ICICI Bank ICICI Bank
+

Suitable For

A secure and confident banking experience

  • Learn how to spot and prevent online frauds

  • Protect your banking credentials and devices

  • Ensure safe transactions across all banking channels.

About safe banking

Net Banking Safety Tips and Measures

1. Phishing

Phishing is a problem faced by banks across the world. It is an attempt to 'fish' for your banking details. Phishing could be an e-mail which appears to be from a known institution like a bank or a popular website.

How does phishing happen?

  1. Phishers set up a replica webpage of the website of a known financial institution or a popular shopping platform
  2. Bulk e-mails are sent to users asking for their personal data like account details, passwords etc.
  3. When the user clicks on the link in the e-mail, the user is taken to the replica website. Alternatively, a form will be displayed through an ‘in-session pop-up’
  4. When the user submits the data on the website / form, it is shared with the phishers, after which the user is redirected to the genuine website.

Phishers have refined their methods to launch sophisticated attacks and use advanced social engineering techniques to dupe online banking users. They use a combination of e-mail phishing, vishing (voice phishing) and smishing (SMS phishing) to get customer details like account number, login ID, login and transaction passwords, mobile number, address, CVV number, date of birth, passport number etc. Please note that banks will never ask for confidential data like login ID, transaction password, One Time Password (OTPs) etc.

How to stay safe from phishing?

1. Do not open spam e-mails. Be especially cautious of e-mails that:

  • Come from unrecognised senders
  • Ask you to confirm personal or financial information over the internet and / or make urgent requests for this information
  • Are not personalised
  • Try to upset you into acting quickly by threatening you with frightening information.

2. Do not click on links or download files or open attachments in e-mails from unknown senders. Be cautious even if the e-mail appears to come from an enterprise that you do business with. It is a good practice to call up the concerned person for confirmation if the e-mail is unexpected.

3. Communicate personal information only via secure websites. When conducting online transactions, check for a sign that the website is secure, such as:

  • A lock icon on the web browser's status bar: there is a de facto standard among web browsers to display a lock icon somewhere in the window of the browser for a secure website. Click (or double-click) on it in your web browser to see the details of the website's security. It is important for you to check to whom this certificate has been issued because some fraudulent websites may have a lock icon to imitate the icon of the browser.
  • Check the webpage's URL: a secure website’s URL begins with ‘https’, where the ‘s’ at the end of ‘https’ stands for ‘secure’.  For example, ICICI Bank Singapore’s website address is https://www.icicibank.com.sg. The URL begins with ‘https’, which means that the username and password typed will be encrypted before being sent to our server.
  • Check if the website address is correct before conducting online transactions.
  • Protect your device by installing effective anti-virus / anti-spyware / personal firewall on your computer / mobile phone and update it regularly.
  • Do not disclose details like passwords, Debit Card grid values etc. to anyone, even if the person claims to be a bank employee or on e-mails/ links from government bodies etc.
  • Type the web address in the browser. Do not use links received in e-mails.
  • In case you have used a cybercafe / shared computer, change your password(s) from your own computer.
  • Do not rely on the name and source in the ‘From’ field of the e-mail you have received, as it can easily be manipulated by fraudsters to resemble a valid e-mail ID of your bank. Always check the actual e-mail address by clicking on the alias name.
  • Always access your bank website by typing the URL in the address bar of your browser only.
  • Always check the authenticity of any software before downloading it.
  • If you get an e-mail or a pop-up message asking for personal or Debit Card information, do not provide this information no matter how genuine the e-mail or website appears to be. Such pop-ups are most likely the result of malware infecting your computer. Please take immediate steps to eliminate the malware from your device.
  • Banks or their representatives will never send you e-mails to get your personal information, passwords or One Time Passwords. Such e-mails are an attempt to fraudulently withdraw money from your account through Net Banking.
  • If the message or e-mail leads to a form asking to disclose your personal confidential information, please stop and recheck.
  • Do not respond or act without first contacting the sender by telephone and verifying that the e-mail is legitimate.
  • Check if the sender’s e-mail ID matches perfectly with the official e-mail address.
  • Do check whether the sender associated with the e-mail is indeed from the company he/she claims to be an employee of.
  • Do not open attachments in suspicious / unknown e-mails as they might carry a virus.
  • Do check the URL of the website where you will be redirected when you click on the link. The redirected website should belong to the actual company.
  • Do not just delete these e-mails. Report them immediately to your IT department or your organisation’s computer support team.
  • ICICI Bank will never send e-mails that ask for confidential information. If you receive an e-mail requesting your details like PIN, password or account number, do not respond.

