Cyber Security Advisory

Your online security is our utmost priority.

Stay updated on the latest security news to protect your accounts from fraud/scam attempts.

At RHB Singapore, the privacy and security of our customers’ data will always be our top priority. As your trusted banking partner, we are constantly taking measures to ensure that your banking experience always remains safe and secure.

As digital banking rises in prevalence, cyber-criminals are continuously seeking novel ways to target customers through phishing scams by imitating various correspondences sent out by the Bank via two most frequently used channels – SMS and Emails.

 

Ways to protect yourself from cyber fraud, and to conduct Internet Banking safely

Every 3 seconds, a cyber-fraud crime is committed, ranging from identity theft to phishing and hacking. It may be constantly evolving but the counter measures against cyber fraud are advancing as well. RHB Singapore has put in place stringent security protocols to protect our systems from threats and vulnerabilities. Likewise, you can also enhance your security with peace of mind when you bank with us by adopting these practices.

List of good practices you can adopt

  • Install anti-virus, anti-spyware and firewall software in your computers
  • Update the anti-virus and firewall products with security patches or newer versions on a regular basis
  • Remove file and printer sharing in your computers when you are connected to the internet via cable modems, broadband connections
  • Make regular backups of critical data
  • Log off your internet banking session when not in use
  • Do not install software or run programs from unknown origins
  • Delete junk or chain emails
  • Do not open email attachments from unknown sources
  • Do not use public or internet cafe computers to access online banking or perform financial transactions

Set a strong password for your bank account

  • A good password has at least 8 characters and varies alphabets (capital and small letters), numbers and special characters (e.g. $ecUr3cY%3R!)
  • Avoid using running alphabets or numbers (e.g. 123456, ABCDEF), birthdays (e.g. 03041976, 3April1976), or names (e.g. your full name, your pet’s name)
  • Reset your password periodically
  • Use different passwords for different accounts
  • Don’t save your password on your computer or phone. Write them down instead if you need help to remember
  • Never share your password with anyone
  • Set up two-factor authentication for extra security where possible

 

 

What you need to do to avoid malware and phishing

Malware or malicious software is one of the biggest threats on the internet. With so many different types around, you need to avoid falling victim to this form of cyber attack.

1

What is malware?

Think of malware as a hijacker – a malicious programme that takes over your browser, or worse, your computer or mobile device.

How to avoid it?
Install anti-virus/malware software
This is a must-have first step in keeping your device malware-free. And remember to keep them up to date, and run regular scans.

Think before you click!
Don't open an email attachment from a source that you are unfamiliar with. Run all downloaded files by your anti-virus/malware software before opening.

Only download apps from a legitimate app store
Read user reviews to confirm the app is safe. Check the privacy policy to make sure that your personal information is not shared.

2

What is phishing? 

Phishing is a form of cyber fraud in which the attacker 'fishes' for information such as login credentials or account information.

How to avoid it?
Guard yourself against spam
Be cautious of emails that come from unrecognised senders, and ask you for personal or financial information.

Be careful of external links
Never go to your bank's website by clicking on links included in emails. Always type in the URL into your browser.

Enter your data in secure websites only
In order for a site to be safe, it must begin with https://, and your browser should show an icon of a closed lock.

 

 

Examples of Phishing

Internet Banking fraud is an ever-present and increasing threat to both individuals and companies. Knowing fraudsters use sophisticated technology, it pays to stay well alert of the risks and knowing all the safety measures.

1. SMS Phishing

SMS phishing is one of the most common cyber threats to customers and the banking industry today. It is an attempt by criminals to fraudulently acquire your account details, enabling them to gain access to your account through a text message.

How SMS phishing scams work

  1. In the latest variant of phishing scams, a scammer might send customers a Short Message Service (SMS) that appears to be from the Bank, informing them on a particular transaction and inviting them to click on a link. As the scammer had mimicked the bank’s SMS accounts, their message might appear in the same SMS conversation thread as an authentic message from the Bank.
  2. The link in the SMS will direct the victim to a phishing website that resembles the official website of the Bank, in the hope of collecting sensitive information such as your Account Password, NRIC and One-Time Password (OTP).

