Phishing Security Advisory: Awareness and
As part of
our ongoing efforts to safeguard our customers against the
potential financial gains or identity theft by fraudsters
through use of "Phishing" AIA intends to educate and bring
about security awareness of "Phishing"
What is Phishing?
Phishing (pronounced "fishing")
is a technique used by fraudsters to obtain sensitive personal
information such as your account details, PIN, credit card
number, user ID or password through the Internet. Once such
sensitive information is obtained from you, the fraudsters
will access your account to perform illegal or fraudulent
What are the tell tale signs?
Typically, it can
be seen as a form of social engineering technique used by
fraudsters in exploiting human weakness into believing!
Many tricks are involved in phishing scams. The most
common method is sending you a spoofed email purporting to be
from your bank, credit card company or service provider and
asking you to "confirm" your personal information for some
unforeseen reasons. Typically, the email will contain a link
to a phony website that looks near-replicas of the real one,
making it hard even for experts to differentiate between the
real and phony websites. Once you divulge your personal
information via the links embedded within the email to the
phony websites, you would have fallen victim to the phishing
Worse still, some emails contain viruses, worms
or Trojans, which will allow fraudsters to monitor your every
keystroke and capture your personal information and then
The email will usually use one of the
following tactics to trick you into acting on their
- "Your account is currently being updated as we are
introducing a new security system. Follow the instructions
below to reactivate your account."
- "Your credit card is the subject of a police
investigation for fraud. Please follow the instructions
- "Our records indicate that payment for your Internet
account is due. We are also currently introducing a new
e-payment service. Please follow the instructions below."
- "You are the lucky winner of our lucky draw. Please
submit your credit card details so that we can verify your
The following are examples of the
instructions you may be asked to follow:
- "Please provide a return email with your account
details, PIN or credit card number. We will reactivate your
account as soon as we receive your email."
- "Please click on the hyperlink below to update your
- "Please click on the attachment below. This will
automatically generate an alert on our side. We will update
your account and inform you."
|How do you protect yourself?
- Always enter the full AIA website address into your
browser address bar. Do not click on embedded links within
emails that seeks disclosure of personal information from
- If you are accessing AIA online applications over the
Internet, look for a padlock icon at the bottom right of the
web browser and click on the padlock to check the domain name
in the digital certificate. Only enter financial or personal
information on a secure website.
- Be alert of "phishy" emails pretending to be from a
legitimate source seeking to "confirm" your personal
information. Your Financial Institution should never send you
emails asking you to divulge any confidential or personal
information. Contact the purported sender by means other than
email to confirm the authenticity of the message.
- Never enter your personal information in a pop-up screen
even if it seems to be coming from the real website. You
should never reveal your PASSWORD to anyone nor should your
Financial Institution should ever ask for your PASSWORD for
- Beware of "pharming" which is the latest version of online
ID theft through which a virus or malicious program is
secretly planted in your computer and where your web browser
is hijacked. Protect your computer with anti-virus,
anti-spyware, spam filters and a firewall and keep them
- Know that phishing can also happen by phone. If someone
contacts you and says you have been a victim of fraud, always
verify the person's identity before divulging your personal
- Report if you are a recipient of a phishing scam and Act
immediately if you have been hooked by a phisher!
Where do you go for help?
If you have reasons to
believe that the phisher was impersonating or you have fallen
victim to phishing, you can report to our AIA Customer Care
Hotline at 1800 248