Singapore Anti-Scam Banking Guide

Subtitle: A practical playbook for safer everyday banking
Last updated: 26 Aug 2025

What this page covers
How to reduce the risk of scams across mobile and web banking in Singapore, what to set up today, and exactly what to do if you think you are being targeted. This guide is educational; follow official instructions from your bank and authorities.

If you think you are being scammed right now (90-second checklist)

1. End the conversation. Hang up or stop chatting. Do not click links or grant remote access.
2. Lock your money and cards. Use in-app “card lock,” “money lock,” or “kill switch” features; lower transfer limits to near-zero.
3. Contact your bank using an official number or the in-app channel. Explain “suspected ongoing scam” and request urgent measures.
4. Preserve evidence. Screenshots, phone numbers, email headers, transaction IDs.
5. Report the case through official channels (police e-services/anti-scam resources) and follow the instructions you receive.
6. Change passwords on email, bank, and telco accounts; check for SIM-swap activity and disable call-forwarding.
7. Tell close contacts not to act on unusual messages “from you.”

Default safety settings to set today
• Device hygiene: update OS and apps; disable sideloading and unnecessary permissions; install from official stores only.
• Bank-app controls: enable login and transaction alerts; set daily limits; enforce delayed activation for new devices and new payees.
• Locked savings: segregate funds into “locked” pockets or fixed deposits; keep only a small spendable balance in the main wallet.
• Whitelists: allow transfers only to trusted payees; require extra steps for first-time payees.
• Two-factor authentication: use strong passwords and change them after any suspicious event; enroll in biometric + OTP where offered.
• PayNow/FAST: verify the recipient name and the proxy before sending; start with a S$1 test for new payees.
• Network caution: avoid banking over public Wi-Fi; if needed, use cellular data or a reputable VPN.

For SMEs and finance teams
• Segregate duties (maker-checker); require dual approval for new payees and large amounts.
• Use role-based access and IP/device restrictions where available.
• Maintain an approved payee list with periodic review; block ad-hoc international transfers by default.
• Train staff to spot invoice-change fraud and fake domain names; rehearse an incident plan quarterly.
• Keep a separate “treasury” account that is not used for day-to-day email-driven payments.

Common scam scripts (recognize the pattern)
• “Bank or police” urgent call asking for your OTP or to install a helper app. Real banks and authorities do not ask you to reveal OTP or install unknown software.
• “Investment” with guaranteed returns and fast withdrawals. Demands to move money to a personal account or to a platform you cannot independently verify.
• “Job/refund” offers requiring you to pay a fee first or “verify” by small transfers that gradually increase.
• “Parcel/tax” messages with links to pay customs or penalties on short deadlines.
• Romance or friend-in-need stories that escalate to requests for money or accounts.

How banks will (and will not) contact you
• They will not ask for OTPs, full card numbers, or remote-access installs.
• They may send service messages through official app, SMS sender IDs, or email domains; still, do not click links—open the app directly.
• If a message pressures you to act immediately, treat it as a red flag and verify via official channels.

If funds have already been transferred
• Act within minutes. Contact your bank to request transaction holds or recalls where possible; provide details fast.
• File an official report; keep your case number and share updates with your bank.
• Understand the limits: instant transfers may be irreversible; recovery depends on the receiving bank and the speed of action.
• After the event, review device security, reset credentials, and consider freezing credit where applicable.

Travel and shared devices
• Use temporary limits and travel notices; avoid logging in from shared or kiosk devices.
• Log out after use; clear app tokens if a phone is sold or repaired.

For families and caregivers
• Keep a printed “safety card” with the official bank contact method and a short checklist (lock, call, report).
• Set up alerts on a trusted relative’s phone for elderly users, with consent.
• Consider whitelisting only a few payees and using locked savings for the rest.

Building a resilient routine (monthly)
• Reconcile statements; check that alerts still work.
• Review trusted-payee lists and remove stale entries.
• Refresh device OS and banking apps; re-scan permissions.

FAQ：
Q: Are “money locks” foolproof?
A: No, but they buy time and add friction at critical moments. Use them with limits, alerts, and safe-device habits.

Q: Should I keep all funds in a digital bank?
A: Diversify. Keep emergency funds locked; maintain a second account for redundancy.

Q: Can banks or authorities always get my money back?
A: Not always. Prevention and speed are more reliable than post-event recovery.

Bottom line：
Turn safety into defaults, not wishes. Use locks, limits, and alerts; keep documents tidy; practice the 90-second response.

Next steps：
• Enable your bank’s lock/limit features today.
• Print our one-page “Emergency Checklist” for your wallet or office.
• Share this guide with family or your finance team.

About the Author

Helen Lili – Editor, Research Lead
Helen leads tariff analysis and product change tracking. She maintains the normalized dataset that powers our comparison tables and ensures each claim links back to a dated primary source. Read more articles