Six signs to spot phishing instead of falling for it:

  1. Mismatched and misleading information
  2. Use of urgent or threatening language
  3. Promises of attractive rewards
  4. Requests for confidential information
  5. Unexpected e-mails
  6. Suspicious attachments

By keeping these six signs in mind and always remaining vigilant, you can avoid falling for phishing scams. Refer to more safety tips at the links below:

  1. Beware of Phishing Scams
  2. Spot signs of phishing
  3. Police Advisory On Malware Scams
  4. Scamshield

If you have any doubt or want to report any suspicious / phishing e-mail / call / transactions, call us immediately at 8001012553 (If you are calling from Singapore) or (+65) 67239009 (if you are calling from outside Singapore), 7 days a week, from 8:00 a.m. to 6:00 p.m. or e- mail us at sg.service@icicibank.com.

2. Spear Phishing

Spear phishing is a type of e-mail spoofing fraud that targets a specific organisation, seeking unauthorised access to confidential data. Spear phishing is executed through an e-mail that appears to come from a trusted source – either a known business partner or often someone in the same company, a superior in many cases. The e-mail can also appear to be sent by a close relative. The subject line is customised / personalised and often will be of relevance to either current projects within the company or may be related to family matters. The data violation occurs when the user opens the e-mail, clicks on the link and Trojan software or malware gets downloaded on their device or a form appears on the screen, in which data needs to be filled in by the user. This information is confidential and could be useful for accessing and carrying out transactions using the organisation’s internal data and applications.

3. Spoofing

Website spoofing is the act of creating a website as a hoax, with the intention of perpetrating fraud. To make spoof sites appear legitimate, phishers use the names, logos, graphics and even the code of actual websites. They can even fake the URL that appears in the address field at the top of the browser window and the lock icon that stands for security.

How do the fraudsters operate?

Fraudsters send e-mails with a link to a spoofed website asking you to update or confirm account related information. This is done with the intention of obtaining sensitive account related information like your Net Banking User ID, password, PIN, Debit Card / Bank Account Number, Card Verification Value (CVV) etc.

Mobile Banking Safety Tips and Measures

Here are some precautions for safe and secure mobile banking:

  1. Set up a PIN / password to access your mobile phone. Make sure it is is difficult to crack
  2. Do not enable auto-fill or save user IDs or passwords for mobile banking online
  3. Delete junk and chain messages regularly
  4. Do not visit any URL in a message that you are not sure about
  5. If you have to share your mobile phone with anyone else or send it for repair / maintenance:

    • Clear the browsing history
    • Clear the cache and temporary files stored in the memory as they may contain your account numbers and other sensitive information
    • Block your mobile banking applications by contacting your banks. You can unblock them when you get the mobile back.
       
  6. Do not save confidential information such as your Debit Card numbers, CVVs or PINs on your mobile phone
  7. Do not share confidential information received (e.g. from your bank) on your mobile phone with anyone
  8. Install an effective mobile anti-malware / anti-virus software on your smartphone and keep it updated
  9. Keep your mobile phone's operating system and apppcations, including the browser, updated with the latest security patches and upgrades
  10. If possible, enable security features like encryption, remote wipe and location tracking on your device
  11. Never leave your mobile phone unattended
  12. Turn off wireless services such as Wi-Fi, Bluetooth and GPS when they are not being used. Bluetooth can be set up in invisible mode
  13. Avoid using unsecured Wi-Fi, public or shared networks
  14. Do not use ‘jailbroken’ or ‘rooted’ devices for online banking. Jailbreaking or rooting a device (the process of breaking into the phone's built-in operating system to control it outside the manufacturer’s original intention) exposes the device to additional malware and grants administrative or privileged access of the operating system (OS)
  15. Download apps only from official app stores
  16. Never disclose personal information or online banking credentials via e-mail or text messages as these can be used for identity theft
  17. Log out from online banking m-sites or apppcations as soon as you have completed your transactions. Also make sure you close that window in your browser
  18. Be aware of shoulder surfers. Be extra careful while typing confidential information such as your account details and password on your mobile phone in public places.

