Latest Updates

Beware of scammers impersonating a loyalty programme and asking for your personal and financial information

Beware of scammers impersonating a loyalty programme and asking for your personal and financial information

Loyalty fraud has become increasingly popular. Scammers steal programme members' personal and financial information (including credit card number, CVV and One Time Password (OTP)) by asking them to redeem their reward points via a fake website link provided in an SMS, and then conduct fraudulent spending sprees with the information.

When you input an OTP sent by your bank to conduct an online transaction, you are deemed to authorise and become fully liable for the transaction. It cannot be cancelled or refunded by reason of being “unauthorised”, and you may suffer financial loss as a result.

Before entering an OTP, please make sure the information in the OTP message matches your instruction. Don’t forget to verify the authenticity of any message received. Never click on suspicious links. When in doubt, contact the merchant and the bank immediately.
Created with Sketch.
Created with Sketch.

Video

Common Scams You Should Be Aware Of

Phishing
Example of a phishing scam. Fraudster lures the target into providing personal
and financial information by offering a free flight ticket.

What is Phishing?
Phishing email and SMS usually entice the recipients to click on an embedded link or open an attachment that will direct them to some fraudulent websites to enter their personal or financial information or install a malware on their devices. The fraudsters can then gain access to the recipients’ bank accounts and steal their money.  

Do you know how a scam works?
Scams can come in many forms, but all are designed to steal your money. Scammers impersonate different merchants, organisations or even government officers to entice you into clicking on a link to provide your personal and financial information such as credit card number, CVV and One Time Password (OTP), then make fraudulent purchases with the card information you provided. When you input an OTP sent by your bank to conduct an online transaction, you are deemed to authorise and become fully liable for the transaction. It cannot be cancelled or refunded by reason of being “unauthorised”, and you may suffer financial loss as a result.

Dos and Don’ts when you find the communications suspicious…

Dos
Ask yourself if you have an account with the sender’s company
Check if the sender’s email address is abnormal
Hover over the embedded link in the email to see if it will redirect you to a suspicious website
Look for “https://” and the lock icon in web browser before entering personal information into a website
Contact the sender via its official website or hotline for confirmation
Don’ts
Click on the embedded link and input personal or financial information (such as your DBS Card+ login ID and password, and card number, PIN and CVV of your credit card, OTP)
Click or install any link or attachment in the email. DBS will never ask for your personal or financial information via email or e-Form
Bogus Calls
Example of a bogus call. Fraudster calls
and asks the target to provide his credit
card information and the one time
password received.

Fraudsters may impersonate staff of government departments (such as Hongkong Post or Department of Health) or payment platforms (such as Paypal), saying that irregularities are found in your account. They will ask you to provide your personal or financial information (such as credit card number, its expiry date and CVV) to fix the problem, and then entice you into providing your One Time Password (OTP) to make unauthorised transactions!

Three tips to help you identify bogus calls:
  • Incoming calls from overseas use a “+852” prefix to pretend to be a local phone number
  • Asks you to provide personal and financial information or password for different reasons
  • Urges you to act now

Dos and Don’ts when you receive a suspicious call…

Dos
Hang up immediately
Never share your passwords (including OTP) with anyone under any circumstances
Verify via an official channel or hotline
Don’ts
Share your personal or financial information (such as DBS Card+ login ID and password, and credit card number, its PIN and CVV) through phone call, email, SMS or instant messaging app 

DBS will never ask for your personal or financial information via phone call, email or SMS.

Online Shopping Scams
Image of a fraudster running away with
the money cheated.

Fraudsters use social media to promote their fake websites or set up fake online stores that look like a genuine one. They offer luxury or popular items at very low prices to attract customers. However, nothing will be delivered once the payment is made.

Smart tips to avoid online shopping scams
  • Purchase from reputable online platforms
  • Compare similar products to see if the offered price is too good to be true
  • Read reviews about the website or merchant reviews
  • Check the privacy and return policies, contact details and delivery methods of the seller, as fake websites usually have limited information
  • Do not provide your personal information (such as HKID number, mobile number, email address, etc.) or financial information (such as credit card number, its CVV and PIN, etc.) to a seller you are not sure you can trust
Job Scams
Image shows a victim is being scammed.

Scammers target victims by advertising the fake job opportunities with wording such as “flexible working hours”, “well-paid job with great benefits”, “no experience required” on various social media platforms, forums or instant messengers. Scammers will ask candidates to share personal and financial information, pay administration fees, deposits, or other fees. Victims only realised they were tricked when they were unable to contact scammers.

<“Boosting sales” scams> Scammers introduce purported job offers that would allow job seekers to earn commission at their fingertips and instruct them to purchase from specific shopping website to boost sales. To gain their trust, scammers may refund the cost and offer a commission to job seekers at first, but eventually scammers will stop payments on job seekers’ bulk purchase and become uncontactable.

<Deceiving dream jobs> Scammers post fraudulent job ads offering high paying jobs to induce job seekers to provide them with personal and financial information, even pay for the training courses, make a deposit or make unauthorised use of job seekers information to apply for loan.

<Fraudulent purchase orders> Scammers offer job seekers with high commission to lure them into purchasing electronic gadgets or luxury items in advance. Unfortunately, job seekers never receive payment or commission.

How to identify a job scam?
  • Require barely any experience or qualifications but offer a good sum of money
  • Job description is unclear
  • Job Interview is not required without providing resume
  • Lack of company information (e.g., company name and address). Communication channel is only limited to instant messenger or mobile number

Smart Tips to avoid job scams 
  • Seek job via reputable platforms
  • Research the company before an interview
  • Beware of any recruiter who asks you for money (e.g., administration fee, advances) or instruct you to apply for a loan
  • Be skeptical if the job sounds too good to be true
  • Never provide your personal and financial information to anyone you do not know
Investment Scams
Image of a fraudster making a lot of
money.

