5 Banking Scams Every DBS, OCBC, and UOB Customer Should Know in 2025.

Introduction

Banks in Singapore — DBS, OCBC, and UOB — are among the most trusted financial institutions in the city-state. However, fraudsters are constantly evolving their methods, using social engineering tricks, malware, fake websites, and even messaging apps to launch bank scams.

Even tech-savvy Singaporeans are not immune. In recent years, reports of DBS scams, OCBC scams, and UOB fraud cases have surged, showing that criminals will exploit any opportunity if customers let their guard down.

This guide highlights the five most common banking scams in 2025, explains how they work, the warning signs to look out for, and the steps you can take to stop them. We’ll also share what to do if you become a target — including how to contact the DBS scam hotline, the OCBC scam hotline, or the UOB fraud hotline, as well as the right Singapore government agencies for help.

Why Singapore Customers Are Targeted

Singapore is one of the most connected countries in the world, making it a prime target for bank scams and bank fraud. Criminals know that local customers are heavily reliant on digital banking, and they exploit this dependence in several ways:

• High mobile banking adoption: Most Singaporeans use mobile apps and PayNow for everyday transactions. While convenient, this makes it easier for scammers to launch attacks at scale.
• Fast payment systems: Instant transfers mean that once money leaves your account, it can be moved across multiple accounts in seconds, often before the victim realises anything is wrong.
• Social engineering tactics: Fraudsters take advantage of the trust people place in familiar branding. Fake SMS sender IDs, cloned bank websites, and official-looking forms are designed to trick even cautious customers.
• New scam channels: With the rise of generative AI, scams have become more sophisticated. Criminals now use voice cloning, realistic phishing emails, and highly personalised lures that appear genuine.

1. Deepfake “Bank Call” or Voice Phishing (Vishing)

How it works

Scammers now use artificial intelligence voice cloning to imitate a bank’s customer service officer — or even a relative’s voice. They call victims claiming that there is “suspicious activity” or that the account has been frozen. The caller then instructs the customer to scan a QR code, provide a one-time password (OTP), or install a remote access app to “resolve” the issue. Once the victim complies, the fraudster can authorise transfers, set up QR payments, or gain full access to the account.

Why it’s dangerous in 2025

Voice cloning tools are now capable of producing convincing speech patterns and emotional tones. Combined with caller ID spoofing, the number may appear to come from DBS, OCBC, UOB, or even the official Scam Response Centre. This makes customers far more likely to trust and follow the instructions.

Red flags to watch for

• The caller pressures you to act immediately, threatening account suspension or legal action.
• You are asked to share your OTP, DBS PayLah! or PayNow PIN, or to scan a QR code.
• The caller requests that you install a remote access or screen-sharing app.
• The call claims to be from a relative urgently needing money, but the story feels inconsistent.

How to protect yourself

• Remember: banks will never ask for your full OTP, internet banking password, or PIN. Treat such requests as scams.
• If a call claims to be from your bank, hang up and call the official hotline listed on the bank’s website or on your bank card.
• Never install remote access apps unless you are initiating a verified technical support session. Banks do not ask customers to install apps to fix account issues.
• Enable biometric login and two-factor authentication on all your banking apps.

If you are targeted

• Do not disclose any OTPs, PINs, or login details.
• Report the call to your bank immediately and block the number:
• DBS scam hotline: 1800 339 6963 (local), +65 6339 6963 (from overseas)
• OCBC scam hotline: 6535 7677 (local), +65 6535 7677 (from overseas)
• UOB fraud hotline: 6255 0160

File a police report using the Police@SG app or at your nearest Neighbourhood Police Centre. You should also report the case to ScamShield and Scam.SG.

2. QR Pay Swap and Fake PayNow/PayLah! Links

How it works

QR payments are everywhere in Singapore, from DBS PayLah! to PayNow QR codes and merchant displays. Fraudsters exploit this by creating fake QR codes or tampering with real ones, such as pasting stickers on storefronts or sending phishing emails that link to a fake payment page. Victims may receive an SMS or WhatsApp message asking them to “confirm a refund” or “claim insurance”. The link opens a page that looks almost identical to the bank’s PayNow flow and prompts the customer to scan a QR code or enter a code. Instead of receiving money, the victim authorises a transfer directly into the scammer’s account.

Why it’s dangerous in 2025

With Singaporeans increasingly accustomed to using QR codes for everyday payments and refunds, many scan without hesitation. The rise of deepfake tools and personalised phishing has made fraudulent PayNow and PayLah! pages look virtually identical to official bank websites, lowering customers’ guard.