Branch Banking Safety Tips and Measures

Safety Tips for Handling Cash

  1. Do not fold bank notes
  2. Do not staple bank notes
  3. Always handle bank notes with clean and dry hands
  4. Avoid writing anything on bank notes. Keep the watermark always clear
  5. Never take help from strangers at the Branch cash counter for counting notes.

Safety Measures for Cheque Books

  1. Record all details of cheques issued
  2. Do not leave your cheque book unattended. Always keep it in a safe place, under lock and key
  3. Whenever you receive your cheque book, please count the number of cheque leaves in it. If there is a discrepancy, bring it to the notice of the Bank immediately.
  4. Tips to fill a cheque leaf correctly:
    • Do not sign blank cheques. Always fill in the date, the name of the receiver and the amount before signing the cheque
    • Remember to cross your cheque whenever applicable to prevent it from being misused
    • Always draw a line through any unused space
    • Never sign in multiple places unless authenticating a change
    • Avoid using cheques with changes on them. Issue a new cheque if possible
    • When you cancel a cheque, mutilate the MICR band and write ‘CANCELLED’ across the face of the cheque
    • Do not write / sign / mark / pin / staple / paste / fold on the MICR band
    • Always use your own pen to write a cheque.

Phone Banking Safety Tips and Measures
  1. In case of an NRE / NRO account, while talking to the Phone Banking Officer, never disclose:
    • 4-digit ATM/IVR PIN
    • OTP 
    • CVV (Card Verification Value)
    • Net Banking User ID & password
  2. Avoid giving verification details to the phone banking officer in a public place
  3. Phone Banking channel is meant to be used by the account holder only, do not transfer the line or hand over the phone to a third party after completing self-authentication

 

Customer Advisory for SMS Phishing Campaign

Fraudsters use Short Message Service (SMS) phishing campaigns to target a bank’s customers. In an SMS phishing campaign, fraudsters send fraudulent SMS messages to some customers of a bank using an alphanumeric sender ID (‘alpha tag’) that appears to be from the bank. The spoofed SMS alpha tag causes the victims’ mobile phones to place both phishing and legitimate SMS messages from the bank in the same SMS conversation thread. This gives perceived legitimacy to the phishing SMS messages and increases the likelihood of victims being tricked into accessing the malicious link in the message.

When the victim clicks on the link, he/she is directed to a fraudulent website requesting for user credentials (i.e., username, password, One Time Password etc.). With these stolen credentials, the fraudster can conduct fraudulent activities such as setting up of soft token on the fraudster’s mobile device. Once the soft token is set up, the fraudster then proceeds with the addition of new payees and performing unauthorised fund transfers.

Customer Advisory for Overseas Remittance Scams

As the number of scam cases are on the rise, it is crucial to be vigilant and rational when remitting funds overseas. Please do not proceed with the remittance transaction if you do not know the identity of the beneficiary or are unsure on the purpose of the remittance. If you believe that you are a victim of scam/fraud, call us immediately at 8001012553 (If you are calling from Singapore) or (+65) 67239009 (if you are calling from outside Singapore), 7 days a week, from 8:00 a.m. to 6:00 p.m. or e- mail us at sg.service@icicibank.com.

Customer Advisory on cybercrimes taking place due to data synchronisation of mobile devices

Smartphones have features that allow data synchronisation between the mobile device and online storage or cloud services in near real time. Information that could be synchronised includes SMS, email, etc.

