Phishing Security Advisory: Awareness and Protection
As part of our ongoing efforts to safeguard our customers against the potential financial gains or identity theft by fraudsters through use of "Phishing" AIA intends to educate and bring about security awareness of "Phishing" scams.
What is Phishing?
Phishing (pronounced "fishing") is a technique used by fraudsters to obtain sensitive personal information such as your account details, PIN, credit card number, user ID or password through the Internet. Once such sensitive information is obtained from you, the fraudsters will access your account to perform illegal or fraudulent transactions.
What are the tell tale signs?
Typically, it can be seen as a form of social engineering technique used by fraudsters in exploiting human weakness into believing!
Many tricks are involved in phishing scams. The most common method is sending you a spoofed email purporting to be from your bank, credit card company or service provider and asking you to "confirm" your personal information for some unforeseen reasons. Typically, the email will contain a link to a phony website that looks near-replicas of the real one, making it hard even for experts to differentiate between the real and phony websites. Once you divulge your personal information via the links embedded within the email to the phony websites, you would have fallen victim to the phishing scam!
Worse still, some emails contain viruses, worms or Trojans, which will allow fraudsters to monitor your every keystroke and capture your personal information and then BECOMING YOU!
The email will usually use one of the following tactics to trick you into acting on their instructions:
"Your account is currently being updated as we are introducing a new security system. Follow the instructions below to reactivate your account."
"Your credit card is the subject of a police investigation for fraud. Please follow the instructions below."
"Our records indicate that payment for your Internet account is due. We are also currently introducing a new e-payment service. Please follow the instructions below."
"You are the lucky winner of our lucky draw. Please submit your credit card details so that we can verify your identity."
The following are examples of the instructions you may be asked to follow:
"Please provide a return email with your account details, PIN or credit card number. We will reactivate your account as soon as we receive your email."
"Please click on the hyperlink below to update your personal details."
"Please click on the attachment below. This will automatically generate an alert on our side. We will update your account and inform you."
How do you protect yourself?
Always enter the full AIA website address into your browser address bar. Do not click on embedded links within emails that seeks disclosure of personal information from you.
If you are accessing AIA online applications over the Internet, look for a padlock icon at the bottom right of the web browser and click on the padlock to check the domain name in the digital certificate. Only enter financial or personal information on a secure website.
Be alert of "phishy" emails pretending to be from a legitimate source seeking to "confirm" your personal information. Your Financial Institution should never send you emails asking you to divulge any confidential or personal information. Contact the purported sender by means other than email to confirm the authenticity of the message.
Never enter your personal information in a pop-up screen even if it seems to be coming from the real website. You should never reveal your PASSWORD to anyone nor should your Financial Institution should ever ask for your PASSWORD for whatever reasons.
Beware of "pharming" which is the latest version of online ID theft through which a virus or malicious program is secretly planted in your computer and where your web browser is hijacked. Protect your computer with anti-virus, anti-spyware, spam filters and a firewall and keep them up-to-date!
Know that phishing can also happen by phone. If someone contacts you and says you have been a victim of fraud, always verify the person's identity before divulging your personal information.
Report if you are a recipient of a phishing scam and Act immediately if you have been hooked by a phisher!
Where do you go for help?
If you have reasons to believe that the phisher was impersonating or you have fallen victim to phishing, you can report IT Security incidents to AIA Singapore IT Helpdesk.