• CIMB Pulse
  • Banking With Us
  • Digital Services
  • Promotions
  • Help & Support
  • Quicklinks
Savings Strategies
Investing My Money
Travel Tips
Planning For My Future
CIMB F.I.R.S.T
Investments
Other Services
Latest Promotions
Rates & Charges
Download Center
FAQ
Regulations & Policies
Security & Fraud

Preventing Fraud

Feel safe knowing how we work with you to prevent fraud and identity theft. We take that extra initiative to protect you as well as inform you on how to stay safe online. 

Announcement

Be cautious of unsolicited SMSes purporting to be from CIMB Bank

 

We have been notified that a number of our customers have received text messages that appear to be from CIMB Bank, offering personal loans to them. These text messages carry a bit.ly where you would be directed to a personal Whatsapp chat when you click on that link.

 

We would like to caution our customers that these messages are not sent by CIMB Bank and we urge you to report to us and the Singapore Police should you be a recipient of these text messages . Please continue to remain vigilant and do not respond to any suspicious messages you receive and when in doubt, please call us at the numbers below:

 

Banking Hotline: +65 6333 77777
Credit Card Hotline: +65 6333 6666

Bait Calls From Scammers Disguising Themselves As MOH

 

The Singapore Police Force (SPF) has alerted the public regarding scams using the Covid-19 outbreak as bait. These scammers would pose to be from the Ministry of Health (MOH), Singapore and claim to conduct contact tracing to detect potential infected individuals. If an individual falls victim to these claims, the scammer may ask for your internet banking login credentials. Customers are advised to take caution when receiving such calls.

 

MOH will never ask for your financial details during contact tracing calls. Please call the MOH hotline at +65 63259220 should you wish for verification when receiving such calls.

Phishing Emails From Senders Disguising Themselves As WHO

 

Since the declaring of Covid-19 a pandemic by the World Health Organization (WHO), Cybercriminals are refining their efforts to take advantage of the global health crisis. Hackers are using this crisis to create phishing emails designed to lure victims. These emails contain malicious attachments (eg. Excel) disguised as Covid-19 updates from senders pretending to be WHO, which are used to install remote-access Trojans or credentials stealing malware on victims' devices. Please refer to this link for further information.

 

Contact CIMB Bank Immediately:

 

Do not proceed further if you suspect a caller is asking you to conduct suspicious or unfamiliar actions or transactions, or think your CIMB accounts have been affected by such emails. Please call us immediately at +65 6333 7777 if you need any clarifications.

Be Cautious Of Phishing Websites Targeting CIMB Singapore Customers

 

We have been notified that there could be potential phishing websites that are designed to steal customers’ data in order to perform fraudulent transactions. They could be using URLs such as below that do not belong to CIMB Singapore:

 

cgs-cimb.com.sg.de

cimbbank.com.sg.de

cimbclicks.com.sg.de

cimbsecuree-pay.com.sg.de

 

The most common type of phishing scam is an email threatening serious consequences if you do not log in and take immediate action. A bogus link is usually provided in that email which leads to a fake website identical to the bank’s website.
 

Note: The bank will never ask you to disclose, change or update your personal banking information via email, phone or SMS. If you suspect that you have been coaxed into entering a bogus bank site, please call us immediately at +65 6333 7777 or email AtYourService@cimb.com.

Security Tips For CIMB Clicks Internet Banking

We view your security with utmost importance. That's why we've provided you with some security tips to protect yourself from online security threats.  

Enhanced Security

CIMB Clicks Digital Token is a digital security token enabled into your Clicks Mobile application to replace your physical token.

 

 

Protect your Personal Information

DOs DON'Ts
Pay attention to your transaction alerts to ensure that you are approving a valid transaction. Check your account activities regularly through statements or via CIMB Clicks. In case of any unusual activity, please contact us immediately via any of our official channels here Never share confidential information such as your Credit Card number / Clicks ID / PIN / password / Authentication Code.
Verify unsolicited calls, SMS messages or emails with us via any of our official channels here.

In response to any call, SMS, email, if you wish to contact us, ONLY call the number on the back of your credit card or refer to CIMB website's “Get In Touch” page or email us at sg.cardcentre@cimb.com
Do not provide or respond to unsolicited calls, emails or SMS messages requesting for personal/banking credentials. CIMB will never request for your confidential information (e.g. PIN or Authentication Code) through email, SMS message or voice conversation.

Do not panic and give personal information to fraudsters impersonating representatives of government agencies etc. even if they deploy fear tactics. Immediately call the number on the back of your card to verify with CIMB.
  Never apply for credit cards or loans products through unverified links or individuals (unless they are authorised CIMB staff) promising a lower rate. Always visit the bank's website, instead of clicking on any unverified link, for the application of CIMB products.  
  Never provide or change your Bank-registered mobile number to any other than your own. Your registered number will receive notifications and Authentication Codes to access CIMB Clicks and verify your transactions.

