By continuing to use the site, you are accepting the bank's privacy policy. The information collected would be used to improve your web journey & to personalize your website experience.

btn-close
SINGAPORE
About-Us
Singapore sin

These cookies are essential for you to browse the website and use its features. These cookies are essential for website to function and make sure you are able to browse seamlessly. They are used for faster loading and effective representation of information on it, enabling our site to function as intended.

 

These cookies are used to recognise you when you return to the site. This enables us to remember your preferences and also let us monitor how our website is performing. These cookies collect information, such as, number of visitors on the website, how visitors were directed to the website and the pages they have visited. The cookies collect information in a way that does not directly identify anyone. If you do not allow performance cookies then some or all areas of website may not function properly.

 

These cookies help us track your online activity and allow us to display content relevant to you and your interests, based on the way you have used our website previously. Also, the cookies help us to measure the effectiveness of our advertising both on and off ICICI Bank websites, and helps us to present products that may be of interest to you.

 
Cookie Policy

Cookies are small text files that are placed on your device by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies we capture are Essential, Performance, Statistical and Targeting. Click OK to continue else click Manage to change your preferences.

Manage Ok
 

Safe Banking

We at ICICI Singapore are committed to make your banking experience as safe as possible. We have adopted several measures to enhance the security of your funds and protection of your account. Our Safe Banking guidelines set out simple steps which you can take to ensure that your money and your personal details are safe and secure. We urge you to BE INFORMED and know how to keep your banking details confidential. The following links will give you information about security issues, help you make the right decisions.

Expand All | Close All

1. Phishing

Phishing is a global problem faced by banks worldwide. It is an attempt to 'fish' for your banking details. Phishing could be an e-mail that appears to be from a known institution like banks or a popular website.

 

Please note that banks will never ask for confidential data like login and transaction passwords, One Time Password (OTP) etc.

 

How does phishing happen?

  1. Phishers set up a replica page of a known financial institution or a popular shopping website
  2. Bulk e-mails are sent to users asking for their personal data like account details, passwords etc.
  3. When the user clicks on the link, the replica of the website will open or while the user is online, a form will populate through an ‘in-session pop-up’
  4. On updation, the data goes to phishers. Post which the user is redirected to the genuine website.

Phishers have refined their technology to launch sophisticated attacks and use advanced social engineering techniques to dupe online banking users.

 

Phishers use a combination of e-mail phishing, vishing (voice phishing) and smishing (SMS phishing) to get customer details like account number, login ID, login and transaction passwords, mobile number, address, CVV number, date of birth, passport number etc.

 

How to avoid phishing?

  1. Do not open spam e-mails. Be especially cautious of e-mails that:
    1. Come from unrecognised senders
    2. Ask you to confirm personal or financial information over the internet and/ or make urgent requests for this information
    3. Are not personalised
    4. Try to upset you into acting quickly by threatening you with frightening information.
  2. Do not click on links, download files or open attachments in e-mails from unknown senders. Be cautious even if the e-mail appears to come from an enterprise you do business with. It is a good practice to call up the concerned person to confirm in case the e-mail is unexpected
  3. Communicate personal information only via secure websites. In fact:
    1. When conducting online transactions, look for a sign that the site is secure such as a lock icon on the browser's status bar or an "https:" URL whereby the ‘s’ stands for ‘secure’
    2. Also, check if the website address is correct before conducting online transactions.
  4. Protect your computer by installing effective anti-virus/ anti-spyware/ personal firewall on your computer/ mobile phone and update it regularly
  5. Do not disclose details like passwords, debit card grid values etc. to anyone, even if the person claims to be a bank employee or on e-mails/ links from government bodies etc.
  6. Type the web address in the browser. Do not use links received in e-mails
  7. In case you have used a cyber cafe/ shared computer, change your passwords from your own computer
  8. Do not rely on the name and source in the ‘From’ field of the e-mail address as it may be easily manipulated by the fraudster to a valid e-mail account of bank. Always check the actual e-mail address by clicking the alias name
  9. Always access your bank website by typing the URL in the address bar of your browser only
  10. Always check the authenticity of the software before downloading
  11. If you get an e-mail asking for personal or debit card information, please do not provide this information no matter how 'genuine' the page appears to be. Such pop-ups are most likely the result of malware infecting your computer. Please take immediate steps to disinfect your device
  12. Any bank or their representative will never send you e-mails to get your personal information, password or one time SMS (high security) password. Such e-mails are an attempt to fraudulently withdraw money from your account through Internet Banking.