A sample of what a phishing SMS could look like:

 

We advise customers to note the following measures to safeguard their accounts from falling prey to such phishing attempts:

 

2. Email Phishing

Cybercriminals often use the names of established financial institutions in their scams to convince you to release your confidential information or transfer funds to them. They may seem authentic to recipients as they mimic the style of official email correspondences.

List of common email scams that masquerade as official RHB correspondence

  1. Email stating that "RHB" has suspended your RHB Account and requests that you reactivate the account via a provided link.
  2. Email stating that "RHB" is upgrading their database and requests that you update /access your profile via a provided link.
  3. Email stating that "RHB" is conducting a security maintenance and requests that you verify your identity online in order to "protect your account".
  4. Email from an "RHB" staff” claiming that they are the auditors of a huge unclaimed estate that belongs to you.

RHB Singapore does not send unsolicited email messages to request for personal or financial information online. It is imperative that you do not respond to such SMS messages.

If you have responded to any fraudulent emails or SMS, please contact our Customer Contact Centre at 1800 323 0100 immediately or +603 9145 1388 (if you are overseas).

3. Vishing (Voice Phishing)

These scams take advantage of situations where you might experience distress, and they prey on these fears by offering you a solution, normally involving an action performed by you. These scammers operate by posing as representatives from a reputable company or government agency with the aim of obtaining your personal information.

Types of Vishing Scams

1. Impersonation Scams

Fraudsters use compromised or spoofed social media accounts impersonating family members or friends to request for assistance, often requiring you to provide personal information or financial assistance.

2. Government Agents

They will impersonate government agency officials from a government agency and will either inform you that you have committed a crime, or that you are required to register for a programme.

3. e-Commerce and Delivery Scams

You may be informed that an online purchase you made requires payment and you would need to share your banking details before it can be delivered.

 

Ways to Identify a Vishing Scam

4. Good practices you can adopt for better online banking security

RHB Singapore has put in place stringent security protocols to protect our systems from threats and vulnerabilities. Likewise, you can also enhance your security with peace of mind when you bank with us by adopting these practices.

List of good practices you can adopt

  • Install anti-virus, anti-spyware and firewall software in your computers

  • Update the anti-virus and firewall products with security patches or newer versions on a regular basis

  • Remove file and printer sharing in your computers when you are connected to the internet via cable modems, broadband connections

  • Make regular backups of critical data

  • Log off your internet banking session when not in use

  • Do not install software or run programs from unknown origins

  • Delete junk or chain emails

  • Do not open email attachments from unknown sources

  • Do not use public or internet café computers to access online banking or perform financial transactions

 

 

Frequently Asked Questions

Every year, thousands of people fall prey to phone scams. Know their latest tactics and telltale signs so you can protect your money and information effectively.

  • I have received an email/SMS that requests for my personal banking / internet banking details, what should I do? 

Do not click on the links in the email/SMS nor provide your personal banking credentials or information. We will not send out any email/SMS with clickable links or request for your personal banking details via email/SMS.

Please note that RHB Now Internet Banking Service has been discontinued on 1 January 2022. You can access your account through our official RHB Mobile SG app that can be downloaded from Google Play Store (Android) or Apple App Store (iOS). 

 

  • I have clicked on the link in the alleged fraud or scam email/SMS but did not enter any personal bank details on the website. How do I report this alleged fraud or scam email/SMS to your bank? 

Thank you for highlighting this to us. To report this alleged fraud or scam attempt, please provide the following details to us.

  • Channel of the alleged fraud or scam: email or SMS
  • Approximate date and time when you received the email or SMS
  • Sender’s email address or phone number
  • Forward a copy of the phishing or scam message to RHB Bank via email at rhbs.ibanksupport@rhbgroup.com 

 

  • I received a call from someone who claims to be an RHB staff asking for my RHB internet or mobile banking login details but I did not provide any details to the caller. How do I report this alleged fraud or scam call to your bank?