Safeguarding your Credit Cards & PIN

DOs DON'Ts
Keep your Credit Card secure and ensure that your Credit Card number and PIN are not disclosed to any other person.
Do not write your Credit Card PIN anywhere which is easily accessible to anyone.
Cover the keypad with your other hand while keying in your Credit Card PIN at an ATM.
Never save your Credit Card details on your browser.
  Never use easy-to–guess Credit Card PINs such as date of birth.  

Protect Yourself Online

Protect yourself and your computer/mobile devices!
At CIMB Bank, we are committed to protect your online security and peace of mind. We use multiple layers of security to ensure that your Online Banking sessions are protected by a high level of security. However, you also play an important role in safeguarding your computer/mobile devices and your online information. Below are some recommendations on how to stay safe online below.

Install anti-virus and anti-malware software

Protect your devices from virus and malware by installing anti-virus and anti-malware software. To maximise your protection, update them regularly to ensure you always have the latest virus definition.

Avoid rooting or jailbreaking your mobile devices

It is not advisable to install or access CIMB Clicks Mobile App on a rooted or jailbroken mobile device as it poses potential risks to viruses and malicious software, making it vulnerable to fraudulent attacks. You are advised to download your Mobile Banking application only from authorised sources such as Apple App Store or Google Play Store.

Install a personal firewall
Firewall software and/or hardware helps provide a protective shield between your computer/mobile device and the Internet. This barrier can help prevent unauthorised people from gaining access to your computer/mobile device, reading information from it or placing viruses on it while you are connected to the Internet.

Install anti-spyware software
Spyware is a general term for hidden programs on your computer/mobile devices that track what you are doing on your computer/mobile devices. Spyware is often bundled together with file sharing, email virus checking or browser accelerator programs, and it is installed on your computer/mobile devices without your knowledge to intercept information about you and your computer/mobile devices. The type of information gathered can include personal Internet usage, and in some instances, confidential data such as passwords. You can download and run a specialist program designed to help identify and remove threats from spyware. Like an anti-virus program, it also needs to be regularly updated in order to recognise the latest threats.

Keep your browser and operating system up-to-date
From time to time security weaknesses or bugs are found in browsers and operating systems. Usually 'Service Packs' are issued by the software company to make sure these are fixed as quickly as possible. You should make regular checks on your software vendor's website and apply any new security patches as soon as possible to ensure you have the most updated security features available.

Avoid running programs or opening email attachments from any source you do not know or trust

You should avoid installing software or running programmes of unknown origin and avoid opening email attachments from any source you do not know or trust. We also recommend that you scan all email attachments for viruses and delete junk and chain emails on a regular basis. Also, never call a number appearing on an email you suspect is fraudulent. A phone telephone number may be used in the email.

 

Important note: The bank will never ask you to disclose, change or update your personal banking information via emails, phone or SMS. You could be coaxed into entering a bogus website that may look fraudulently identical to the bank’s site. If you have received any unauthorised request, please call us immediately at +65 6333 7777 or email to AtYourService@cimb.com

Avoid using public or shared computer/networks

You should never access online services or perform financial transactions from a publicly shared computer /network that cannot be trusted. (e.g internet kiosk at airport, internet café, library etc). It is not advisable to access your bank account via Wi-Fi connection, especially in public places like airports, hotels or shopping malls.

Types of Fraud

Scams

There are many forms of scams and they usually involve some form of impersonation, be it a government official, public servant or even a representative of an organisation like a bank or financial institution. Here are some more common ones.

 

Investment Scam

There may be instances when you receive unsolicited messages from persons claiming to be stock brokers, employees of banks or financial companies. Fraudsters will ask for your personal details such as NRIC and passport number, supposedly for an investment firm. Scammers will then ask you to transfer monies to banks, and pay administrative fees, security fees and taxes in order to receive the profits and returns.

Be cautious of the promise of high returns. Always check with a licensed financial advisor before engaging in any investments. Be wary when asked to send money overseas. Do not provide your name, identification number, passport details, contact details, bank account or credit card details to someone whom you do not know well.

 

Phishing Scam

What is 'Phishing'? 'Phishing' is a type of identity theft where criminals blast emails to a mass audience in their malicious attempt to bait you into fake websites. You will then be asked to disclose confidential financial and personal information, passwords, credit card numbers along with any other highly confidential questions.

The most common type of phishing scam is an email threatening serious consequences if you do not log in and take immediate action. A bogus link is usually provided in that email which leads to a fake website identical to the bank’s website.

