Notes on Network Security
DBS pays great attention to the maintenance of confidentiality of personal information and network safety. We spare no efforts to provide you with safe and secure online services in order to meet your needs with regards to iBanking.
We have adopted common network security technologies of the banking industry to protect your online transactions and information. In addition we have applied a series of online security measures including routers, firewalls and network intrusion detection system to ensure better protection.
We constantly adopt active steps to ensure that our online security solutions are up-to-date in order to meet service upgrading needs. Nevertheless, we hope that as users you can also actively participate in the security protection of your personal account, transaction information and online transaction.
At present, our online security applications and measures include:
"Phishing” refers to a case where fraudsters attempt to illegally access your key personal information such as your bank user name, password, identity card number and debit card number. They will use your information to access your account for illegal purposes. For example they will use debit card number which you inadvertently provide to bogus websites to conduct fraud.How is “Phishing" carried out?
Fraudsters engage in “Phishing” in a number of ways which can be summarized as follows:
Use similar e-mail addresses, trademarks or logos to make you mistake them for true e-mails or websites.
Use different ways to trick you into providing your personal information, e.g. providing hyperlinks to fraudulent websites or online forms attached to the e-mail.
Common examples: You may receive an e-mail claimed to be sent by DBS, requiring you to click on a hyperlink to enter certain website and make some necessary personal information updates under some conditions. Once you click the hyperlink you will be led to a website quite similar to our bank which requires you to enter your personal information for illegal access or utilization. Furthermore, e-mails sent by fraudsters may look vey similar to those from our bank, which may even have bank logos on them. Therefore you must be particular cautious and should not easily trust such e-mails.
For security reasons, under no circumstances will DBS demand online important personal information updates through e-mails.Why are fraudulent websites so similar to bank websites?
As anyone can download and replicate information from the internet, fraudsters can easily replicate a website that is almost identical to a legitimate organization.How to avoid being cheated by “Phishing”?
Do not log onto what is claimed to be DBS iBanking website through hyperlinks provided in suspicious e-mails. For security reasons, under no circumstances will DBS demand online important personal information updates through e-mails. Thus, any e-mail of this nature that you receive is fraudulent.
We recommend the following measures to avoid being drawn into “Phishing" scam:
Please contact our customer service center immediately if you suspect being cheated by fraudulent websites. Any report that you lodge will help us in identifying such fraudulent websites and take the appropriate action to stop them. Furthermore any relevant information that you provide can help our bank to notify customers in order for them to beware of such websites.
Recently there were fraudsters who sent false e-mails to bank customers and obtained their personal information. Such ruse had affected banks in numerous countries.
The e-mails easily misled customers to click false websites linked to them. They were websites that closely resembled bank websites such that customers were caught off-guard.
The e-mails usually claimed that customers needed to “update" or “confirm” their information, in order to trick customers into entering their user name, password, personal information and other banking-related confidential information. Once divulged such information would fall into the hands of fraudsters. Such fraudulent acts are usually known as “Phishing”.
For more information, please look under “phishing” or “e-mail bank scams” in this website.To avoid being cheated, please see the following measures:
Our bank recommends that customers be extra cautious in the use of any software that claims to be able to increase surfing speed. Such software or services may re-direct your online service to designated servers which will allow them to store and analyze your internet activities. When you use DBS or other encrypted online services, the relevant activities or input data such as user name, password, debit card number, banking and transaction records, etc. may as well be recorded by them.How do you protect your own interest?
Do not access DBS website on computers which have been installed with surveillance software or software that re-directs your online service.
If you install any software which claims to be able to enhance your online speed or add third-party tool to the browser, you may already be using software which monitors your online activity. We recommend that you delete the relevant software. You may do so by accessing the “Control Panel”, and select “Add/Delete Programs” to find and remove such program.
Be updated regularly on spyware and be cautious about whether your computer has activities which hint of spyware, for example, proliferation of pop-up advertisements when on the internet, or receiving numerous dubious e-mails which show your personal information.
Install and activate anti-virus, anti-spyware software and personal firewall of reputable software companies to protect your computer from being intruded by virus or malware. You should regularly update such software and relevant security patch.
Do not use public/shared computers or dubious devices to access DBS iBanking website, because you can never be sure whether it has been installed with hacking program, surveillance software or software which re-directs your online service.How DBS Bank protects your interest?
We closely monitor and intercept users who access our website using re-director software or spyware. If you have been denied access to our website, you may have inadvertently installed re-director software or spyware in your computer. Please remove such software.
Fake iBanking websites imitate our iBanking website with a high degree of accuracy. Nevertheless the following 4 steps can help you to confirm whether or not the website you have accessed is a true one.
Do not use your iBanking password on other financial or non-financial internet services such as e-mail, online shopping, electronic authentication or other online application services.
Make sure your computer is not subject to intrusion by virus and malware.
Avoid storing the user name/password when using Internet Explorer.
Avoid using public computer (e.g. computers in internet café) to access iBanking services.
Regularly check your bank account information and transaction records.
DO NOT disclose your ID, PIN, and SMS OTP to anyone
DBS staff will NEVER ask for such information.
If you are approached for this information, please inform us at 400 820 8988.
Date: 4 March 2015
Threat Type: Security Vulnerability
Alert Level: Amber
Description: A vulnerability known as “FREAK” has been discovered on OpenSSL implementations of SSL (Secure Socket Layer) and TLS (Transport Layer Security) which are used to encrypt communications between a website and a web browser (such as Internet Explorer, Safari) to keep the customer’s credentials and transactions secure. The vulnerability is present on websites that that use OpenSSL and accept weak encryption key length of 512 bits. When exploited, an attacker can break this weak encryption key which will allow him to steal secret information from web servers, such as the customer’s login credentials.
DBS/POSB iBanking and IDEAL do not use OpenSSL and RSA 512 bit encryption key and are not vulnerable to “FREAK”. You are assured that we have multiple layers of security in place such as 2FA for online banking transactions, to protect your online banking transactions.
However, it has also been reported that “FREAK” affects Apple’s Safari browser and Google’s Android browsers and could enable an attacker to spy on communications of users of these browsers. Both Apple and Google have since announced that a patch/software update is underway, to help mitigate this risk.
How can you protect yourself from this?
You are reminded to remain cautious when banking online: