• CIMB Pulse
  • Banking With Us
  • Digital Services
  • Promotions
  • Help & Support
  • Quicklinks
Savings Strategies
Investing My Money
Travel Tips
Planning For My Future
Thinking About Insurance
CIMB F.I.R.S.T
Investments
Other Services
Latest Promotions
Events
Rates & Charges
Download Center
FAQ
Regulations & Policies
Security & Fraud

Preventing Fraud

Feel safe knowing how we work with you to prevent fraud and identity theft. We take that extra initiative to protect you as well as inform you on how to stay safe online. 

Announcement

Be cautious of SMS scams targeting Bank customers

 

The Singapore Police Force has notified that there is a re-emergence of scams targeting Bank customers, where scammers may spoof the name of a Bank in an SMS, tricking victims into thinking that the messages were sent by the Bank.

 

The SMS would inform victims that their bank accounts had been “blocked” by local law enforcement agencies due to security issues. The message would also contain a link which leads to a phishing website. 

 

When the victims click on the link, they would be led to a phishing website that resembles the official site of the bank, requesting for their personal particulars, internet banking details and OTPs. After providing the details, the victims subsequently discovered that unauthorised transactions were made from their bank accounts.

 

Note: CIMB will never ask you to disclose, change or update your personal banking information via email, phone or SMS. If you suspect that you have been coaxed into entering a bogus bank site, please call us immediately at +65 6333 7777 or email AtYourService@cimb.com

 

Be cautious of unsolicited SMSes purporting to be from CIMB Bank

 

We have been notified that a number of our customers have received text messages that appear to be from CIMB Bank, offering personal loans to them. These text messages carry a bit.ly where you would be directed to a personal Whatsapp chat when you click on that link.

 

We would like to caution our customers that these messages are not sent by CIMB Bank and we urge you to report to us and the Singapore Police should you be a recipient of these text messages . Please continue to remain vigilant and do not respond to any suspicious messages you receive and when in doubt, please call us at the numbers below:

 

Banking Hotline: +65 6333 7777
Credit Card Hotline: +65 6333 6666

Bait Calls From Scammers Disguising Themselves As MOH

 

The Singapore Police Force (SPF) has alerted the public regarding scams using the Covid-19 outbreak as bait. These scammers would pose to be from the Ministry of Health (MOH), Singapore and claim to conduct contact tracing to detect potential infected individuals. If an individual falls victim to these claims, the scammer may ask for your internet banking login credentials. Customers are advised to take caution when receiving such calls.

 

MOH will never ask for your financial details during contact tracing calls. Please call the MOH hotline at +65 63259220 should you wish for verification when receiving such calls.

Phishing Emails From Senders Disguising Themselves As WHO

 

Since the declaring of Covid-19 a pandemic by the World Health Organization (WHO), Cybercriminals are refining their efforts to take advantage of the global health crisis. Hackers are using this crisis to create phishing emails designed to lure victims. These emails contain malicious attachments (eg. Excel) disguised as Covid-19 updates from senders pretending to be WHO, which are used to install remote-access Trojans or credentials stealing malware on victims' devices. Please refer to this link for further information.

 

Contact CIMB Bank Immediately:

 

Do not proceed further if you suspect a caller is asking you to conduct suspicious or unfamiliar actions or transactions, or think your CIMB accounts have been affected by such emails. Please call us immediately at +65 6333 7777 if you need any clarifications.

Be Cautious Of Phishing Websites Targeting CIMB Singapore Customers

 

We have been notified that there could be potential phishing websites that are designed to steal customers’ data in order to perform fraudulent transactions. They could be using URLs such as below that do not belong to CIMB Singapore:

 

cgs-cimb.com.sg.de

cimbbank.com.sg.de

cimbclicks.com.sg.de

cimbsecuree-pay.com.sg.de

 

The most common type of phishing scam is an email threatening serious consequences if you do not log in and take immediate action. A bogus link is usually provided in that email which leads to a fake website identical to the bank’s website.
 

Note: The bank will never ask you to disclose, change or update your personal banking information via email, phone or SMS. If you suspect that you have been coaxed into entering a bogus bank site, please call us immediately at +65 6333 7777 or email AtYourService@cimb.com.

The following is a common tactic that scammers use in job scams:

 

  • You are contacted, via social media or messaging apps, and given details of an attractive, commission-based job offer.
  • You are added into a group chat with others supposedly doing the same job. These other ‘job seekers’ will talk about how easy the job is and how quickly money can be made.
  • You are asked to take these steps: Add certain items to your shopping cart on an e-commerce site, take a screenshot of the shopping cart page, then transfer funds to a bank account.
  • You are told that this will help improve sales and are promised a full refund – with an attractive commission to boot.
  • You will be given refunds – with commission – as promised, for the first few purchases. However, you will be asked to pay for increasingly expensive items.
  • You will NOT get your money back after transferring a large sum of money.

