Security Alerts & News

Customer Advisory on Singhealth data breach

Date:31 July 2018


Description: SingHealth has reported a data breach affecting more than 1.5 million SingHealth patients. Patient data stolen included personally identifiable information such as Name, NRIC numbers , address, gender, race ,date of birth.


Customers are advised to be alert. Stolen credentials may be used to conduct social engineering and phishing scams. Such scams utilize personally identifiable information to appear legitimate.


How can you protect yourself from this?

  1. Be alert. Do not provide personal or bank information to unsolicited callers.
  2. Never give out any sensitive personal information (including login passwords or one-time passwords) over the phone or via email. Our staff will never ask you for such information.
  3. Hang up and call ICICI Bank directly if you are in any doubt of a call, SMS or email’s validity. Call us at 8001012553 (8 am to 6 pm), if you receive such calls.


Crime Advisory – Scams Involving Takeover Of Whatsapp Accounts

Date: 18 April 2018


The Singapore Police have received reports regarding WhatsApp accounts being taken over by scammers. Victims would first receive a WhatsApp message from one of their contacts, whose WhatsApp account might have been compromised, requesting for WhatsApp account verification codes that they have received via SMS to be sent to him/her. The victims would subsequently lose access to their WhatsApp account once the WhatsApp verification codes are sent to the scammers.


In a variant of the scam reported overseas, the scammers used the compromised accounts to deceive the account holders’ contacts into purchasing gift cards and sending over the password for the cards. The scammers then sold the gift cards online.


Members of the public are advised to adopt the following crime prevention measures:

  1. Beware of unusual requests received over WhatsApp, even if they were sent by your WhatsApp contacts;
  2. Always call your friend personally to verify the authenticity of the request if in doubt;
  3. Protect your WhatsApp account by enabling the ‘Two-step Verification’ feature, which is available under ‘account’ in the ‘settings’ tab of your WhatsApp application. This would prevent others from compromising your WhatsApp account. 



Anyone with more information on such scams can call the Police hotline at 1800-255-0000, or dial ‘999’ for urgent Police assistance in Singapore. 


To seek scam-related advice, members of the public may call the Singapore National Crime Prevention Council’s anti-scam helpline at 1800-722-6688 or visit

ICICI Bank Malicious Email Alert

Date: 7 July 2016


Threat Type: Malware/Phishing


Description: There is a malicious email campaign targeting customers of the Bank. The email(s) may come  from fake email account(s) having an attachment containing a variant of banking malware , that exploits macros in Microsoft Office to infect the computer. If  you (as the recipient of such email) click and open the document/ attachment, a macro embedded in the document/ attachment surreptitiously triggers a download of the such banking malware, enabling it to first steal banking credentials (like User ID, PIN, Secure PIN, SMS OTP and so on) and then initiate financial transactions on his/her behalf.


Who might be at risk?
Internet banking users.


How can you protect yourself from this?

  1. Be alert. Do not download or open attachments found in suspicious emails and do not reply to the sender either.
  2. Protect your computer by using an anti-virus software and anti-spyware software that are set to perform automatic updates daily.
  3. Do not reveal or provide your Internet banking username, password or token PIN to anyone.



Please inform our customer centre at 8001012553 or +65 67239009 (when calling from overseas) immediately if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.