Singapore Airlines and DBS Bank customers have been warned of two convincing new phishing and vishing campaigns designed to harvest their credit card details.
The Asian airline claimed in an advisory this week that fraudsters are sending messages and emails and even calling individuals, tricking them into believing they’ve been selected for a draw or have won air tickets.
The next stage in the attack is to request personal and financial information, either via a convincing-looking ‘Singapore Airlines’ website or over the phone.
The airline added:
“To appear more authentic, such callers are also able to modify their caller ID to imitate our official telephone numbers.
Singapore Airlines advises recipients to exercise discretion when revealing personal data to unverified sources. Recipients should verify such emails and phone calls if they have any doubts, as well as lodge a police report.”
DBS customers have also been on the receiving end of phishing emails recently which claim they’ve been locked out of their account after multiple failed log-ins and need to provide personal information to rectify the situation.
The bank is also one of the 2,200 targeted by the gang behind the newly discovered Catelites Android malware — designed to harvest banking log-ins and spread through malicious apps, malvertisements and phishing pages.
Eyal Benishti, CEO of security vendor IRONSCALES, argued that phishing scams can also affect organizations if employees click on malicious links or open malware-laden attachments.
“Organizations must work to help end users in their workforce be able to spot these kinds of emails that are delivered into the inbox, before they become a problem,” he added.
“This means employing mailbox-level detection that tracks user behavior analysis to build a picture of what is deemed normal behavior so that anomalies in communications are easily spotted and automatically flagged as suspicious, in tandem with providing a mechanism for employees that do spot something amiss in a message to report their findings via in-mail alerts.”