Link share

POSB Scam asks customers to take a ‘survey’ via phishing link, bank says email not legit

New POSB email phishing scam promises cash reward or airline miles

It seems like a new scam is popping up almost every day in Singapore, especially those related to banks.

The dust had barely settled on the OCBC banking scam earlier this year when DBS Bank reported an SMS phishing scam targeting its customers.

A month later, POSB customers were again targeted by a scam, this time via email.


It tells recipients to click a link to take a survey, but the email is not legitimate, the bank warned.

Beware of phishing emails

DBS alerted the public to the latest scam in a Facebook post Friday, February 25, warning of a phishing email.


The email contains a clickable link to a “POSB-PAssion Rewards 2022!” survey, and promises a possible cash reward at the end of this “survey”.

This is do not a legitimate email from POSB, the bank said.

Is from a non-DBS/POSB email address

The phishing email, which was seen by MS Newscame from a sender named “PAssion POSB”, probably intended to trick recipients into thinking it had something to do with the PAssion card.

He also had the vague subject “Congratulations!” Customer Satisfaction Survey”.

Screenshot of the phishing email

However, a telltale sign that all is not well is that the sender’s email address has nothing to do with DBS/POSB.

Instead, it had the “.jp” domain assigned to Japanese websites.


Although the content of the email even had the PASsion Card logo, it was riddled with grammatical errors – another sign that it is questionable.

The email said the recipient had been “selected” as one of 500 “lucky customers” to take part in a survey.

To lure the victims, he also stated that they would get $110 after completing the “survey”.

The link redirects to the phishing site

In another notice on its website, DBS said those who clicked on the link would be directed to a website that looks like somehow as a legitimate investigation.

However, the website address will not be a valid DBS/POSB address.


If that doesn’t set off alarm bells in your head, it surely should: the site will ask for personal information such as date of birth, mobile number, and Credit Card Number, including expiration date and CVV.


Do not, we repeat, do not provide this information.

If you do, the next page will then ask you for an SMS one-time password (OTP), according to DBS. This is disguised as a way to send the customer a “reward” in the form of 3,000 airline miles or $110.


“The scammer will exploit the stolen information to perform unauthorized card transactions,” DBS said.

So, customers who have provided their personal information, including card details, to the website should contact the bank immediately.

They can call its anti-fraud hotline at 1800-339-6963, which operates 24/7.

No clickable links will be sent

DBS stated that they and POSB, which they operate, do not send emails/SMS to customers with clickable links, in line with new security measures rolled out in January.

Knowing this, customers should go directly to the bank’s website to verify any bank request or offer.

Also, DBS and government officials will never ask for information such as card details, CVVs, OTPs, or digital token endorsements.

Customers should therefore not disclose this information to unverified sources and avoid calling phone numbers, clicking on links or scanning QR codes in unsolicited emails, text messages or messaging apps.

Share scam prevention tips with friends and family

With the recent spate of scams that have wiped out hundreds of millions of unsuspecting victims, it’s important to keep up to date with the latest scams in town.

So, be sure to also teach your friends and family, especially those who are not digitally savvy, how to protect themselves.

While we can always count on law enforcement to back us up, the public must also play their part in staying vigilant and not falling for scams.

Do you have news to share? Contact us by email at [email protected]

Selected images adapted from Google Maps and DBS.