Security Alerts & News

Date:31 July 2018

Description: SingHealth has reported a data breach affecting more than 1.5 million SingHealth patients. Patient data stolen included personally identifiable information such as Name, NRIC numbers , address, gender, race ,date of birth.

Customers are advised to be alert. Stolen credentials may be used to conduct social engineering and phishing scams. Such scams utilize personally identifiable information to appear legitimate.

How can you protect yourself from this?

1. Be alert. Do not provide personal or bank information to unsolicited callers.
2. Never give out any sensitive personal information (including login passwords or one-time passwords) over the phone or via email. Our staff will never ask you for such information.
3. Hang up and call ICICI Bank directly if you are in any doubt of a call, SMS or email’s validity. Call us at 8001012553 (8 am to 6 pm), if you receive such calls.

Date: 18 April 2018

The Singapore Police have received reports regarding WhatsApp accounts being taken over by scammers. Victims would first receive a WhatsApp message from one of their contacts, whose WhatsApp account might have been compromised, requesting for WhatsApp account verification codes that they have received via SMS to be sent to him/her. The victims would subsequently lose access to their WhatsApp account once the WhatsApp verification codes are sent to the scammers.

In a variant of the scam reported overseas, the scammers used the compromised accounts to deceive the account holders’ contacts into purchasing gift cards and sending over the password for the cards. The scammers then sold the gift cards online.

Members of the public are advised to adopt the following crime prevention measures:

1. Beware of unusual requests received over WhatsApp, even if they were sent by your WhatsApp contacts;
2. Always call your friend personally to verify the authenticity of the request if in doubt;
3. Protect your WhatsApp account by enabling the ‘Two-step Verification’ feature, which is available under ‘account’ in the ‘settings’ tab of your WhatsApp application. This would prevent others from compromising your WhatsApp account. 

Anyone with more information on such scams can call the Police hotline at 1800-255-0000, or dial ‘999’ for urgent Police assistance in Singapore. 

To seek scam-related advice, members of the public may call the Singapore National Crime Prevention Council’s anti-scam helpline at 1800-722-6688 or visit www.scamalert.sg.

Date: 7 July 2016

Threat Type: Malware/Phishing

Description: There is a malicious email campaign targeting customers of the Bank. The email(s) may come  from fake email account(s) having an attachment containing a variant of banking malware , that exploits macros in Microsoft Office to infect the computer. If  you (as the recipient of such email) click and open the document/ attachment, a macro embedded in the document/ attachment surreptitiously triggers a download of the such banking malware, enabling it to first steal banking credentials (like User ID, PIN, Secure PIN, SMS OTP and so on) and then initiate financial transactions on his/her behalf.

Who might be at risk?
Internet banking users.

How can you protect yourself from this?

1. Be alert. Do not download or open attachments found in suspicious emails and do not reply to the sender either.
2. Protect your computer by using an anti-virus software and anti-spyware software that are set to perform automatic updates daily.
3. Do not reveal or provide your Internet banking username, password or token PIN to anyone.

Please inform our customer centre at 8001012553 or +65 67239009 (when calling from overseas) immediately if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Phishing is a way of obtaining sensitive personal information such as account details, PIN and password through the internet. Anyone with these details can perform unauthorized transactions on your account.

Of late, there has been an increase in phishing attempts on Financial Institutions (FIs) customers’ via SMS and emails. Scams are common through SMS/emails which are often convincing and appear to come from legitimate senders. These messages entice their targets to click on links or attachments. When the user clicks on the links or attachments, he/she is directed to a fraudulent website requesting for personal information such as credit card numbers or user credentials
(e.g., user account, PIN, One-Time-Password). With these stolen credentials, fraudsters then attempt to access the user’s online accounts to perform unauthorised transactions, which, in turn, facilitate theft or fraud.