 

Sample of a Job Scam as follows:

 

To safeguard your accounts, it is important for you to adopt these security practices:

 

  • Do not accept dubious or unsolicited job offers that offer lucrative returns for little effort.
  • Do not transfer money to people you do not know.
  • Do not disclose your card details, online banking login credentials or One-Time-Passwords (OTPs) to anyone.
  • Ensure that we have your latest contact details.
  • Have us notify you via SMS, email or push notification (e-Alerts) about transactions that took place in your account. Set your e-Alert threshold limits or change your settings via CIMB Clicks
  • Always read the e-Alerts carefully and call us immediately if you notice something amiss.
  • If you have an iOS device, consider downloading the ScamShield app – it blocks unsolicited messages and calls.
  • Visit https://www.scamshield.org.sg/ to find out more.

 

 *ScamShield is a 3rd party app recommended in the police advisory: https://www.police.gov.sg/media-room/news/20210529_scamshield_application_aids_in_scam_prevention_efforts and is not related to CIMB. CIMB disclaims any liability arising from the use of the app

The police have issued a media advisory alerting the public to a new type of scam: Getting you to scan Singpass QR codes so the fraudsters can access digital services and take certain actions in your name.

 

These scams involve fake surveys, purportedly conducted on behalf of reputable companies or organisations in Singapore. Upon completing the survey, the victim is asked to scan a Singpass QR code with his or her Singpass app – supposedly part of a verification process to retrieve the survey result so a monetary reward can be gained. The police warned that these Singpass QR codes were actually screenshots of legitimate websites and that scanning the codes and authorising transactions without further checks will grant the scammers access to certain online services.

 

To safeguard your accounts, it is important for you to adopt these security practices:

 

  • Never scan any Singpass QR codes sent to you by others. CIMB will not send you Singpass QR codes or links to Singpass QR codes via SMS, email or a messaging app.
  • Only scan the Singpass QR code on the official website of the digital service that you want to access or tap on the Singpass QR code on the official app of the digital service.
  • Always use only the official CIMB Clicks mobile banking app. Alternatively, go to our official CIMB website > Login.
  • Never provide your Access Code, PIN, card details or OTP (One-Time Password) to anyone. Do not key such information into unverified webpages.
  • Notify us immediately if you receive notification alerts for transactions that you did not initiate. Call only the Bank’s Personal hotline: CIMB website > Contact us. Our hotline number can also be found at the back of your debit/credit/ATM card.

Beware of latest SMS scams which direct you to call a fake hotline to resolve an issue with your bank account or credit card.

 

Sample of a scam SMS as follows:

 

 

To safeguard your accounts, it is important for you to adopt these security practices:

 

  • Never provide your Access Code, PIN, card details or OTP (One-Time Password) to anyone or key such information into unverified webpages;
  • To log in, always use CIMB’s mobile banking apps or go to the official CIMB website.
  • CIMB employees will never ask you to reveal your PIN/OTP or transfer funds to personal accounts; and
  • Never click on links in SMSes or emails that claim to be from CIMB

Security Tips For CIMB Clicks Internet Banking

We view your security with utmost importance. That's why we've provided you with some security tips to protect yourself from online security threats.  

Enhanced Security

CIMB Clicks Digital Token turns your mobile phone into a Digital Token to replace SMS One-Time Passwords (OTP) or physical security device to authenticate and perform high-risk transactions. 

 

 

Protect your Personal Information

DOs DON'Ts
Pay attention to your transaction alerts to ensure that you are approving a valid transaction. Check your account activities regularly through statements or via CIMB Clicks. In case of any unusual activity, please contact us immediately via any of our official channels here Never share confidential information such as your Credit Card number / Clicks ID / PIN / password / Authentication Code.
Verify unsolicited calls, SMS messages or emails with us via any of our official channels here.

In response to any call, SMS, email, if you wish to contact us, ONLY call the number on the back of your credit card or refer to CIMB website's “Get In Touch” page or email us at sg.cardcentre@cimb.com
Do not provide or respond to unsolicited calls, emails or SMS messages requesting for personal/banking credentials. CIMB will never request for your confidential information (e.g. PIN or Authentication Code) through email, SMS message or voice conversation.

Do not panic and give personal information to fraudsters impersonating representatives of government agencies etc. even if they deploy fear tactics. Immediately call the number on the back of your card to verify with CIMB.
  Never apply for credit cards or loans products through unverified links or individuals (unless they are authorised CIMB staff) promising a lower rate. Always visit the bank's website, instead of clicking on any unverified link, for the application of CIMB products.  
  Never provide or change your Bank-registered mobile number to any other than your own. Your registered number will receive notifications and Authentication Codes to access CIMB Clicks and verify your transactions.

