Top of main content

Protect yourself from Phishing

Online criminals are after your money. Here are some ways to help protect yourself

What is phishing?

Phishing is when a criminal sends you an email / SMS or calls you and try to get you to give them your passwords and bank details or clicks the embedded links, QR code or file attachment to implant malware to the victim's device.


The email / SMS will say it is from a legitimate organisation like a bank, online payment service or online retailer. It often looks very similar to an actual email / SMS sent by those companies, and it will contain a link or QR code that takes you to a website that also looks very similar to the organisation's genuine site.


Once you arrive at the fake site, it will usually prompt you to enter personal security information, such as your account number, PIN, security code or one time passwords (OTPs). The phishing site records everything you enter, and then uses your information to steal your money.

What are the types of phishing?

Criminals call out of the blue and may claim to be your bank, the police or another trusted organisation like your network provider. To make the call seem more convincing, they may already have some information about you, such as your account number, address and account details. They can also make the call seem authentic by making their phone number look like a number you know and trust. This is known as 'number spoofing'.


The caller will then try to persuade you to:


  1. transfer money to another account for 'safekeeping' or 'holding'
  2. withdraw cash and hand it over 'for investigation'
  3. give private information, which can then be used to gain access to your finances


If you're suspicious or feel vulnerable, immediately end the call and disregard messages from unregistered numbers asking for your CVV, Card Expiry Date, Credit Card PIN, or OTP. In case you've given them your banking details, call us immediately at +6328858-0000 or +6327976-8000 or +800-100-85-800 from overseas.

To spot a phishing email / SMS, ask yourself the following questions:

Smart Tips
  • Does it request personal information, like a credit card number or account password?
  • Were you expecting this message?
  • Does it have an attachment?
  • Does it ask you to do something unusual, like transfer money to an unknown source, or email / SMS your account details to someone?
  • Does the sender's email address or phone number match the name of the company that it claims to be from?
  • Is your email address or phone number different from the one that you gave that company?
  • Was it sent or cc'd to more than just you? 

How can I tell if I'm being phished?

Fake websites:

  • won't show the padlock symbol in the address bar when you log on
  • are poorly designed, with typos or bad spelling and grammar
  • have a different look and feel than the company's regular website

Phishing SMSes/emails:

  • make false claims pretending to be from the bank – e.g. fake incentives/rewards, and notifications of new payee/recipient or payments when you haven't done so
  • include a hyperlink requesting you to log on or enter sensitive personal information
  • could make use of spoofing tactics that mimic the bank as the sender of the message
Here’s an easy way to share your thoughts, stay informed and join the conversation. Follow us: