Security Alert - Fake StarHub Website to Steal Login Credential and Password
We have been alerted by the Police that multiple reports have been lodged by StarHub customers that a phishing email containing link to a FAKE StarHub’s website requesting for customers to provide their Hub iD, password, and credit card credentials. Below is the screenshot of the phishing email that you shouldn’t click.
If you do click on the ’Refund Now’, it will direct you to the following page that looks similar to the StarHub’s My Account page. Although the outlook of the website is similar to StarHub’s My Account page, it is not an official StarHub website.
Upon entering your Hub iD and password, you will be prompted to enter your credit card details in another webpage in order to ‘claim for your refund’. As a result of that, your information would be captured by the scammers. Multiple reports from Police highlighted that the credit card details obtained were charged for overseas transactions.
How to identify a spoofed website?
How to identify a legit website ?
What else should you do? Stay CALM:
Phishing emails trick successfully either by appearing unsuspecting or by triggering impulsive behaviour.
Although StarHub has taken swift actions to remove the unsafe sites, there could be new unsafe sites appearing in the future to phish for sensitive information. You may refer to the tips below:
- StarHub will never get our customers to enter their credit card details into a website to get a refund. If you have somehow overpaid your bills in a certain month, the amount would be used to offset the payment for the following month.
- For customers who have terminated their accounts and awaiting any bill payment refund, StarHub would be in contact with the customer to confirm mode of refund.
- To check your bill, outstanding balances, or update personal details such as address and credit card details, please always log in to My StarHub App.
- Check the sender email address, email-content facts and URLs (mouse over it) – if unsure, do NOT click on URLs or attachments. This check saves you from repairing potential damage caused by a careless click of a malicious URL or attachment.
- If asked for confidential or personal information, clarify with StarHub – however, do NOT use the requesting email’s contact channels.
- Most importantly, if you are doubtful about the source/person requesting for your personal details, do not release any information, and contact StarHub immediately to verify the authenticity of the request and report any suspicious activity. To report any phishing or scam activity, please send an email to email@example.com.
How to identify a phishing email?
Image credit: Cyber Security Agency of Singapore