Security Alerts

Guarding Against Phishing

What is Phishing?
When a bogus organisation goes 'Phishing' (pronounced 'fishing'), it is attempting to illegally obtain sensitive personal information from you, e.g. your user ID, password, bank account numbers, credit card numbers etc. They will then use the information you have provided to access your account for illegal purposes, e.g. commit credit card fraud with the credit card numbers that you have mistakenly provided to the 'phishing' individual or organisation.
How is Phishing usually done?

Common techniques that are used by the phishing fraudsters include, but are not limited, to the following:

  • Using false email addresses, logos, and graphics to mislead you into accepting the validity of the emails and web sites;
  • Faking domain names to appear as it they represent us;
  • Duping you into providing personal details through one or more methods, such as hyperlinks to fake websites or embedded forms in emails.
  • Fraudulent DBS Facebook pages lure readers into clicking on suspicious links for inputting personal information.
For example, you may receive an email that claims to be from DBS that asks you to click on a link to a website within the email to update certain sensitive information for certain reasons. When you click on the link, you will be directed to a particular website that may look exactly like ours where you will be asked to enter sensitive information. Emails like these may look quite sophisticated and even carry our logos. However, do not trust them.

As a matter of security, DBS Bank will never send you an email asking you to update your personal information.

How come the Bogus Website can look EXACTLY like a bank's Internet Banking site?

It is relatively simple to make a Website look exactly like a legitimate organisation's site by merely duplicating what is available from the Internet.

How can I prevent myself from being 'phished'?

Do not follow any link(s) within a suspicious email to the DBS iBanking site. Because it is our policy to never request customers through email to update your personal account information, please note that any emails that request for your information in this manner is definitely bogus.

Below are some other steps that you can take to prevent yourself from being a victim of a 'phishing' scam:

  • Always enter the full URL of DBS Hong Kong website (www.dbs.com.hk) into your browser address bar to access DBS iBanking.
  • Never reveal your Password to anyone. No staff of DBS Bank should ever ask you for your Password under any circumstances.
  • If you get an email that warns you that a DBS account of yours will be shut down unless you reconfirm your personal information, do not reply or click on the link in the email.
  • Never click on a link in an email that prompts you to log on with your DBS iBanking Username and Password. Always type in the actual URL of the DBS iBanking website into your browser.
  • Avoid emailing personal and financial information. Before submitting financial information through a Website, look for the "lock" icon on the browser's status bar. It signals that your information is secure during transmission. DBS will never solicit personal and financial information from you via a form or forms in an email.
  • Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorised charges. If your credit card and / or bank statements are late by more than a couple of days, please call our Credit Card Customer Service Hotline. You can also call to confirm your billing address and account balances.
  • Avoid submitting any personal and financial information in any suspicious websites.
Should I report a bogus Phishing site / suspicious email / fraudulent social media page?

If you suspect that you are being phished, please feel free to contact us at our Customer Service Hotline (852) 2290 8888 or DBS Bogus Calls Enquiry Hotline at (852) 2290 8345 to notify us. Your report will help us identify phishing websites / email / fraudulent social media pages and take immediate action to suspend its operation. In addition, this information will help us publish and maintain a list of these fraudulent sites so that other DBS customers will be warned.

You can also find the latest fraudulent websites / pages here.

How it works

Such emails / SMS / social media pages trick the recipient into thinking that they are responding to a genuine request because they are usually very convincing looking and are phrased to give the appearance that they were sent by the recipient's banker.

These emails / SMS / social media pages usually tell the recipients that they are required to "update"or "validate"certain information via a hyperlink provided in the emails / SMS / social media pages. Unknowingly, they are directed to a website that looks like the bank's, but is actually controlled by the fraudsters. Sensitive account information such as credit card information and User ID's & PINs entered on these sites are therefore revealed to the fraudsters. This is often referred to as "phishing".

For more information, just use any search engine and search for "phishing"or "emails / SMS / social media pages bank scams".

You can also find the latest security alerts here.

Preventive Measures You SHOULD Take
  • NEVER reveal your PIN to anyone. Be suspicious of any emails / SMS / messages in social media pages asking you to provide sensitive account information. DBS will NEVER send such emails / SMS / messages in social media pages.
  • If you receive such emails / SMS / messages in social media pages, please verify with the sender stated but use a contact number that is known to be genuine. Do not reply or click on the links in the emails / SMS / messages in social media pages.
  • Disregard and delete spam, chain and junk emails / SMS / messages in social media pages.
  • Do not access DBS website by hyperlinks embedded in emails / SMS / messages in social media pages or search engines.
  • Always type www.dbs.com/hk into your browser address bar or use favourites / bookmarks to access our site.
  • Avoid accessing DBS iBanking or any other Internet services which needs your input of passwords through public / shared computers, such as Internet cafes, public libraries, and other public sites; or devices which cannot be trusted to avoid the risk of information being collected and copied, thus abused usage after you leave.
  • Act quickly and contact the our Customer Service Hotline on (852) 2290 8888, or (852) 2290 8038 (ec-business/IDEAL services) if you suspect you have been tricked or if you have enquiries.

What you can do to protect yourself
  • Do NOT visit the DBS website while any software that monitors or redirects your internet session is present on your computer.
  • If you install any software that claims to speed up your internet connection, or have additional third party toolbars on your browsers, you may be using software that has the ability to track your internet sessions. We recommend that you uninstall such software.
  • You can usually safely uninstall such software by going to your Control Panel, selecting Add / Remove Programs, then finding the named application and selecting Remove.
  • Educate yourself on ‘Spyware’. Be alert to any Spyware-like activities on your computer. Be suspicious if you get lots of pop-up banners or unsolicited email that appear to "know you too well".
  • Securely configure your computer, install and run anti-virus software, anti-spyware software and personal firewall software from reputable software company to protect your computer from viruses and malicious programs. You should also install the latest software and update such software with latest security patches, and apply security patches on a regular basis.
  • Do not use public / shared computers or devices which cannot be trusted to get access to DBS iBanking as it is difficult to ensure such PCs are free from hacker programs, or any software that monitors or redirects your internet session.
What we are doing to protect your interests
  • We will actively block traffic to dbs.com that has passed through redirector / Spyware services.
  • If you have, at any time, been denied access to our website, you may be either intentionally or inadvertently running redirector / Spyware software on your computer. In such cases, we urge you to uninstall such software.
  • You can also find the latest security alerts here.