In early 2026, Singapore saw a sharp rise in a new phishing scam targeting DBS/POSB customers. The Singapore Police Force reported that at least 72 individuals had fallen prey to the scam since January, losing at least $484,000 combined. What makes this scam particularly dangerous is its reliance on three things, your trust in the bank, your ignorance of banking tools, and your willingness to avoid short-term inconvenience.
Read Also: How The Johor-Singapore Housing Subsidy Scam Works And How To Avoid Falling For Similar Online Scams
How the DBS/POSB Phishing Scam Works
In this new type of scam, victims receive emails claiming their digital or physical banking token has expired and requires immediate updating. The email contains an embedded link that directs users to a fraudulent website that appears identical to DBS/POSB’s official login page. Victims then unknowingly enter their banking credentials, card details, and One-Time Passwords (OTPs) into this fraudulent website, in order to “activate” or “update” their digital token.
Using the stolen information provided by the victims, the scammers make unauthorised foreign currency transactions (e.g., EUR, SAR) and other unauthorised activities, draining accounts without the victim’s knowledge.
Screenshots provided by DBS/POSB show why this scam is so convincing. The scammers were able to emulate the look of an official bank email.
Source: DBS
Beyond imitating a trusted institution such as DBS/POSB, which is the largest bank in Singapore, with millions of customers, scammers also relied on the ignorance of potential victims.
Firstly, since 2021, DBS/POSB has phased out physical tokens in favour of digital tokens. Secondly, digital tokens do not expire. Finally, since 2022, emails and SMS messages from banks have not contained embedded clickable links, precisely to avoid such phishing scams.
If you suspect you’ve been scammed or have revealed your DBS/POSB banking credentials to anyone, then change your PIN and call DBS’ dedicated fraud hotline at 1800-339-6963 or 6339-6963 immediately. You may also use the bank’s Safety Switch, that you can acces through the fraud hotline’s automated phone system, to temporarily block access to your funds.
What We Can Do To Protect Ourselves From Similar Online Scams
Scammers tend to prey on how much Singaporeans trust established institutions. It’s always good to have a healthy scepticism when viewing what appears to be an official email or SMS, and to check such information against official sources, including the ScamShield Helpline (1799).
Most of all, it is crucial that we do not provide any personal information, especially our banking details, credit card information, or OTPs, to anyone. We should also be more vigilant against unknown persons, or people whose identities are not verified.
If you suspect you have been the target of a scam, you can report it to the Police by calling the Police Hotline at 1800-255-0000 or submitting information online via the Police website.
Read Also: 5 Types Of New Scams Singaporeans Need To Be Careful To Avoid
