Learn how to protect yourself from phishing e-mails
What is a Phishing e-mail?
Phishing e-mails are fraudulent e-mails and can be a source of concern for unsuspecting Internet users. The senders usually take on the identity of well-known companies such as banks or financial institutions. The purpose of these e-mails is to get personal and confidential information, such as credit card numbers or Internet Banking passwords from the recipient. The sender will then use these information for illegal purposes or unauthorised access into the recipient's account.
How to Spot a Phishing e-mail
While there are no foolproof ways to spot a phishing e-mail, there are a few signs that indicate that the e-mail is not legitimate.
Warning Signs of a Phishing e-mail
Sender's e-mail Address
Phishing e-mail often use a forged e-mail address. These e-mail addresses make it look like the e-mail was sent from a reputable organisation. Do not depend on e-mail addresses to determine the authenticity of the e-mail as the sender's e-mail addresses can be forged.
The e-mail will claim that the bank is performing maintenance or verifications to your account and that you need to login using your credit card PIN or Internet banking password for verification purpose. These e-mails will usually have a time frame to respond by to incite a sense of urgency. Please note that the bank will not ask for your PIN/Password over e-mail for any form of verification.
Account Status Threat
Most phishing e-mails try to deceive you by threatening to shut down your account if you do not login immediately.
Links in an e-mail
While many e-mails have links included, just remember that these links can be forged too. Take special care when the e-mail is non promotional in nature and contains signs of urgency or include account status threats.
Requests for Personal Information
Although Banks may request for your personal particulars for verification of your identity for interactions with the Bank via e-mail or phone, the Bank will not ask for your PIN or Password
If you have any doubt about the authenticity of a Maybank e-mail, forward the e-mail to firstname.lastname@example.org for our investigation.
How to Spot a Fake Web Site
A phishing e-mail will sometimes request you to click on a link embedded within the e-mail. The link will direct you to a fake web site designed to look like the Bank's site. Very often, the embedded link within the phishing e-mail will not match up to the URL of the site it takes you to.
Legitimate Maybank Singapore Web Addresses
To determine if the Web address in your browser is a real Maybank in Singapore address, look for ".maybank2u.com.sg/" or ".maybank.com.sg/" immediately before the first "/". In the below examples, notice that there must be a "." before maybank2u.com.sg for the address to be legitimate.
Examples of Real Maybank in Singapore Address:
Never click on a link in an e-mail if you are unsure of its origins, especially if the e-mail asks for personal information.
What do you do if you receive a phishing e-mail or are directed to a fake web site?
You are in complete control to prevent yourself from falling victim to phishing e-mails. Do not respond to these e-mails if you receive them. You should also never login using your PIN or Password using the links provided by such e-mails. Forward these e-mails to email@example.com for the Bank to investigate.
Reporting phishing e-mails is as easy as 1-2-3.
If you have any doubts on whether an e-mail or a Web Site is really from Maybank Singapore, here's how to report it:
- Forward the message to firstname.lastname@example.org
- Do not alter the subject line or forward the message as an attachment - doing so prevents us from investigating it further.
- Once you have forwarded the e-mail, you can then delete it from your e-mail account.