In the case of smartphone users who have enabled the data synchronisation feature, sensitive information sent via SMS or e-mails by financial institutions (FIs), such as one-time passwords (OTPs), etc. can be accessed by criminals if their login credentials to the online storage or cloud service have been compromised. Exposed OTPs, together with online banking credentials or Credit Card information that has been harvested from users, can potentially be used by criminals to carry out fraudulent financial transactions.

Users are advised to secure their mobile devices and related online accounts. To mitigate the impact of such cybercrimes, user can adopt good cyber hygiene measures, such as:

  1. Do not submit personal (User IDs, passwords etc.) or financial (Card details, Account Number etc.) details at unknown website or links
  2. Never share sensitive / confidential information on social media
  3. Review your privacy settings and permissions on all devices & social media platforms and adjust your privacy settings appropriately
  4. Change passwords regularly, using a combination of upper case letters, lower case letters, numbers and special characters.

If you have any doubt or want to report any suspicious / phishing e-mail / call / transactions, call us immediately at 8001012553 (If you are calling from Singapore) or (+65) 67239009 (if you are calling from outside Singapore), 7 days a week, from 8:00 a.m. to 6:00 p.m. or e- mail us at sg.service@icicibank.com.

Customer Advisory on Personal Data Leaks

Reports have indicated that over 533 million Facebook users' data was recently leaked online, including data from over 3 million users based in Singapore. The leaked information comprised mainly the Facebook users' mobile number, profile name, profile ID and location. Some users' date of birth and e-mail ID were also included.

Threat actors may use the leaked information to conduct phishing and other social engineering attacks, with chances of such attacks being higher in a ‘Work from Home’ scenario. Facebook users should remain vigilant and look out for unsolicited phone calls and messages sent over SMS and instant messaging applications such as WhatsApp.

Threat actors may also use Caller ID spoofing technology to impersonate the Facebook user and conduct further attacks, such as:

  1. Impersonating the user to send malicious / phishing links, request for money transfers or ask for One-Time Passwords (OTP) to compromise their contacts' accounts
  2. Using the user's details to compromise the user's other accounts, such as resetting passwords to other online accounts or using additional easily obtainable personal information about the user to request for a replacement Credit Card or ATM Card
  3. Using the user's contact details to order goods and services or make purchases under their name.

Users should watch out for possible phishing campaigns arising from this leak. Practising the cyber hygiene measures given below can help mitigate the impact:

  1. Be vigilant about phishing attempts. Always be wary of suspicious e-mails and verify the authenticity before clicking on any links or downloading any attachments, especially if the e-mail comes from an unfamiliar sender. Do not go by the sender’s name, always check the full e-mail address, including the domain name.
  2. Look for spelling errors in the e-mail address, domain name and website.
  3. Change your passwords regularly; use a strong password of at least 12 characters which includes upper case & lower case letters, numbers and / or special characters. Avoid using the same password for different accounts or using passwords that are derived from your personally identifiable information (PII).
  4. Turn on login alerts, if available. The platform should send you an alert when someone logs into your account from an unrecognised device or browser.
  5. Review any unrecognised login sessions for unusual account activities such as activating e-mail forwarding rules to unknown accounts.
  6. Be cautious in opening attachments, even if the sender appears to be known to you.
  7. You can hover the mouse over the link in any e-mail to verify that you will be directed to the stated URL. Never open attachments with .exe, .bat, and .vbs extensions.
  8. Do not submit personal or financial details on unknown websites or links. If there are such requests, do not click on the links in the e-mail, go directly to the websites by typing the URL or by following saved bookmarks.
  9. Beware of e-mails and links with special offers like COVID-19 testing, vaccination, attractive prizes, rewards and cashback offers. Remember nothing comes free.
  10. Review your account privacy settings and permissions and adjust your privacy settings as appropriate.

If you have any doubt or want to report any suspicious / phishing e-mail / call / transactions, call us immediately at 8001012553 (If you are calling from Singapore) or (+65) 67239009 (if you are calling from outside Singapore), 7 days a week, from 8:00 a.m. to 6:00 p.m. or e- mail us at sg.service@icicibank.com.

