List of good practices you can adopt

• Install anti-virus, anti-spyware and firewall software in your computers
• Update the anti-virus and firewall products with security patches or newer versions on a regular basis
• Remove file and printer sharing in your computers when you are connected to the internet via cable modems, broadband connections
• Make regular backups of critical data
• Log off your internet banking session when not in use
• Do not install software or run programs from unknown origins
• Delete junk or chain emails
• Do not open email attachments from unknown sources
• Do not use public or internet cafe computers to access online banking or perform financial transactions

Set a strong password for your bank account

• A good password has at least 8 characters and varies alphabets (capital and small letters), numbers and special characters (e.g. $ecUr3cY%3R!)
• Avoid using running alphabets or numbers (e.g. 123456, ABCDEF), birthdays (e.g. 03041976, 3April1976), or names (e.g. your full name, your pet’s name)
• Reset your password periodically
• Use different passwords for different accounts
• Don’t save your password on your computer or phone. Write them down instead if you need help to remember
• Never share your password with anyone
• Set up two-factor authentication for extra security where possible

What is malware?

Think of malware as a hijacker – a malicious programme that takes over your browser, or worse, your computer or mobile device.

How to avoid it?
Install anti-virus/malware software
This is a must-have first step in keeping your device malware-free. And remember to keep them up to date, and run regular scans.

Think before you click!
Don't open an email attachment from a source that you are unfamiliar with. Run all downloaded files by your anti-virus/malware software before opening.

Only download apps from a legitimate app store
Read user reviews to confirm the app is safe. Check the privacy policy to make sure that your personal information is not shared.

What is phishing? 

Phishing is a form of cyber fraud in which the attacker 'fishes' for information such as login credentials or account information.

How to avoid it?
Guard yourself against spam
Be cautious of emails that come from unrecognised senders, and ask you for personal or financial information.

Be careful of external links
Never go to your bank's website by clicking on links included in emails. Always type in the URL into your browser.

Enter your data in secure websites only
In order for a site to be safe, it must begin with https://, and your browser should show an icon of a closed lock.

1. SMS Phishing

SMS phishing is one of the most common cyber threats to customers and the banking industry today. It is an attempt by criminals to fraudulently acquire your account details, enabling them to gain access to your account through a text message.

How SMS phishing scams work

1. In the latest variant of phishing scams, a scammer might send customers a Short Message Service (SMS) that appears to be from the Bank, informing them on a particular transaction and inviting them to click on a link. As the scammer had mimicked the bank’s SMS accounts, their message might appear in the same SMS conversation thread as an authentic message from the Bank.
2. The link in the SMS will direct the victim to a phishing website that resembles the official website of the Bank, in the hope of collecting sensitive information such as your Account Password, NRIC and One-Time Password (OTP).

A sample of what a phishing SMS could look like:

We advise customers to note the following measures to safeguard their accounts from falling prey to such phishing attempts:

2. Email Phishing

Cybercriminals often use the names of established financial institutions in their scams to convince you to release your confidential information or transfer funds to them. They may seem authentic to recipients as they mimic the style of official email correspondences.

List of common email scams that masquerade as official RHB correspondence

1. Email stating that "RHB" has suspended your RHB Account and requests that you reactivate the account via a provided link.
2. Email stating that "RHB" is upgrading their database and requests that you update /access your profile via a provided link.
3. Email stating that "RHB" is conducting a security maintenance and requests that you verify your identity online in order to "protect your account".
4. Email from an "RHB" staff” claiming that they are the auditors of a huge unclaimed estate that belongs to you.

RHB Singapore does not send unsolicited email messages to request for personal or financial information online. It is imperative that you do not respond to such SMS messages.

If you have responded to any fraudulent emails or SMS, please contact our Customer Contact Centre at 1800 323 0100 immediately or +603 9145 1388 (if you are overseas).

3. Vishing (Voice Phishing)

These scams take advantage of situations where you might experience distress, and they prey on these fears by offering you a solution, normally involving an action performed by you. These scammers operate by posing as representatives from a reputable company or government agency with the aim of obtaining your personal information.

Types of Vishing Scams

1. Impersonation Scams

Fraudsters use compromised or spoofed social media accounts impersonating family members or friends to request for assistance, often requiring you to provide personal information or financial assistance.

2. Government Agents

They will impersonate government agency officials from a government agency and will either inform you that you have committed a crime, or that you are required to register for a programme.

3. e-Commerce and Delivery Scams

You may be informed that an online purchase you made requires payment and you would need to share your banking details before it can be delivered.

Ways to Identify a Vishing Scam

4. Good practices you can adopt for better online banking security

RHB Singapore has put in place stringent security protocols to protect our systems from threats and vulnerabilities. Likewise, you can also enhance your security with peace of mind when you bank with us by adopting these practices.