Thank you for highlighting this to us. Do not share any personal banking details with the caller posing as RHB staff if you receive the call again. We do not request for your personal banking details via phone, SMS or email. To report this as an alleged fraud or scam attempt, please provide the following call details to us via email at rhbs.ibanksupport@rhbgroup.com:

  • Approximate date and time when you received the call
  • Name of caller
  • Number shown on your Caller-ID

Please note that RHB Now Internet Banking service has been discontinued on 1 January 2022. You should access your account directly through our official RHB Mobile SG app that can be downloaded from Google Play Store (Android) or Apple App Store (iOS). Login details should be kept confidential. 

 

  • I have provided my personal banking details on the alleged phishing or scam website or to the alleged impersonator or scam caller. What should I do now?

Please call our Customer Contact Centre at 1800 323 0100 immediately. Our Customer Service Agents will advise you accordingly. Thereafter, please lodge a police report.

 

  • Will the Bank pay me back the funds that I have been scammed?

We will investigate the case thoroughly and attempt to recover the lost funds where possible. Rest assured that we will continue to update you on the outcome of the investigation via call and/or Email.

 

  • What are the security features in RHB Mobile Banking?

Within the RHB Mobile Banking Application, we have incorporated a Software Token which is protected with encryption. All mobile banking transactions are thus authenticated securely in the background. In addition, RHB engages a 3rd Party Security Vendor to validate the security of the RHB Mobile Banking application.

 

  • Can a scammer change my contact number and email address digitally?

No. For updates to contact number and email address, you are required to visit the Branch in person to update your details. Alternatively, you can mail in the signed application form. Once we have received the application, we will update your details in the system and inform you of the changes.

 

  • Is RHB going to comply with the measures set out by MAS/ABS by 31 Jan 2022?

Yes, RHB is working to implement all necessary measures to tighten security and comply with the measures set out by MAS/ABS by 31 Jan 2022. These include:

  • Implementing a cooling period for token activation of at least 12 hours
  • Lowering default payment transaction notification thresholds (Please note that RHB currently sends notification alerts to all customers’ mobile number for transactions of any amount.)
  • Increasing scam alerts to customers
  • Removing clickable links from retail SMSes and emails
  • Implementing a dedicated and accelerated customer assistance to deal with phishing cases
  • Implementing additional transaction protections including cooling off periods or transaction blocks in higher risk scenarios
  • Sending a notification to the existing telephone number or email in the event of any changes  

 

  • I receive SMS alerts from “RHB SG” and “RHBSG”. Why are there two different senders? Is one of them a scam? Which one is the correct one?

Currently, both sender titles belong to us. RHBSG is being used for mobile transactional updates and RHB SG is being used for marketing messages and SMS Alerts. We are taking necessary steps to implement a consolidated header as RHB SG.

 

Know more about OTP fraud and how to avoid it

OTP Fraud is another form of cyber fraud. OTP (One-Time Password) is the six-digit number sent to a bank account* owner's mobile phone to verify a transaction. OTP Fraud occurs when the victim receives an OTP that they did not request for. The scammers will then call the bank account owner, claiming that the OTP is actually for them and that it had been wrongly sent to the victim due to a mistake while registering their mobile phone number. They will request the victim via SMS / Whatsapp / call to forward them the OTP number. Once they have it, the scammers will be able to access the victim's account and steal the money in the process.

If you have responded to any fraudulent emails or SMS, please contact our Customer Contact Centre at 1800 323 0100 immediately or +603 9145 1388 (if you are overseas).

You may also visit ScamAlert.sg to learn more about scams and how to avoid falling prey to scams. 

How scam savvy are you? Head over to National Crime Prevention Council's Anti Scam Quiz to find out! 

Take the quiz here.