Safeguarding your Credit Cards & PIN

DOs DON'Ts
Keep your Credit Card secure and ensure that your Credit Card number and PIN are not disclosed to any other person.
Do not write your Credit Card PIN anywhere which is easily accessible to anyone.
Cover the keypad with your other hand while keying in your Credit Card PIN at an ATM.
Never save your Credit Card details on your browser.
  Never use easy-to–guess Credit Card PINs such as date of birth.  

Protect Yourself Online

Protect yourself and your computer/mobile devices!
At CIMB Bank, we are committed to protect your online security and peace of mind. We use multiple layers of security to ensure that your Online Banking sessions are protected by a high level of security. However, you also play an important role in safeguarding your computer/mobile devices and your online information. Below are some recommendations on how to stay safe online below.

Install anti-virus and anti-malware software

Protect your devices from virus and malware by installing anti-virus and anti-malware software. To maximise your protection, update them regularly to ensure you always have the latest virus definition.

Avoid rooting or jailbreaking your mobile devices

It is not advisable to install or access CIMB Clicks Mobile App on a rooted or jailbroken mobile device as it poses potential risks to viruses and malicious software, making it vulnerable to fraudulent attacks. You are advised to download your Mobile Banking application only from authorised sources such as Apple App Store or Google Play Store.

Install a personal firewall
Firewall software and/or hardware helps provide a protective shield between your computer/mobile device and the Internet. This barrier can help prevent unauthorised people from gaining access to your computer/mobile device, reading information from it or placing viruses on it while you are connected to the Internet.

Install anti-spyware software
Spyware is a general term for hidden programs on your computer/mobile devices that track what you are doing on your computer/mobile devices. Spyware is often bundled together with file sharing, email virus checking or browser accelerator programs, and it is installed on your computer/mobile devices without your knowledge to intercept information about you and your computer/mobile devices. The type of information gathered can include personal Internet usage, and in some instances, confidential data such as passwords. You can download and run a specialist program designed to help identify and remove threats from spyware. Like an anti-virus program, it also needs to be regularly updated in order to recognise the latest threats.

Keep your browser and operating system up-to-date
From time to time security weaknesses or bugs are found in browsers and operating systems. Usually 'Service Packs' are issued by the software company to make sure these are fixed as quickly as possible. You should make regular checks on your software vendor's website and apply any new security patches as soon as possible to ensure you have the most updated security features available.

Avoid running programs or opening email attachments from any source you do not know or trust

You should avoid installing software or running programmes of unknown origin and avoid opening email attachments from any source you do not know or trust. We also recommend that you scan all email attachments for viruses and delete junk and chain emails on a regular basis. Also, never call a number appearing on an email you suspect is fraudulent. A phone telephone number may be used in the email.

 

Important note: The bank will never ask you to disclose, change or update your personal banking information via emails, phone or SMS. You could be coaxed into entering a bogus website that may look fraudulently identical to the bank’s site. If you have received any unauthorised request, please call us immediately at +65 6333 7777 or email to AtYourService@cimb.com

Avoid using public or shared computer/networks

You should never access online services or perform financial transactions from a publicly shared computer /network that cannot be trusted. (e.g internet kiosk at airport, internet café, library etc). It is not advisable to access your bank account via Wi-Fi connection, especially in public places like airports, hotels or shopping malls.

Types of Fraud

Scams

There are many forms of scams and they usually involve some form of impersonation, be it a government official, public servant or even a representative of an organisation like a bank or financial institution. Here are some more common ones.

 

Investment Scam

There may be instances when you receive unsolicited messages from persons claiming to be stock brokers, employees of banks or financial companies. Fraudsters will ask for your personal details such as NRIC and passport number, supposedly for an investment firm. Scammers will then ask you to transfer monies to banks, and pay administrative fees, security fees and taxes in order to receive the profits and returns.

Be cautious of the promise of high returns. Always check with a licensed financial advisor before engaging in any investments. Be wary when asked to send money overseas. Do not provide your name, identification number, passport details, contact details, bank account or credit card details to someone whom you do not know well.

 

Phishing Scam

What is 'Phishing'? 'Phishing' is a type of identity theft where criminals blast emails to a mass audience in their malicious attempt to bait you into fake websites. You will then be asked to disclose confidential financial and personal information, passwords, credit card numbers along with any other highly confidential questions.

The most common type of phishing scam is an email threatening serious consequences if you do not log in and take immediate action. A bogus link is usually provided in that email which leads to a fake website identical to the bank’s website.

