How to Protect Yourself from Phishing Attack and Scammers

It was the early 2000s, and you would open your e-mail and see that some stranger with only a couple of days to live had decided to hand their massive inheritance to you.
For many people, this is what they imagine when they hear the word ‘phishing.’ In today’s world, the idea of such pursuit might seem laughable and sound like a rather uncreative effort of fraud. These e-mails would typically invite a couple of eye rolls if not end up in your spam box. However, scammers’ strategies in stealing your data and wealth have developed throughout the years. Thus, making users—even ones that are naturally skeptical—fall into the trap of these criminals.
This situation is best illustrated in the latest case in Singapore that befalls a handful of OCBC customers whose money was wiped clean by scammers who managed to spoof a message from OCBC. This caused the customers to give away their OTP number, which allowed scammers to rummage through their bank account. This case has proven that scammers have found ways that might seem harmless when trying to deceive people.
Understanding that we have to be prepared for the chance of encountering a phishing attack, we have gathered several tips and tricks on how to avoid falling victim to scammers.


 1. Check your address bar in your browser:

The address bar should always contain the exact website you are going for. For example. How URLs work is always end to beginning, so first, you have the extensions:
Then, the domain name, which in this case would be ForBis, and then you have subdomains that come after the initial domain name. For instance:
                        ibanking       : subdomain
                        forbis            : domain
                        .com              : extension
There are infinite subdomains that can exist, so you may find addresses that scammers normally use to extract your sensitive data that imitates the legitimate website with the ones that sound similar. For example, they would send you the link such as:
It is crucial for you to pay attention to the addresses that are directed to you. If for some reason you don’t trust the domain name or you don’t know the real address to the website, the first thing you can do to make sure that the address is legitimate is by searching the website’s login page on your search bar. You can also use any usual method, such as your mobile app to log in. Alternatively, you can call your bank or service provider to check it.


2. Check for the HTTPS (SSL) certification
This can be done by ensuring that the lock symbol in your address bar is present when visiting a site. You can then click on the lock symbol and click ‘Show Certificate’. By performing this, it will show you the actual domain registered to the certificate—remember, one part can only have one certificate.
3. Link shorteners
Most service providers do not use external link shorteners and will use their own. For instance: and not, which leads you to a site that looks like the service provider’s site.


4. Never provide your OTP to anyone else, even if the person is your friend or family.
The phishing sites will usually pretend to request your OTP, however, kindly note that if you had done steps 1 – 3, you would have checked whether or not the site is legitimate.
What else should I do to avoid scammers?
In this digital age, online fraud has become a shared problem in the community. For that reason, we can never be too careful in making efforts to protect our sensitive data. It would make sense that the best shield in facing the negative side of technological advancement—in addition to the establishment of solid technological infrastructure—would be digital literacy and awareness. It is highly recommended that users change their password once in a while, ensure that personal information like banking details and passwords are kept secret from any parties, and contact customer service should they find anything suspicious.