How to safeguard yourself
The first step to safety is prevention. That’s why we’ve put some safeguards in place to alert and reduce the chances of you being affected by phishing attempts. Amidst the increasingly sophisticated phishing attempts, we’re partnering with relevant authorities to take down scam sites and associated mobile lines where possible.
Here are some tips to help you spot signs of phishing:
One of the most common trickery in email and SMS spoofing is the forging of display names (i.e. M1 e-bill, M1 Refund, M1 Customer Service, etc) and email addresses.
We have seen email addresses ending with our domain “@m1.com.sg”. The way to identify if an email is legitimate is by reviewing every component of the email in totality (i.e. display name, email address, URL links, email tonality, spelling errors).
By opening an attachment from a phishing email, you could install malware, virus, spyware, or ransomware that would steal your data. These malicious programs run behind the scenes, so you wouldn't know it is there. As a general rule of thumb, open attachments only if you have expected them and if they are relevant to what you are doing.
Practise discretion when receiving calls with ‘+’ and ‘+65’ prefix. We have worked closely with IMDA on sector-wide security measures such as blocking commonly spoofed numbers and prefixing all incoming international calls with "+65" to alert the public to potential scam calls. If you receive suspicious unsolicited phone calls or automated voice messages, hang up immediately and do not provide or share personal details and passwords with unknown callers.
Bit.ly links will no longer be used in any of our communications mediums such as SMSes or social channels, etc. To verify URL links, ensure that the official domain and subdomain are from M1.
Recent scams have exploited QR codes, which can appear in emails, flyers, posters, etc. Scanning the bogus QR codes may not harm your device but may lead to a malicious website that will request for your bank account, credit card or other personal or confidential information.
We will never ask you to reveal sensitive personal data, debit/credit card details, passwords, or validate your account over email or SMS. Neither will we notify you to submit request for a refund. Any credit balance from your last billing cycle will be rolled over to offset payment for subsequent bills.
Please be cautious and protect yourself from such phishing attempts. When in doubt, please do not hesitate to contact us to verify the authenticity of such emails and requests.