financial account. Such scams utilize personally identifiable information to appear legitimate.
How to protect yourself
- Stay alert. Never provide personal or banking information to unsolicited callers.
- Never disclose any sensitive personal information (such as login passwords or one-time passwords) over the phone or email. Maybank will never request such information from our customers.
- Call Maybank immediately if you are in any doubt of a call, SMS or email’s authenticity. Contact our Customer Relationship Executives immediately at 1800-MAYBANK (1800-629 2265) or (65) 6533 5229 (if you are calling from overseas), if you receive such calls.
Phishing - SMS Phishing Alert
20 June 2018
We have been alerted of a phishing SMS that leads to phishing webpages targeting Maybank customers. If a customer receives the phishing SMS and clicks on the link, he/she will be redirected to a page requesting for user ID and PIN combinations, credit card number, expiration date and CVVs. Such websites are used to conduct card not present transactions but may also be utilized in order to steal personally identifiable data or promote fraudulent applications.
Sample of the malicious SMS. This is NOT from Maybank.
How to protect yourself
- Be alert. Minimize clicking on links in SMS as these may not be legitimate.
- Ensure you are using the official Maybank website. Always type the Maybank website URL (www.maybank2u.com.sg) directly into your web browser. If you are on mobile, consider using our official Maybank2u Mobile Banking (Maybank SG) App.
- Do not reply to unsolicited SMS. Responses to such SMS could be used by fraudsters to socially engineer information or trick users into performing unwanted actions.
- Provide your credit card details only if you are making a direct purchase. Always check that you intend to conduct a credit card transaction and do not provide an OTP to authorize payment if you are not.
- Maybank will never request for your PIN, password or OTP through SMS, phone call, or email. Should you have further queries, please do not hesitate to contact our Customer Relationship Executives on 1800-MAYBANK (1800-629 2265) or (65) 6533 5229 (if you are calling from overseas).
Phishing - Email Phishing Alert
25 May 2018
We have been alerted of a phishing email campaign impersonating the Monetary Authority of Singapore (MAS) recently with the following details:
Sender email information displayed: Monetary Authority of Singapore. info@mas.gov.sg
Summary of email information:
The email informs the recipient that Singapore banks have been attacked by hackers, and MAS has enacted a new law mandating all customers to update their details with the banks, as well as to register for insurance under the authority.
A link is provided for you to update your account.
Phishing details:
Upon clicking the email, the link will re-direct you to a spoofed MAS website. In the following page, it displays the logo of various banks for you to select. After clicking on the bank's logo, you will be taken to a spoofed internet banking page, prompting you to enter your user ID and password. Upon submission, it will prompt for a one-time-password which you will receive on your mobile device. The subsequent page will prompt you for your IC/Passport number, mobile phone number, and date of birth.
Potential impact:
The attacker may use your stolen information to conduct fraudulent transfers on your internet banking account or for fraudulent online purchases.
How to protect yourself
- Alert Maybank if you receive an email, letter, notification or a telephone call requesting for information relating to your PIN/access ID or username/password
- Do not provide your banking particulars, such as ID, password, bank account numbers, credit card or account details by email
- If you receive an email asking you to reactivate or update your account for any purpose or to provide personal account information, please contact Maybank to confirm the validity of the email
- For secured online banking access, always enter the URL address (www.maybank2u.com.sg) directly on your web browser.
- Should you have further queries, please do not hesitate to contact our Customer Relationship Executives on 1800-MAYBANK (1800-629 2265) or (65) 6533 5229 (if you are calling from overseas).
18 May 2018
There is a phishing email reported to be in circulation currently. Phishing emails are fraud attempts as the senders take on the identity of well-known companies such as banks or financial institutions to obtain personal information from the recipients of the email. These emails will often ask recipients to visit a fake website of a bank through links provided in the email, or ask for personal information such as credit card numbers or online banking IDs and passwords, in order to commit identity theft. They will then use the information they have acquired for illegal purposes or to perform unauthorised access to the recipient's online banking account.
How to protect yourself
- Alert Maybank if you receive an email, letter, notification or a telephone call requesting for information relating to your PIN/access ID or username/password
- Do not provide your banking particulars, such as ID, password, bank account numbers, credit card or account details by email
- If you receive an email asking you to reactivate or update your account for any purpose or to provide personal account information, please contact Maybank to confirm the validity of the email
- For secured online banking access, always enter the URL address (www.maybank2u.com.sg) directly on your web browser.
Should you have further queries, please do not hesitate to contact our Customer Relationship Executives on 1800-
MAYBANK (1800-629 2265) or (65) 6533 5229 (if you are calling from overseas).