How to report a phishing attempt?

  1. Forward the original e-mail to us at antiphishing@icicibank.com
  2. Report the incident with the caller's number, date and time of call, etc. at any of our branch.
    1. Change the passwords immediately
    2. Report the incident to our Customer Care.
    3. If the message displays a form asking to disclose your personal confidential information, please stop and recheck
    4. Do not respond or act without first contacting the 'sender' by telephone and verifying that the e-mail is legitimate
    5. Do check the sender’s e-mail address displayed, whether it perfectly matches with e-mail address used within your company
    6. Do check whether the sender associated with the e-mail is indeed from the company
    7. Do not open attachments in such e-mails as they might carry a virus
    8. Do check the website where you might get redirected. The redirected website should belong to your company
    9. Do not just delete these e-mails. Report them immediately to your IT department or your organisation’s computer support team
    10. ICICI Bank will never send e-mails that ask for confidential information. If you receive an e-mail requesting your Internet Banking security details like PIN, password or account number, you should not respond.
    11. Check for the padlock icon: There is a de facto standard among web browsers to display a padlock icon somewhere in the window of the browser For example, Microsoft Internet Explorer displays the lock icon at the bottom right of the browser window. Click (or double-click) on it in your web browser to see details of the site's security.

      It is important for you to check to whom this certificate has been issued to, because some fraudulent websites may have a padlock icon to imitate the padlock icon of the browser.
    12. Check the webpage's URL. When browsing the web, the URLs (web page addresses) begin with the letter’s "https".
      For example: Our home page address is https://www.icicibank.com.sg. The URL now begins with "https", meaning the user name and password typed in will be encrypted before being sent to our server.

    3. 2. Spear Phishing

    Spear phishing is an e-mail spoofing fraud attempt that targets a specific organisation, seeking unauthorised access to confidential data.

     

    Spear phishing is a targeted phishing attempt through an e-mail that appears to come not only from a trusted source, but often from someone in your own company, a superior in many cases, or from a close relative. The subject line address is customised/ personalised and often will be one of relevance to either current projects of developments within the company, or may be related to family event. The violation occurs when the user opens the e-mails, clicks on the link attached and then Trojans or malware gets downloaded or a form appears on the screen, in which data needs to be filled in by the recipient. This information is confidential and could be useful for accessing and transacting on internal organisation’s application.

     

    How to protect from spear phishing?

    3. Spoofing

    Website spoofing is the act of creating a website, as a hoax, with the intention of performing fraud. To make spoof sites seem legitimate, phishers use the names, logos, graphics and even code of the actual website. They can even fake the URL that appears in the address field at the top of your browser window and the Padlock icon that appears at the bottom right corner.

     

    How the fraudsters operate?

    Fraudsters send e-mails with a link to a spoofed website asking you to update or confirm account related information. This is done with the intention of obtaining sensitive account related information like your Internet Banking User ID, Password, PIN, debit card/ bank account number, Card Verification Value (CVV) number etc.


Here are some precautions for safe and secure mobile banking:

  1. Set up a PIN/ Password to access the handset menu on your mobile phone
  2. Delete junk and chain messages regularly
  3. Do not follow any URL in a message that you are not sure about
  4. If you have to share your mobile with anyone else or send it for repair/ maintenance:
    • Clear the browsing history
    • Clear cache and temporary files stored in the memory as they may contain your account numbers and other sensitive information
    • Block your mobile banking applications by contacting your bank. You can unblock them when you get the mobile back
    • Do not save confidential information such as your debit card numbers, CVV numbers or PINs on your mobile phone
    • Do not part with confidential information received from your bank on your mobile
    • Install an effective mobile anti-malware/ anti-virus software on your smartphone and keep it updated
    • Keep your mobile's operating system and applications, including the browser, updated with the latest security patches and upgrades
    • Password protect your mobile device to protect against unauthorised access. Set up a PIN/ Password that is difficult to crack
    • Do not enable auto-fill or save User IDs or Passwords for mobile banking online
    • If possible, maximise the security features by enabling encryption, remote wipe and location tracking on device
    • Never leave your mobile phone unattended
    • Turn off wireless device services such as Wi-Fi, Bluetooth and GPS when they are not being used. The bluetooth can be set up in invisible mode
    • Avoid using unsecured Wi-Fi, public or shared networks
    • Do not use "jailbroken" or "rooted" devices for online banking. Jailbreaking or rooting a device (the process of breaking into the phone's built-in operating system to control it outside the vendor's original intention) exposes the device to additional malware and gains administrative or privileged access of OS
    • Only download apps from official app stores such as Apple App Store, Android Marketplace, Google Play Store and BlackBerry App World
    • Never disclose personal information or online banking credentials via e-mail or text messages as these can be used for identity theft
    • Logout from online mobile banking or application as soon as you have completed your transactions. Also make sure you close that window
    • Be aware of shoulder surfers. Be extra careful while typing confidential information such as your account details and password on your mobile in public places.

