Security Advisory – How to protect yourself from the security threat?
What is a Phishing scam?
Phishing is a form of identity theft or data theft that attempts to trick you into revealing personal or financial information by visiting a website or by clicking on a link. Phishing attacks typically use phony websites or email messages that appear to be from trusted businesses and brands in order to steal personal information such as usernames, passwords, credit card numbers etc.
The attachments may purport to be invoices, business accounting documents, user account information or other seemingly work-related attachments. When the attachments are opened, the malware infects your computers or devices to steal personal information, as well as login credentials.
How to protect yourself?
-
Do not click on any suspicious link or open any attachment as this is the first clue of a phishing attempt. Instead, always enter the full URL for Income web site into your browser address bar.
-
Avoid downloading applications from unofficial third-party application stores.
-
Always ensure that you’re using a secure website when submitting personal or other sensitive information via your web browser.
-
Ensure your devices are updated with the latest anti-virus software, software security patches and have a personal firewall installed and activated.
-
Do not reveal your online login password, One-Time-Password (OTP) or hardware token details to anyone. (Note: Income will never ask you for your password for whatever reasons.)
Learn more on how to spot phishing
What is a Phone Scam?
There are recent scams targeting Singapore residents via interactive automated voice message. The calls claim to be made from courier companies, banks or the police. If you receive an unexpected phone call from someone purporting to be an official from banks, DHL, customs, police, be wary as this could be a scam call.
In another variant of this scam, the caller might claim to be an employee or representative of financial / banking institutions who then asks – and even threatens – you to give them personal particulars such as passport or online login credentials or One-Time Password (OTP).
How to protect yourself?
-
Do not follow the caller’s instructions
-
Refrain from giving online login details, credit card numbers, OTP codes from tokens or passport numbers to strangers over the phone.
- If you have any information related to such crime, please call the Police hotline.
What is a Malware?
Malware (short for “malicious software”) is considered an annoying or harmful type of software intended to secretly access a device without the knowledge of the owner. Once your computers or devices are infected, the malware will attempt to steal your login and authorization credentials (such as password, one time password (OTP) or other personal information.) by altering the login flow of the Income website.
You should take precaution and not let your devices be infected by malware.
How to protect yourself from Malware:
-
Do not click on hyperlinks, attachments provided in emails messages from suspicious or unknown sources.
-
Avoid accessing unknown and unsecured websites.
-
Install and maintain the latest anti-virus software on your mobile devices / computer.
-
Secure your mobile device with a password, pin or a relevant mechanism to prevent unauthorised use.
-
Do not reveal your online login password, One-Time-Password (OTP) or hardware token details to anyone.
-
Keep us updated with your current mobile number and email address so you are alerted to transactions or account activity.
Creating a strong password:
-
Your password should comprise at least 8 alphanumeric characters with a mix of upper and lower case letters.
-
Use the passphrase method to create a password that is difficult for others to guess.
-
Do not choose a dictionary word as your password.
-
Do not reveal your password to anyone.
-
Do not store your passwords on your computer or write them down.
-
Change your passwords regularly.
-
Log out and clear the browser cache after all transactions.