Beware of Bogus E-mails & SMSes

You might receive phishing SMSes and e-mails that appear to be sent by ICICI Bank Singapore Branch, which ask you to click on a link to verify your account, receive an incoming payment or prevent deactivation of your account. When you click on the link in such e-mails, you will be directed to a fraudulent website. Please note that ICICI Bank Singapore Branch does not reach out to clients and request for passwords and login details over phone calls, SMS or e-mails. Please do not click on the links in such SMSes or e-mails.

Business E-mail Compromise

Cyberattacks on corporates have increased steadily in recent years. With criminals constantly devising new ways to steal information and money, one of the newest emerging threats is ‘Business E-mail Compromise’, also known as ‘CEO Fraud’ or ‘Chairman Fraud’. The most frequent targets of this scam are small and medium-sized businesses, that can lose huge sums because of one e-mail.

Fraudsters usually employ social engineering techniques and other cyberattacks such as installing malware to compromise and infiltrate the company’s system and endpoint devices. After gaining access to the senior executive’s or CEO’s e-mail account, the fraudster then studies his/her day-to-day activities and interactions. Next, the fraudster uses the compromised e-mail account or a lookalike e-mail account to send an e-mail to trick the company’s employees, customers or business partners, asking them to make a payment to a rogue account or to a purchase of gift card / voucher. A common tactic is to imitate the manner in which the senior executive / CEO sends payment instructions or replies to ongoing email conversations, in order to make the request appear credible.

How can you protect your business?

  1. Make sure your staff are alert about this type of fraud.
  2. Implement a two-step payment verification process which includes a non-e-mail check (e.g. phone / SMS).
  3. Always use known contact details to follow up an e-mail request. DO NOT:
    • reply directly to the e-mail you have received
    • use any phone numbers or other contact information included in the email.
  4. Check the e-mail ID before replying to or acting on the received e-mail.
  5. Install a firewall and anti-virus & anti-spyware software on your company’s computers and use the latest versions of web browsers, which provide advanced security features such as anti-phishing and forged website identification.

Call us immediately at 8001012553 (If you are calling from Singapore) or (+65) 67239009 (If you are calling from outside Singapore), 7 days a week, from 8:00 a.m. to 6:00 p.m. or e- mail us at sg.service@icicibank.com if you notice unknown transactions appearing in your account.

Bogus Phone Calls

Criminals / fraudsters may call and trick you into believing that they are bank officers, government officials or the police. The caller ID on your mobile phone may even appear as ‘999’. Criminals typically use scare tactics to threaten you and make you believe that you have committed a crime. They may then ask you to give them your online banking credentials so that they can “check” your online accounts. If you do so, the criminals will be able to log into your online banking accounts and wipe out all the money in your bank accounts.

For example, the Immigration and Checkpoints Authority of Singapore (ICA) has recently issued a public advisory on this type of scam. You may refer to it at the link below:

https://www.ica.gov.sg/news-and-publications/media-releases/media-release/public-advisory-on-scam-call-from-ica

Here are some tips to protect yourself from bogus phone calls. Always keep the following in mind:

  1. Government officials or bank officers will NEVER call you to ask for your personal information such as your online banking credentials.
  2. When in doubt, always hang up the phone. For example, if the caller ID displays ‘999’, hang up and call / visit your nearest police station to verify the authenticity of the call.
  3. Never undertake any transaction / transfer funds at the behest of such calls without verifying further details or checking with the relevant officials / authorities.

Online Safe Banking FAQs

What should I do if I receive a suspicious e-mail or call?

Do not respond or click on any links. Forward phishing emails to antiphishing@icicibank.com and report calls to 8001012553.

How can I ensure safe mobile banking?

Install anti-malware apps, disable Bluetooth and Wi-Fi when not in use, avoid saving passwords and download apps only from verified app stores.

Are there any current scam advisories I should know?

Yes. Stay informed about ongoing phishing, spoofing and remittance scams via the ‘Safe Banking Updates’ section on the ICICI Bank Singapore website.

What should I do if my account is compromised?

Contact ICICI Bank immediately at sg.service@icicibank.com or through our 24X7 helpline. Our team will secure your account and guide you through the recovery process.

VIEW ALL FAQ's

Disclaimer

PROCEED