Cash - Safety Tip

  1. Do not fold bank notes
  2. Do not staple bank notes
  3. Always handle bank notes with clean and dry hands
  4. Avoid writing anything on bank notes. Keep the water mark always clear
  5. Never take help from strangers at branch cash counter for counting notes

Cheque Book Safety Measures

  1. Record all details of cheques issued
  2. Do not leave your cheque book unattended. Always keep it in a safe place, under lock and key
  3. Whenever you receive your cheque book, please count the number of cheque leaves in it. If there is a discrepancy, bring it to the notice of the Bank immediately.

Tips to fill a cheque leaf correctly

  1. Do not sign blank cheques. Always fill in the date, the name of the receiver and the amount before signing the cheque
  2. Remember to cross your cheque whenever applicable and prevent it from being misused.
  3. Always draw a line through any unused space
  4. Never sign in multiple places unless authenticating a change
  5. Avoid using cheques with changes on them. Issue a new cheque if possible
  6. When you cancel a cheque, mutilate the MICR band and write "CANCEL" across the face of the cheque
  7. Do not write/ sign/ mark/ pin/ staple/ paste/ fold on the MICR band
  8. Always use your own pen to write a chequ

  1. In case of an NRE/ NRO account, while talking to the phone banking officer, never disclose:
    • 4-digit ATM/IVR PIN
    • OTP password
    • CVV (Card Verification Value)
    • Internet Banking password
    • Avoid giving verification details to the phone banking officer in a public place
    • Phone Banking channel is meant to be used by the account holder only, do not transfer the line or hand over the phone to a third party after completing self-authentication.

Short Message Service (“SMS”) phishing campaign targeting a Bank’s customers.

In the SMS phishing campaign, fraudsters masking as the Bank by sending fraudulent SMS messages to some of the Bank’s customers using an alphanumeric sender ID1 (“alpha tag”). The spoofed SMS alpha tag causes the victims’ mobile phones to place both phishing and legitimate SMS messages from the Bank in the same SMS conversation thread. These accords perceived legitimacy to the phishing SMS messages and increases the likelihood of victims being tricked into accessing the malicious link.

When the victim clicks on the link, he/she will be directed to a fraudulent website requesting for user credentials (i.e., username, password, One-Time Password). With these stolen credentials, the fraudster could conduct fraudulent activities such as setting up of soft token on the fraudster’s mobile devices. Once the soft token is set up, the fraudster will proceed with the adding of new payees and performing unauthorised fund transfers.

Six signs how to spot phishing instead of falling for them:

  1. Mismatched and misleading information
  2. Use of urgent or threatening language
  3. Promises of attractive rewards
  4. Requests for confidential information
  5. Unexpected emails
  6. Suspicious attachments

 

By keeping these six signs in mind and remaining vigilant at all times, you can avoid falling for phishing scams. Refer to more tips of protection at 

If you have any doubt or want to report any suspicious/phishing email/call/transactions, call us immediately at 8001012553 (If you are calling from Singapore) or (65) 67239009 (If you are calling from outside Singapore), 7 days a week, 0800 - 1800 hrs or email sg.service@icicibank.com.

As the number of scam cases are on the rise, do note to be vigilant and rational when remitting funds overseas. Please do not proceed with the remittance transaction if you do not know the identity of the beneficiary or are unsure on the purpose of the remittance.