Note: The bank will never ask you to disclose, change or update your personal banking information via email, phone or SMS. If you suspect that you have been coaxed into entering a bogus bank site or contacted by a caller posing to be a CIMB Bank staff, please call us immediately at +65 6333 7777 or email AtYourService@cimb.com.

 

Other Phishing Attacks

Smartphones have increasingly become an integral part of our lives, going beyond being a mere communication device. With mobile banking and e-payment options transforming the way purchases are made, the ability to transact through smartphones and mobile devices is gaining acceptance among consumers.

 

As a result, cybercriminals have created well-crafted phishing tricks that target mobile device users, with the latest being iOS users. The majority of these mobile phishing attacks come from gaming apps, third party apps and untrusted free apps. Such attacks may result in stolen credentials which can lead to financial loss. Below is an example of what happens:

Phishers replicate the routine “Sign in to iTunes Store” pop-up, which can’t be easily differentiated. Users who sign in their details unknowingly, can have their personal data or credit card details stolen. Protect yourself by:

a) Not signing in from any pop-up box. Where necessary, enter your credentials through “Settings”
b) Using 2-Factor authentication as an added level of protection
c) Pressing the “Home” button. If both the application and the pop-up close, it is likely to be a phishing attack.

 

Money Muling Scam

For fraudsters, transferring stolen funds directly into their accounts would make their whereabouts and activities easily traced by law enforcement agencies. In an effort to stay under the radar, money mules are recruited or used to help facilitate the movement of funds to the criminals. In other words, money mules are used specifically to receive and transfer out stolen money.

Fraudsters will try to recruit customers to use their personal banking account as intermediary accounts by promising them rewards. Recruitment will normally be promoted via social media, chat sessions or even newspaper ads offering work-from-home job offers.

For more information on scams, kindly visit www.scamalert.sg

Security Alert

Stagefright Bug

A vulnerability is found on Android devices affecting almost 95% of its users. Attackers can exploit this bug through MMS (a type of message which can include text, sound, images and video) which allows them to take control of such devices.

 

Tips to prevent being attacked:

  • Ensure you have the latest Android upgrade/patch installed
  • Disable auto-retrieval of MMS

 

Ransomware

1. What is ransomware?
Ransomware is a type of malicious software designed to block access to a victim's computer or files and locks it/them until a sum of money is paid (hence the name ransomware).

 

A well-known variant of ransomware is called WannaCry (aka WCry) that presents itself through a large-scale cyberattack. It targets vulnerable Microsoft Windows systems and encrypt data files on infected computers. Users are demanded to pay a US$300 ransom in bitcoin to decrypt their files. The ransom amount is doubled after three days. If payment is not made after seven days, the encrypted files will be deleted.

 

2. How do you get infected:
You can be infected when you unknowingly download ransomware from compromised websites, spammed emails or other malware.

 

3. Best practices to avoid malware infection:

  • Always exercise caution when visiting new or unfamiliar websites.
  • Never download an App that hasn't been verified by an official store, and read reviews before installing programs.
  • Be cautious when you receive an email with an attachment from unknown senders that contain suspicious subjects. Be careful when opening files such as MS Word and Adobe PDF as they may not be real documents but malware.

 

4. Protect your data:
Having a regularly updated backup is an effective control to mitigate the loss of data due to ransomware.

 

DYRE Malware

A new variant of malware known as 'DYRE' is targeting online banking customers. The malware started from phishing emails. Hence, please do not respond or click on any hyperlink in an email to access to your Online Banking websites. Phishing email aims to steal your Online Banking User ID and Password.

 

These may be some of the signs that your computer could be infected by ‘DYRE’:

  • You are prompted to enter your User ID and Password repeatedly
  • Your computer seems to be running very slowly compared to the usual
  • Unfamiliar screen after you login to your Online Banking site

 

Dridex Malware

Dridex operates by first arriving on a user's computer as a malicious spam email with a Microsoft Word document attached to the email. If the user opens the document, a macro embedded in the document will trigger a download of the Dridex banking malware, enabling it to first steal banking credentials and then attempt to generate fraudulent financial transactions. 

 

Bad Rabbit Ransomware

A new strain of ransomware dubbed 'Bad Rabbit' is spreading across Europe and Russia.

 

The ransomware is said to use Adobe Flash player installer updates (install_flash_player.exe) to disguise itself, tricking victims into installing these updates.  Once the machine is infected, it will encrypt Windows files and operating system. The user subsequently receives a ransom note to unlock and decrypt the files and machine.  An infected system is used to continue spreading the ransomware through the network and infect other workstations.

Security Tips

It is advisable to download the latest anti-virus and scan your devices regularly. This is to ensure that your online financial transactions are not performed using infected devices. Please stay vigilant when banking online. Please call us immediately at +65 6333 7777 or email to AtYourService@cimb.com when you suspect something is amiss.