Customer Education and Online Security
Social engineering
A technique to trick users into performing actions such as clicking a link or opening an attachment or revealing sensitive or personal information. It often involves pretending to be a trusted entity and creating a sense of urgency, like threatening to close or seize a victim's bank or insurance account and many more scenarios evolving.
Attacker use of fake news articles to trick victims into clicking on a malicious link. These links often lead to fake websites that appear legitimate but are run by attackers who may try to install malware or present fake "virus" or “reward” notifications to the victim.
Phishing by emails
Often delivered via email spam, attempt to trick individuals into giving away sensitive information or login credentials. An attack can involve sending fraud emails or messages that appear to be from a trusted source, such as a bank, Insurance Company or government agency. These messages typically redirect to a fake login page where the user is prompted to enter their login credentials.
Phishing by Voice
In vishing or voice phishing attacks, where attackers make automated phone calls, often using text-to-speech synthesizers, claiming fraudulent activity on their accounts. The attackers spoof the calling phone number to appear as if it is coming from a legitimate bank, Insurance Company, government agency or an institution. The victim is then prompted to enter sensitive information or personal information, or login credentials including One-Time-Password (OTP) or connected to a live person who uses social engineering tactics to obtain information.
Phishing by SMS
SMS phishing or smishing is a type of phishing attack that uses text messages from a cell phone or smartphone to deliver a bait message. The victim is usually asked to click a link, call a phone number, or contact an email address provided by the attacker. They may then be asked to provide personal information, such as login credentials for other websites.
- Do not click on URLs in unsolicited emails and text messages.
- Be careful when picking up calls, especially if you are not expecting any overseas calls and +65(Singapore numbers).
- Do not share personal particulars, banking and credit card details to anyone without verification.
- Never share your OTPs with anyone. If in doubt, speak to someone in person you trust to seek a second opinion.
- DirectAsia will not ask you for your personal details or bank transfers or credit card information through robocalls (automated voice machines).
- Hang up immediately if the caller cannot identify themselves properly.
Always verify the authenticity of the information or request through:
- DirectAsia official websites
https://www.directasia.com for Singapore
https://www.directasia.co.th for Thai or
https://www.directasia.co.th/en/for English - Call the DirectAsia hotline (+65 6665 5555)
- Send us an email
DirectAsia always uses HTTPS:// protocol for policy information and ensure that communications are encrypted from the browser to the website’s server. A closed padlock next to the URL or click (circles & lines) Icon the on the left of the address bar to “view site information” to ensure the connection is secure and certificate is valid.
- DirectAsia official websites
- Always type the organisation's official web address into your web browser to ensure that you are at the DirectAsia official website.
- Always access your account through the official DirectAsia website “My Account” or “Agent Login”.
- Use two-factor authentication (2FA) for you to login to view your accounts or policy information.
- Secure your browser
- Disable autofill on your browser.
- Disable saved passwords on your browser.
- Use a strong anti-virus that has a browser protection.
- Update your browser, when a security patch is released from respective vendors.
- Clear your cache: For desktop browsers, a quick shortcut-key to clear your cache, cookies, and history, ensure that the browser is open and selected, and press Ctrl-Shift-Delete (Windows) or Command-Shift-Delete (Mac).
- Secure your computing device
- Keep a strong password to your computer or tablet. As a general practice, your passwords should consist of a complex mixture of lower- and upper-case alphabets, numbers, and special characters/symbols. Keep changing your passwords every few months.
- Use anti-virus software provide only by trusted vendors and always purchase a paid license as it offers more security than the free ones.
- Update the software regularly whenever update patches are available for your computing device.
- Avoid using public internet or Wi-Fi as a general precautionary measure.
Learn more about the latest types-of-scams in Singapore and take a quiz to find out if you stand a chance against scammers.