Fraudsters approach their targets via social media platforms (such as Facebook, Instagram) or instant messaging apps (such as Whatsapp, WeChat) to promote investment opportunities that offer promising returns in a short period of time. The targets will be lured into investing by credit card payment or otherwise. In fact, the lucrative returns will never come true after the fraudster gets the money or financial information of the victims.

Smart tips to avoid investment scams
  • Do research on the investment plan to understand better
  • Be skeptical of any investment plan with guaranteed high returns as all investments carry risk
  • Trade with licensed and regulated financial institutions only
  • Never make an investment decision solely based on the limited information provided
  • Do not provide your personal and financial information to anyone you don’t know well

Security Tips

How to protect your personal information?
  • Never disclose your DBS login ID, password, One Time Password (OTP), and credit card number, its personal identification number (PIN) and CVV or other sensitive information to anyone
  • Create strong and unique passwords for DBS iBanking/ DBS digibank/ DBS Card+ account and never share them with anyone. Do not use the same passwords for other platforms
    • How to create a strong password? 
      • A strong password should contain upper and lowercase letters, numbers and symbols
      • The password should not contain information easy to guess (such as your date of birth, HKID number and mobile number)
  • Think twice before using the “AutoFill” function as it could be a trap to steal your information, including OTP
  • Do not save or keep your personal or financial information and password in web browser
  • Be alert of anyone watching you before entering your sensitive information to avoid data leakage
Do you always stay alert?
  • Review your transaction details and statements regularly to ensure there is no unauthorised transaction
  • Pay attention to our notifications to spot suspicious credit card activities
  • Check your credit card regularly to make sure it is not lost
  • Verify the online transaction details (including the merchant name and transaction amount) in our SMS (including OTP SMS) or email notifications
  • Keep us updated of your latest contact details. This enables us to reach out to you for clarification as soon as we notice any suspicious activity in your account
  • Please call our 24-hour Customer Service Hotline at 2290 8888 and report to the police (if needed) immediately if you notice any suspicious or authorised transaction
How to be Cyber Smart?
  • Check the website link carefully before logging in to any account or sending any information
  • Do not enter your personal and financial information when using a public computer or a non-personal device
  • Do not save or keep any sensitive information and password in a web browser
  • Never connect to an unsecure or unencrypted network
  • Download and upgrade apps from official channels or reliable sources
Do you keep your credit cards safe?
  • Sign on the back of your DBS credit card once received
  • Keep your credit cards safe and do not leave them unattended
  • Check your credit card regularly to make sure it is not lost
  • Check your credit card expiry date. If a replacement credit card has not arrived 7 days prior to its expiry date, please call our 24-hour Customer Service Hotline at 2290 8888 immediately
  • If your credit card is lost, stolen or used by someone without your authorisation, please call our 24-hour Customer Service Hotline at 2290 8888 and report to the police (if needed) immediately
  • Third parties are permitted to report lost or trapped credit cards on behalf of persons with hearing impairment
  • Be alert of anyone watching you before entering your password at ATM
  • Do not leave your credit card behind after completing a transaction at ATM
  • Keep your ATM receipts to check your monthly statements regularly
  • If your credit card becomes stuck inside an ATM machine, inform bank staff for assistance. Never accept any help from a stranger
How to report a lost or stolen credit card?

If your credit card is lost, stolen or used by someone without your authorisation, you may report it immediately via these channels:

  • Call our 24-hour Customer Service Hotline at 2290 8888
  • Log in to DBS Card+
    1. Choose “More” > “Replace / Report Lost Card”
    2. Follow instructions to report lost card
  • Complete the authentication process via DBS digibot for credit card blocking and replacement

How can I update my contact information?

Please update your contact details via these channels:

  • DBS iBanking
    1. Log in to DBS iBanking
    2. Select “Preferences”
    3. Select “Update Personal Details”
  • Update your correspondence address through DBS Card+
    1. Log in to DBS Card+
    2. Choose “More” > “Change Correspondence Address”
    3. Update your correspondence address and set the effective date
    4. Complete the authentication process
Your responsibilities and liabilities as a cardholder
  • Safe keep your credit cards, card information (including credit card number and its CVV) and One Time Password (particularly for online transactions and binding your credit card to a mobile wallet)
  • Ensure your contact details with the bank are up to date to receive important notifications or allow the bank reach out to you for clarification as soon as we notice any suspicious activity in your credit card account
  • Report to the bank and the police (if needed) immediately if your credit card is lost/ stolen, your card information or One Time Password is compromised, or there’s a suspicious transaction
  • Pay attention to communications sent by the bank including pre- and post-card transaction notifications, statements, security tips and alerts etc. so as to detect any unauthorised transaction
If you fail to take due care, you will be liable for any unauthorised transactions due to negligence such as not duly protecting your credit card, card information and One Time Password or ignoring pre- and post-card transaction notifications from your bank, and for the consequences of providing explicit agreements to over-the-limit facilities.

Mini Game

Anti-fraud adventure

Congratulations, you have won! Click here to enter your personal information and get HK$1,000 Apple Gift Card!

Question 1:

Congratulations, you have won! Click here to enter your personal information and get HK$1,000 Apple Gift Card!

Created with Sketch.
Created with Sketch.

Security awareness game

Security awareness game

Image of a mini game. You are encouraged to read the security tips below to stay fraud-free.
Fraud prevention quiz

Can you spot anything suspicious from below email?

Example of a phishing email. It purports
to be sent from DBS and asks the
recipient to log in to DBS iBanking to
activate the frozen credit card account
via the embedded hyperlink.

Other Fraud Prevention Information