If you believe that you are a victim of scam/fraud, please call us immediately at 8001012553 (If you are calling from Singapore) or (65) 67239009 (If you are calling from outside Singapore), 7 days a week, 0800 - 1800 hrs or email sg.service@icicibank.com

Customer Advisory on Cybercrimes taking place due to Data Synchronisation of Mobile Devices

Smart Phone have features that allow data synchronisation between the mobile device and online storage or cloud services in near real time. Information that could be synchronised includes SMS, email, etc.

For smart phone users who have enabled the data synchronisation feature, sensitive information sent via SMS or emails by financial institutions (FIs), such as one-time passwords (OTPs), can be accessed by criminals if their login credentials to the online storage or cloud services have been compromised.

Exposed OTPs together with online banking credentials or credit card information that had been harvested from the customers can potentially be used by criminals to perform fraudulent financial transactions.

Users are advised to secure their mobile devices and related online accounts. To mitigate the impact from such cybercrimes, user can adopt good cyber hygiene measures:

  • Do not submit personal (user id, passwords etc.) or financial (card details, account number etc.) details on unknown website or links.
  • Never share sensitive/confidential information on social media.
  • Review your privacy settings and permissions on all devices and social media platforms, and adjust your privacy settings as appropriate.
  • Change password(s) regularly, using combination of upper case, lower case, numbers, and special characters.

If you have any doubt or want to report any suspicious/phishing email/call/transactions, call us immediately at 8001012553 (If you are calling from Singapore) or (65) 67239009 (If you are calling from outside Singapore), 7 days a week, 0800 - 1800 hrs or email sg.service@icicibank.com.

Reports have indicated that over 533 million Facebook users' data was recently leaked online, including data from over three million users based in Singapore. The leaked information comprised mainly the Facebook users' mobile number, profile name, profile ID and location. Some users' date of birth and email address were also included.

Threat actors may use the leaked information to conduct phishing and other social engineering attacks, with chances of such attacks being higher in a Work from Home scenario. Facebook users should remain vigilant and look out for unsolicited phone calls and messages sent over SMS and instant messaging applications such as WhatsApp.

Threat actors may also use caller ID spoofing technology to impersonate the Facebook user and conduct further attacks, such as:

  • Impersonating the Facebook user to send malicious/phishing links, request for money transfers, or ask for One-Time Passwords (OTP) to compromise their contacts' accounts.
  • Using the Facebook user's details to compromise the user's other accounts, such as resetting passwords to other online accounts, or leverage additional easily obtainable personal information about the user to request for a replacement credit or ATM card.
  • Using the Facebook user's contact details to order goods and services or make purchases under their name.

 

Users should watch out for possible phishing campaigns arising from this leak. Practising good cyber hygiene measures can help mitigate the impact:

  • Be vigilant about phishing attempts. Always be wary of suspicious emails and verify before clicking any links or downloading any attachments, especially if the email comes from an unfamiliar sender. Do not go by sender’s name, check the full email address, including the domain name.
  • Look for spelling errors in email address, domain name and websites.
  • Change your passwords regularly; use a strong password of at least 12 characters which includes upper case, lower case, numbers and/or special characters. Avoid using the same password for different accounts or using passwords that are derived from your personally identifiable information (PII).
  • Turn on login alerts, if available. The platform should send you an alert when someone logs into your account from an unrecognised device or browser. Review any unrecognised login sessions for unusual account activities such as activating email forwarding rules to unknown accounts.
  • Be cautious in opening attachments, even if the sender appears to be known. You can hover the mouse over the link to ensure that they are being directed to the URL stated. Never open attachment with ".exe", ".bat", and “.vbs" extension.
  • Do no submit personal or financial details on unknown websites or links. If there are such requests, do no click the links on email, go directly to the websites by typing URL or by following saved bookmarks.
  • Beware of emails, links providing special offers like Covid-19 testing, vaccination, attractive prizes, rewards, and cash back offers. Remember nothing comes free.
  • Review your account privacy settings and permissions and adjust your privacy settings as appropriate.

If you have any doubt or want to report any suspicious/phishing email/call/transactions, call us immediately at 8001012553 (If you are calling from Singapore) or (65) 67239009 (If you are calling from outside Singapore), 7 days a week, 0800 - 1800 hrs or email sg.service@icicibank.com.

