What is a Phishing Scam?

Phishing is a type of online scam where cybercriminals pretend to be trusted organizations (like banks, delivery companies, or government agencies) to trick you into giving personal or financial information — usually through fake emails, websites, or messages.

How to spot a Phishing Scam? (Common Warning Signs)

  1. You receive an email, SMS, or WhatsApp from a “bank” or “official body” asking you to click a link.
  2. The message creates urgency — like account deactivation, unpaid bills, or suspicious activity.
  3. There’s a link that looks real but takes you to a fake website.
  4. You’re asked to log in or provide personal details like your IC number, password, or OTP.
  5. The email or message may contain spelling errors, odd formatting, or unfamiliar sender addresses.

How to prevent a Phishing Scam?

  1. Never click on links or download attachments from unknown or suspicious emails/SMS.
  2. Always check the sender’s email address or phone number carefully.
  3. Do not share sensitive info (like passwords or OTPs) through messages or calls.
  4. Access websites by typing the URL directly, not by clicking links.
  5. When in doubt, call the organization directly using a verified number.

Example of Phishing Scam Scenario:

Sofea received an SMS that looked like it came from her bank, stating her account would be blocked unless she verified her information. The SMS included a link that looked like the bank’s website. She clicked and entered her username, password, and OTP. Minutes later, she received a notification — a large transaction had been made from her account. When she contacted the bank, they confirmed it was a phishing scam.

What Went Wrong:

  1. Sofea trusted an SMS without verifying the source.
  2. She clicked a suspicious link and entered her login info.
  3. She gave away her OTP, allowing the scammer to complete the transaction.

Lesson Learned:

  • Never trust links from SMS or emails, especially if they ask for personal or banking info. Real banks will never ask you to verify details this way.
  • Always use official websites or contact customer service to confirm any alerts.