Dotted image

Security

ALERTS

Dotted image

How to safeguard yourself

 

The first step to safety is prevention. That’s why we’ve put some safeguards in place to alert and reduce the chances of you being affected by phishing attempts. Amidst the increasingly sophisticated phishing attempts, we’re partnering with relevant authorities to take down scam sites and associated mobile lines where possible.

Here are some tips to help you spot signs of phishing:

Don’t be fooled by urgent language

Be wary of phrases that plead for assistance and/or invoke a sense of fear, urgency, or curiosity, such as ‘urgent action required’ or ‘your account will be terminated’. This is likely a phishing attempt to steal your confidential information.

Look out for fraudulent domains

  1. Check the browser link address. Verify the URL before clicking or logging in.
  2. Malicious websites may look identical to our M1 website. Pay attention to any misspelling, substitution of letters, and/or deliberate shifting of the “domain” to other parts of the URL. Our official domain and sub-domains include:
    https://www.m1.com.sg
    https://shop.m1.com.sg
    https://onelogin.m1.com.sg
    https://m1info.m1.com.sg
    https://Mindy.m1.com.sg
    https://mcardaccount.m1.com.sg
    https://m1fonecare.asurion.com
    https://survey.m1.com.sg
  3. Ensure prefix “https://” is included.
  4. Check that you are using the official M1 website. To do this, go to the address bar of your web browser and look for the “lock” icon. When you click on the icon, a new window should appear confirming that Entrust has identified that the certificate is issued to M1 Limited.
  5. In some cases, we have seen convincing URLs being masked and will redirect you to a malicious website. To determine if a link is reliable:
    ▪ On desktop computers, hover your mouse cursor over the link to view the full URL.
    ▪ For mobile devices, hold your finger down on the link until a window pops up and shows you the full URL. Please note that some mobile devices might not have this function. In which case, you can still copy and paste the link into your browser to verify the domain.

Spot the spoof

One of the most common trickery in email and SMS spoofing is the forging of display names (i.e. M1 e-bill, M1 Refund, M1 Customer Service, etc) and email addresses.

We have seen email addresses ending with our domain “@m1.com.sg”. The way to identify if an email is legitimate is by reviewing every component of the email in totality (i.e. display name, email address, URL links, email tonality, spelling errors).

Avoid opening attachments

By opening an attachment from a phishing email, you could install malware, virus, spyware, or ransomware that would steal your data. These malicious programs run behind the scenes, so you wouldn't know it is there. As a general rule of thumb, open attachments only if you have expected them and if they are relevant to what you are doing.

Think again when receiving calls with ‘+’ and ‘+65’ prefix

Practise discretion when receiving calls with ‘+’ and ‘+65’ prefix. We have worked closely with IMDA on sector-wide security measures such as blocking commonly spoofed numbers and prefixing all incoming international calls with "+65" to alert the public to potential scam calls. If you receive suspicious unsolicited phone calls or automated voice messages, hang up immediately and do not provide or share personal details and passwords with unknown callers.

No more Bitl.y links

Bit.ly links will no longer be used in any of our communications mediums such as SMSes or social channels, etc. To verify URL links, ensure that the official domain and subdomain are from M1.

Think before you scan that QR code

Recent scams have exploited QR codes, which can appear in emails, flyers, posters, etc. Scanning the bogus QR codes may not harm your device but may lead to a malicious website that will request for your bank account, credit card or other personal or confidential information.

Reject requests for confidential information

We will never ask you to reveal sensitive personal data, debit/credit card details, passwords, or validate your account over email or SMS. Neither will we notify you to submit request for a refund. Any credit balance from your last billing cycle will be rolled over to offset payment for subsequent bills.

Please be cautious and protect yourself from such phishing attempts. When in doubt, please do not hesitate to contact us to verify the authenticity of such emails and requests.

Protect yourself with ScamShield app

ScamShield is available on all iOS devices and can be downloaded for free. The app is jointly developed and managed by NCPC, OGP and SPF, and helps to block unsolicited incoming calls and text messages. Visit https://www.scamshield.org.sg/ to learn more.