List of good practices you can adopt

• Install anti-virus, anti-spyware and firewall software in your computers

• Update the anti-virus and firewall products with security patches or newer versions on a regular basis

• Remove file and printer sharing in your computers when you are connected to the internet via cable modems, broadband connections

• Make regular backups of critical data

• Log off your internet banking session when not in use

• Do not install software or run programs from unknown origins

• Delete junk or chain emails

• Do not open email attachments from unknown sources

• Do not use public or internet café computers to access online banking or perform financial transactions

• I have received an email/SMS that requests for my personal banking / internet banking details, what should I do? 

Do not click on the links in the email/SMS nor provide your personal banking credentials or information. We will not send out any email/SMS with clickable links or request for your personal banking details via email/SMS.

Please note that RHB Now Internet Banking Service has been discontinued on 1 January 2022. You can access your account through our official RHB Mobile SG app that can be downloaded from Google Play Store (Android) or Apple App Store (iOS). 

• I have clicked on the link in the alleged fraud or scam email/SMS but did not enter any personal bank details on the website. How do I report this alleged fraud or scam email/SMS to your bank? 

Thank you for highlighting this to us. To report this alleged fraud or scam attempt, please provide the following details to us.

• Channel of the alleged fraud or scam: email or SMS
• Approximate date and time when you received the email or SMS
• Sender’s email address or phone number
• Forward a copy of the phishing or scam message to RHB Bank via email at rhbs.ibanksupport@rhbgroup.com 

• I received a call from someone who claims to be an RHB staff asking for my RHB internet or mobile banking login details but I did not provide any details to the caller. How do I report this alleged fraud or scam call to your bank?

Thank you for highlighting this to us. Do not share any personal banking details with the caller posing as RHB staff if you receive the call again. We do not request for your personal banking details via phone, SMS or email. To report this as an alleged fraud or scam attempt, please provide the following call details to us via email at rhbs.ibanksupport@rhbgroup.com:

• Approximate date and time when you received the call
• Name of caller
• Number shown on your Caller-ID

Please note that RHB Now Internet Banking service has been discontinued on 1 January 2022. You should access your account directly through our official RHB Mobile SG app that can be downloaded from Google Play Store (Android) or Apple App Store (iOS). Login details should be kept confidential. 

• I have provided my personal banking details on the alleged phishing or scam website or to the alleged impersonator or scam caller. What should I do now?

Please call our Customer Contact Centre at 1800 323 0100 immediately. Our Customer Service Agents will advise you accordingly. Thereafter, please lodge a police report.

• Will the Bank pay me back the funds that I have been scammed?

We will investigate the case thoroughly and attempt to recover the lost funds where possible. Rest assured that we will continue to update you on the outcome of the investigation via call and/or Email.

• What are the security features in RHB Mobile Banking?

Within the RHB Mobile Banking Application, we have incorporated a Software Token which is protected with encryption. All mobile banking transactions are thus authenticated securely in the background. In addition, RHB engages a 3rd Party Security Vendor to validate the security of the RHB Mobile Banking application.

• Can a scammer change my contact number and email address digitally?

No. For updates to contact number and email address, you are required to visit the Branch in person to update your details. Alternatively, you can mail in the signed application form. Once we have received the application, we will update your details in the system and inform you of the changes.

• Is RHB going to comply with the measures set out by MAS/ABS by 31 Jan 2022?

Yes, RHB is working to implement all necessary measures to tighten security and comply with the measures set out by MAS/ABS by 31 Jan 2022. These include:

• Implementing a cooling period for token activation of at least 12 hours
• Lowering default payment transaction notification thresholds (Please note that RHB currently sends notification alerts to all customers’ mobile number for transactions of any amount.)
• Increasing scam alerts to customers
• Removing clickable links from retail SMSes and emails
• Implementing a dedicated and accelerated customer assistance to deal with phishing cases
• Implementing additional transaction protections including cooling off periods or transaction blocks in higher risk scenarios
• Sending a notification to the existing telephone number or email in the event of any changes  

• I receive SMS alerts from “RHB SG” and “RHBSG”. Why are there two different senders? Is one of them a scam? Which one is the correct one?

Currently, both sender titles belong to us. RHBSG is being used for mobile transactional updates and RHB SG is being used for marketing messages and SMS Alerts. We are taking necessary steps to implement a consolidated header as RHB SG.

If you have responded to any fraudulent emails or SMS, please contact our Customer Contact Centre at 1800 323 0100 immediately or +603 9145 1388 (if you are overseas).

You may also visit ScamAlert.sg to learn more about scams and how to avoid falling prey to scams. 

How scam savvy are you? Head over to National Crime Prevention Council's Anti Scam Quiz to find out! 

Take the quiz here.