Unsuspected phishing SMS and emails would appear to be sent by ICICI Bank Singapore Branch requesting for you to click on a link to verify your account, receive an incoming payment or prevent deactivation of your account. When you click through, you will then be brought to the fraudulent website. Please note that ICICI Bank Singapore Branch does not reach out to clients and request for passwords and login details over phone calls, SMS or emails. Please do not click on the links in such SMS or emails.

How can you protect yourself from phishing?

  1. Be alert and always verify the details in SMS or emails from ICICI Bank Singapore Branch and do not authorize any suspicious transactions.
  2. Always type in the URL of our website directly into the address bar of your browser.
  3. Do not reveal any personal or banking details.
  4. Never reply to unsolicited SMSs or emails or act on phone calls from unknown sources.
  5. Avoid online banking in public areas such as cyber-cafes.
  6. Log off each time you complete online banking activities
  7. Select passwords that are difficult to guess. Change them often.
  8. Always check the authenticity of the software before downloading.
  9. Call us immediately at 8001012553 (If you are calling from Singapore) or (65) 67239009 (If you are calling from outside Singapore), 7 days a week, 0800 - 1800 hrs or email sg.service@icicibank.com, if you notice unknown transactions appearing in your account.
  10. Customers are also encouraged to install firewall and anti-virus and anti-spyware in their computers and to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, you are advised to turn them on.
  11. Please refer to our Safe Banking link at http://www.icicibank.com.sg/safe-banking/index.page? For more information on safety tips and measures.

Cyber-attacks on corporates have increased steadily in recent years. With criminals constantly devising new ways to steal information and money, one of the newest emerging threats is ‘Business Email Compromise’, also known as ‘CEO’ or ‘Chairman Fraud’. The most frequent targets of this scam, small and medium-sized businesses, can lose huge sums because of one email.

The fraudsters would usually employ social engineering techniques and other cyberattacks such as installing malware to compromise and infiltrate the company’s system and endpoint devices. After gaining access to the senior executive or CEO’s email account, the fraudster would study his/her day-to-day activities and interactions. Next, the fraudster would use the compromised email account or a “look-alike” email account to send an email to trick the company’s employee, customer or business partner to make a payment to rogue accounts or a purchase of gift card/voucher. A common tactic is to imitate the manner in which the senior executive/CEO sends payment instructions or replies to an on-going email conversation to make the request appear credible.

How can you protect your business?

  1. Make sure your staff are alert to this type of fraud.
  2. Implement a two-step payments verification process which includes a non-email check (e.g. phone/ SMS).
  3. Always use known contact details to follow up an email request. DO NOT:
    • reply directly to the email you have received; or
    • use any phone numbers or other contact information included in the email.
  4. Check email addresses before replying or acting on them.
  5. Call us immediately at 8001012553 (If you are calling from Singapore) or (65) 67239009 (If you are calling from outside Singapore), 7 days a week, 0800 - 1800 hrs or email sg.service@icicibank.com, if you notice unknown transactions appearing in your account.
  6. Customers are also encouraged to install firewall and anti-virus and anti-spyware on their computers and to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, you are advised to turn them on.

Criminals / Fraudsters may call and trick you into believing that they are bank officers, government officials or the police. The caller ID on your mobile phone may even appear as “999”. Criminals typically use scare tactics to threaten you and make you believe that you have committed a crime.
Criminals may then ask you to give them your online banking credentials so that they can “check” your online accounts. If you do so, the criminals will be able to login to your online banking accounts and wipe out all the money in your bank accounts.

For example, The Immigration and Checkpoints Authority of Singapore (ICA) has recently issued public advisory on Scam from ICA. You may refer to https://www.ica.gov.sg/news-and-publications/media-releases/media-release/public-advisory-on-scam-call-from-ica for more details.

Here are some tips to protect yourself from bogus phone calls. Always keep the following in mind:

  • Government officials or bank officers will NEVER call you to ask you for your personal information, such as your online banking credentials.
  • When in doubt, always hang up the phone. For example, if the caller ID displays “999”, hang up and call or visit your nearest police post to verify the authenticity of the call.
  • Never undertake any transaction / transfer funds at the behest of such calls without verifying further details or checking with the relevant officials / authorities.
Close icon
play-arrow
pause-arrow