Beware of Bogus Emails or SMS
Phishing SMS and emails would appear to be sent by ICICI Singapore requesting for you to click on a link to verify your account, receive an incoming payment or prevent deactivation of your account. When you click through, you will then be brought to the fraudulent website. Please note that ICICI Singapore does not reach out to clients and request for passwords and login details over phone calls, SMS or emails. Please DO NOT click on the links in such SMS or emails.

How can you protect yourself from phishing?

• Be alert and always verify the details in SMS or emails from ICICI Singapore and do not authorize any suspicious transactions.
• Always type in the URL of our website directly into the address bar of your browser.
• Do not reveal any personal or banking details.
• Never reply to unsolicited SMSs or emails or act on phone calls from unknown sources.
• Avoid online banking in public areas such as cyber-cafes.
• Log off each time you complete online banking activities
• Select passwords that are difficult to guess. Change them often.
• Always check the authenticity of the software before downloading
• Call us immediately at 8001012553 (If you are calling from Singapore) or (65) 67239009 (If you are calling from outside Singapore), 7 days a week, 0800 - 1800 hrs or email sg.service@icicibank.com, if you notice unknown transactions appearing in your account.
• Customers are also encouraged install firewall and anti-virus and anti-spyware in their computers and to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, you are advised to turn them on.
• Please refer to our Safe Banking link at http://www.icicibank.com.sg/safe-banking/index.page? For more information on safety tips and measures.

Cyber-attacks on corporates have increased steadily in recent years. With criminals constantly devising new ways to steal information and money, one of the newest emerging threats is Business Email Compromise, also known as CEO or Chairman Fraud. The most frequent targets of this scam, small and medium-sized businesses, can lose huge sums because of one email.

The fraudsters would usually employ social engineering techniques and other cyberattacks such as installing malware to compromise and infiltrate the company’s system and endpoint devices. After gaining access to the senior executive or CEO’s email account, the fraudster would study his/her day-to-day activities and interactions. Next, the fraudster would use the compromised email account or a “look-alike” email account to send an email to trick the company’s employee, customer or business partner to make a payment to rogue accounts or a purchase of gift card/voucher. A common tactic is to imitate the manner in which the senior executive/CEO sends payment instructions, or reply to an on-going email conversation to make the request appear credible.

How can you protect your business?

• Make sure your staff are alert to this type of fraud.
• Implement a two-step payments verification process which includes a non-email check (e.g. phone/ SMS).
• Always use known contact details to follow up an email request. DO NOT:
• reply directly to the email you have received; or
• use any phone numbers or other contact information included in the email.
• Check email addresses before replying or acting on them.
• Call us immediately at 8001012553 (If you are calling from Singapore) or (65) 67239009 (If you are calling from outside Singapore), 7 days a week, 0800 - 1800 hrs or email sg.service@icicibank.com, if you notice unknown transactions appearing in your account.
• Customers are also encouraged install firewall and anti-virus and anti-spyware in their computers and to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, you are advised to turn them on.

Criminals / Fraudsters may call and trick you into believing that they are bank officers, government officials or the police. The caller ID on your mobile phone may even appear as “999”. Criminals typically use scare tactics to threaten you and make you believe that you have committed a crime.
Criminals may then ask you to give them your online banking credentials so that they can “check” your online accounts. If you do so, the criminals will be able to login to your online banking accounts and wipe out all the money in your bank accounts.

For example, The Immigration and Checkpoints Authority of Singapore (ICA) has recently issued public advisory on Scam from ICA. You may refer to https://www.ica.gov.sg/news-and-publications/media-releases/media-release/public-advisory-on-scam-call-from-ica for more details.

Here are some tips to protect yourself from bogus phone calls. Always keep the following in mind:

• Government officials or bank officers will NEVER call you to ask you for your personal information, such as your online banking credentials.
• When in doubt, always hang up the phone. For example, if the caller ID displays “999”, hang up and call or visit your nearest police post to verify the authenticity of the call.
• Never undertake any transaction / transfer funds at the behest of such calls without verifying further details or checking with the relevant officials / authorities.