Are you one of SingTel's customers in Singapore who received an alert message from the telco recently?
The message goes like this: "Some customers may have received e-mail messages from a sender named 'Service SingTel' (firstname.lastname@example.org) requesting them to provide personal information and credit card details to rectify a bill payment issue."
If you have received a message like that and have acted upon it, you must be alarmed. That is because, according to SingTel, these e-mails are part of an illegal phishing scam designed to obtain customers' personal information and passwords.
"They are not issued by SingTel, and we advise our customers to ignore them," said SingTel in its message.
The telco added that as a precaution, customers are advised to ignore e-mails from unfamiliar sources and exercise caution when providing personal details online, in competitions, lucky draws, surveys and feedback forms.
Phishing scams on the rise
"Based on our observations in and monitoring of the security space, phishing attacks have been on the rise," said Jeffery Kok, technical consultant director, Asia Pacific and Japan, RSA. He said that according to data published by the RSA Anti-Fraud Command Center, phishing attacks in January 2012 have been up 42 percent month over month, and up 83 percent from January 2011.
"There are two key strategies in combating phishing and social engineering attacks - education and the use of an independent trusted channel," said Kok.
"It is important for end-users to be educated on the latest phishing and social engineering tactics to prevent them from falling into these perpetrators' traps," he added. "SingTel's e-mail to their subscribers is doing exactly that, which is definitely the right step forward in increasing consumers' awareness on the prevalence of such threats. The rule of thumb should always be to avoid divulging personal information of any sorts - be it credit card or identification details - to an unsolicited request. This means that one should ignore and not respond to such calls for personal information. If an individual is uncertain on how to act on the request, he/she should always verify through an independent trusted channel - that is, an alternate mode of communication that he/she knows is trusted. In the event of a similar incident, one can respond by calling the organisation's hotline to speak with a customer representative, rather than replying to the original contact channel."
Sign up for Computerworld eNewsletters.