Security Advisory

PROTECTING YOU FROM SCAMS

Additional measures protecting you from scams

Sing Investments & Finance Limited (SIF) is committed to protecting you against phishing scams. We are implementing additional measures to safeguard your online experience with us that include:

  • Removal of clickable links in emails or SMS sent to you. If you receive an SMS from SIF that contains a link to a website, it is likely from a scammer. Please do not click on the link.
  • Default setting of threshold for funds transfer transaction notifications to customers at 1 cent and you can change it to your preferred amount. You will be updated whenever there is a debit transaction in your account.
  • Notification to both your existing and new mobile number registered with SIF whenever there is a request to change your mobile number. If you receive an alert on changes to your mobile number that are not initiated by you, you should call our official hotline at 64387060 immediately to report possible fraud.

If in doubt, call our official hotline at 64387060 or email to reportscam@sif.com.sg to report possible fraud.

Go to ScamAlert.sg to learn more about scams and how to protect yourself against them.

Watch out for phishing emails and protect yourself against scam

There has been an increase in phishing emails appearing to be from Sing Investments & Finance Limited (SIF).

These emails may contain hyperlinks directing you to a fake SIF website that requires you to provide your online transaction credentials such as Log-in ID, Password or One-Time PIN.

This may result in unauthorised access to your e-service accounts for malicious intent.

Sample of a phishing email:

DOs and DON’Ts

DOs:

  • Do use Sing Investments & Finance’s official SIF BIZ online/mobile applications;
  • Do type the URL of SIF website directly into the address bar of the browser when assessing via Internet;
  • Do read carefully the SMS alerts sent to your mobile phone for your transactions. Inform SIF immediately if the transaction is suspicious; and
  • Do inform SIF immediately when you change in your contact details such as mobile number or email address

DON’Ts

  • Don’t respond to unsolicited SMS or emails requesting for SIF BIZ Online/Mobile credentials such as Log-in ID, Password or One-Time PIN. SIF will not request for your PIN or OTP through email, SMS or phone call;
  • Don’t transfer funds to any unknown parties;

If in doubt, call our official hotline at 64387060 or email to reportscam@sif.com.sg to report possible fraud.

Go to  ScamAlert.sg to learn more about scams and how to protect yourself against them.

Identify SUSPICIOUS emails to avoid email phishing attack

The first step in the battle against phishing emails is to identify them. We should promote an anti-phishing culture and cultivate awareness among us to report a phishing email immediately and warn one another.

To ensure you do not fall prey to scams, you should know how to identify SUSPICIOUS emails and protect yourselves against email phishing attack as follows:

1. Strange Tone or Greeting
Emails that make you feel strange are suspicious. For instance, a family member becoming a little more formal or a colleague suddenly addressing you differently in a manner that has never been done before or a general “Hi” greeting without indicating any name.

2. Urgency Threat
Emails that threaten negative consequences should be treated with caution. Another tactic is to use a sense of urgency to encourage, or even demand, immediate action to fluster or distract the receiver. The scammer hopes that by reading the email in haste, the content might not be examined thoroughly so that other inconsistencies associated with a phishing campaign may pass undetected.

3. Short and Sweet
Emails from people at an unknown company with a simple and vague message “here’s what you requested” and an attachment entitled “additional information” are hoping they will get lucky.

4. Personal Detail Request e.g. Credentials or Payment Information
Protect your credentials and devices. Do not reveal your online credentials, such as your PIN or OTP, to anyone. Email that directs you to a web page by clicking a link for online payment in an official looking email should be treated with caution. If the email looks suspicious, you should visit the website indicated in the email by typing in the URL instead of clicking on a link in the email to avoid exposing your login credentials to fake website or making payment to the attacker.

5. Inconsistencies in Email Addresses, Links & Domain Names
Emails that have inconsistencies in email addresses, links and domain names are suspicious. For instance, an email that is allegedly from xyz company but the domain of the link does not include “xyz.com” is a huge giveaway. If the domain names don’t match, don’t click.

6. Clicking on attachments or links in the email
Emails with attached files having an extension commonly associated with malware downloads (.zip, .exe, .scr, etc.) or have an unfamiliar extension should be treated with caution. Never click on any suspicious attachments or links from emails, or install any programme from unknown or questionable sources. Sing Investments & Finance Ltd will not send you any email with clickable links. Our ONLY official website is www.sif.com.sg. Please do not click on the link to any other website to access our E-services.

7. Incorrect Use of Grammar and Spelling Errors
Emails with spelling mistakes and incorrect use of grammar are common signs of phishing. You would expect emails originating from a professional source to be free of grammar and spelling errors.

8. Offers that are too good to be true
Emails informing that you have won a prize, will qualify for a prize if you reply to the email, or will benefit from a discount by clicking on a link or opening an attachment is suspicious. If this is unexpected and too good to be true, it is likely that the email is malicious.

9. Unusual Request
Emails from your IT team asking for a program to be installed followed by a link to patch the PC is suspicious. This type of activity is typically not handled by the common users and is a big clue that you have received a phishing email. You should not follow the instructions and inform your IT department immediately.

10. See Something, Say Something
“If you see something, say something” should be practised in the workplace. Familiarise your employees with spotting and reporting suspicious email. If one of the employees is the subject of a phishing attack, other employees will be as well. It is important that employees support one another to report phishing emails they have identified or opened.

If in doubt, call our official hotline at 64387060 or email to reportscam@sif.com.sg to report possible fraud.

Go to ScamAlert.sg to learn more about scams and how to protect yourself against them.

Watch out for phishing SMSes and protect yourself against scams

Beware of SMS scams directing you to call a fake phone number or click on to a link to resolve an issue with your Log-in ID or account.

DOs and DON’Ts

DOs:

  • Do use Sing Investments & Finance Ltd’s official SIF BIZ Online/Mobile applications;
  • Do type the URL of SIF website directly into the address bar of the browser when assessing via Internet; and
  • Do call our official hotline at 64387060 or email to reportscam@sif.com.sg if:
    • You know of any suspected fraud or transactions not performed by you;
    • You are aware of any compromise or loss of your security device or security details;
    • You received an SMS or email alert for transactions not performed by you; or
    • You are alerted on change of daily withdrawal limit or addition of beneficiary for transfer to an account not performed by you.

DON’Ts

  • Don’t click on any links in SMSes claiming to be from SIF. SIF will not send you any SMSes with clickable links;
  • Don’t provide your Log-in ID, Password or One-Time Pin to anyone or key in these information into unverified webpages. SIF will not ask you to reveal such information through SMSes or phone calls.

If in doubt, call our official hotline at 64387060 or email to reportscam@sif.com.sg to report possible fraud.

Go to  ScamAlert.sg to learn more about scams and how to protect yourself against them.

Watch out for phishing websites and protect yourself against scam