Phishing is when a person with malicious intent fake an urgent email to invite existing users to login to a fake website that they have created and steal their information.
DCS Phishing Email
An ongoing phishing campaign is targeting DCS Cardmembers. In this campaign, an email will be sent to DCS Cardmembers, informing them that some suspicious activities are going on in their account and need to secure their account by clicking on an URL inside that email; otherwise the account will be suspended or de-activated.
This URL brings customers to a phishing website designed to steal customer IDs, passwords, credit card details and contact information. A sample of the phishing email and website is provided for reference below.
Please protect yourself from this!
DCS Cardmembers are reminded to refrain from providing any confidential information. Please take note:
- Do not download or open attachments in suspicious emails.
- Never reply to unsolicited emails.
Always type in the URL of DCS website directly into the address bar of your browser, and check that the website you are accessing is valid DCS websites:
- DCS - dinersclub.com.sg or diners.com.sg or dcscc.com
- Diners Club International - dinersclub.com
- Call us immediately at 6571 0128 (office hours) or 6416 0900 (after office hours), if you notice unknown transactions appearing on your account.
- Always review the SMS alerts from DCS and call us immediately if you receive any suspicious SMS.
- Always protect your computer by using an anti-virus software and keep it updated with the latest anti-virus signature and operating system/software patches.
- Learn how to differentiate a fake/phishing website from a legitimate one with the following quiz: https://www.opendns.com/phishing-quiz/.
Sample of the Phishing email
You can see when you hover over the button, the link shows dlnerclub.com.sg/login instead of dinersclub.com.sg/login.
If you look closely, its a lower case L instead of an i in the link.(You can hover over the image to zoom in)
Note that the email that is sent from is a fake Diners Club email address. The real email address would end with "XXXX@dinersclub.com.sg".(You can hover over the image to zoom in)
Sample of a Phishing website
Even after u have clicked on the button of the malicious email, u should check the url bar at the top of your browser to make sure it is the right Diners Club website even if the redirected website looks identical to the real one.
One best practice is to just type in the url yourself.(You can hover over the image to zoom in)