Note: The bank will never ask you to disclose, change or update your personal banking information via email, phone or SMS. If you suspect that you have been coaxed into entering a bogus bank site or contacted by a caller posing to be a CIMB Bank staff, please call us immediately at +65 6333 7777 or email AtYourService@cimb.com.

 

Other Phishing Attacks

Smartphones have increasingly become an integral part of our lives, going beyond being a mere communication device. With mobile banking and e-payment options transforming the way purchases are made, the ability to transact through smartphones and mobile devices is gaining acceptance among consumers.

 

As a result, cybercriminals have created well-crafted phishing tricks that target mobile device users, with the latest being iOS users. The majority of these mobile phishing attacks come from gaming apps, third party apps and untrusted free apps. Such attacks may result in stolen credentials which can lead to financial loss. Below is an example of what happens:

Phishers replicate the routine “Sign in to iTunes Store” pop-up, which can’t be easily differentiated. Users who sign in their details unknowingly, can have their personal data or credit card details stolen. Protect yourself by:

a) Not signing in from any pop-up box. Where necessary, enter your credentials through “Settings”
b) Using 2-Factor authentication as an added level of protection
c) Pressing the “Home” button. If both the application and the pop-up close, it is likely to be a phishing attack.

 

Money Muling Scam

For fraudsters, transferring stolen funds directly into their accounts would make their whereabouts and activities easily traced by law enforcement agencies. In an effort to stay under the radar, money mules are recruited or used to help facilitate the movement of funds to the criminals. In other words, money mules are used specifically to receive and transfer out stolen money.

Fraudsters will try to recruit customers to use their personal banking account as intermediary accounts by promising them rewards. Recruitment will normally be promoted via social media, chat sessions or even newspaper ads offering work-from-home job offers.

For more information on scams, kindly visit www.scamalert.sg

Security Alert

Stagefright Bug

A vulnerability is found on Android devices affecting almost 95% of its users. Attackers can exploit this bug through MMS (a type of message which can include text, sound, images and video) which allows them to take control of such devices.

 

Tips to prevent being attacked:

  • Ensure you have the latest Android upgrade/patch installed
  • Disable auto-retrieval of MMS

 

Ransomware

1. What is ransomware?
Ransomware is a type of malicious software designed to block access to a victim's computer or files and locks it/them until a sum of money is paid (hence the name ransomware).

 

A well-known variant of ransomware is called WannaCry (aka WCry) that presents itself through a large-scale cyberattack. It targets vulnerable Microsoft Windows systems and encrypt data files on infected computers. Users are demanded to pay a US$300 ransom in bitcoin to decrypt their files. The ransom amount is doubled after three days. If payment is not made after seven days, the encrypted files will be deleted.

 

2. How do you get infected:
You can be infected when you unknowingly download ransomware from compromised websites, spammed emails or other malware.

 

3. Best practices to avoid malware infection:

  • Always exercise caution when visiting new or unfamiliar websites.
  • Never download an App that hasn't been verified by an official store, and read reviews before installing programs.
  • Be cautious when you receive an email with an attachment from unknown senders that contain suspicious subjects. Be careful when opening files such as MS Word and Adobe PDF as they may not be real documents but malware.

 

4. Protect your data:
Having a regularly updated backup is an effective control to mitigate the loss of data due to ransomware.

 

DYRE Malware

A new variant of malware known as 'DYRE' is targeting online banking customers. The malware started from phishing emails. Hence, please do not respond or click on any hyperlink in an email to access to your Online Banking websites. Phishing email aims to steal your Online Banking User ID and Password.

 

These may be some of the signs that your computer could be infected by ‘DYRE’:

  • You are prompted to enter your User ID and Password repeatedly
  • Your computer seems to be running very slowly compared to the usual
  • Unfamiliar screen after you login to your Online Banking site

 

Dridex Malware

Dridex operates by first arriving on a user's computer as a malicious spam email with a Microsoft Word document attached to the email. If the user opens the document, a macro embedded in the document will trigger a download of the Dridex banking malware, enabling it to first steal banking credentials and then attempt to generate fraudulent financial transactions. 

 

Bad Rabbit Ransomware

A new strain of ransomware dubbed 'Bad Rabbit' is spreading across Europe and Russia.

 

The ransomware is said to use Adobe Flash player installer updates (install_flash_player.exe) to disguise itself, tricking victims into installing these updates.  Once the machine is infected, it will encrypt Windows files and operating system. The user subsequently receives a ransom note to unlock and decrypt the files and machine.  An infected system is used to continue spreading the ransomware through the network and infect other workstations.

Security Tips

It is advisable to download the latest anti-virus and scan your devices regularly. This is to ensure that your online financial transactions are not performed using infected devices. Please stay vigilant when banking online. Please call us immediately at +65 6333 7777 or email to AtYourService@cimb.com when you suspect something is amiss.