Red flags to watch for

1. Messages from unknown numbers urging you to scan a QR code for a refund or to confirm a transaction.
2. QR codes pasted over posters, shop counters, or stickers in physical locations.
3. Website addresses that look suspicious or differ slightly from the official DBS, OCBC, or UOB domains, even if the page design looks authentic.

How to protect yourself

• Always double-check the PayNow or PayLah! recipient details before confirming a transfer. Verify the UEN, NRIC, or registered name if you are unsure.
• Use your bank’s mobile app to scan QR codes directly. Avoid scanning via your phone’s camera or a third-party app.
• If a refund or claim is offered, confirm it directly through the merchant’s official channel or by calling the bank’s hotline.

If you are targeted

If you have unknowingly transferred funds, contact your bank’s fraud hotline immediately and provide the transaction details as well as the scam link.

3. Government Impersonation and Fake “e-Services” Portals

How it works

Fraudsters send official-looking emails, SMS messages, or WhatsApp texts claiming to be from agencies such as IRAS, CPF, SingHealth, or MOM. They warn of outstanding fines, overdue tax refunds, or required verification steps. Victims are directed to a fake portal where they are asked to log in with SingPass or even their bank credentials. Some sites request one-time passwords (OTPs) or SingPass 2FA codes, which are then harvested and used to perform unauthorised bank transfers.

Why it’s dangerous in 2025

Many Singaporeans naturally trust government branding. Attackers exploit this by spoofing SMS sender IDs, copying government logos, and using formal legal language to pressure victims into acting quickly.

Red flags to watch for

• Messages demanding immediate payment via a link.
• Any “government” message that requests your SingPass login or bank OTP.
• Misspellings, suspicious numbers, or web addresses ending in .com, .xyz, or with long character strings instead of .gov.sg.

How to protect yourself

• Only use SingPass via the official website or the SingPass app. Government agencies will never direct you to private banking portals.
• Verify any message by calling the official hotline listed on gov.sg, not the number inside the suspicious SMS.
• Enable SingPass 2FA and biometric logins for added protection.

If you are targeted

• Report phishing websites to the Cyber Security Agency of Singapore (CSA).
• Contact your bank immediately if you believe your account details have been compromised.

4. Investment and “Wealth Advisory” Scams Using AI Pitches

How it works

Scammers pose as private bankers, wealth managers, or online “insiders”, offering crypto arbitrage schemes, FX trading bots, or exclusive investment “signals” that promise extraordinary weekly returns. Victims are approached on LinkedIn, Telegram, WhatsApp, or even dating apps. Using generative AI, scammers produce realistic-looking documents, fake certificates, and performance screenshots to appear credible. They then persuade victims to transfer money via DBS, OCBC, or UOB bank transfers, PayNow, or through fake investment portals. Once the funds are sent, they vanish.

Why it’s dangerous in 2025

AI allows scammers to forge convincing histories and tailor their pitch to individual targets. Some even use stolen images of genuine advisers to build trust.

Red flags to watch for

• “Guaranteed” or unusually high returns with little or no risk.
• Pressure to invest quickly to secure “exclusive” access.
• Instructions to transfer money to personal or overseas accounts rather than licensed platforms.

How to protect yourself

• Accept financial advice only from licensed professionals. Verify licences through the MAS Financial Institutions Directory.
• Avoid making investments through unregulated websites or individuals who request direct bank transfers.
• Always double-check documents independently and, if in doubt, seek advice from a regulated financial institution.

If you are targeted

• Stop transferring funds immediately and alert your bank through the scam hotlines.
• Gather evidence (screenshots, chat logs) and file a report with the Monetary Authority of Singapore (MAS) and the police.

5. Account Takeover via SIM Swap, eSIM Porting, and SMS Interception

How it works

Scammers trick mobile operators into porting a victim’s phone number to a new SIM or eSIM. Once they control the line, they intercept OTPs, reset passwords, and log in to bank accounts or PayNow. Increasingly, fraudsters combine stolen personal data with convincing stories to manipulate telco staff into approving the transfer.

Why it’s dangerous in 2025

With many services still relying on SMS-based 2FA, a SIM swap can bypass even strong bank security systems, giving criminals direct access to accounts.

Red flags to watch for

• Sudden loss of mobile signal and an inability to receive SMS messages.
• OTPs arriving for actions you never initiated.
• Alerts from your bank about device changes or suspicious logins.

How to protect yourself

• Use app-based authenticators or hardware tokens for 2FA instead of SMS codes.
• Add a security PIN to your telco account and request a porting lock if available.
• Enable login alerts in your banking apps and review linked devices regularly.

If you are targeted

• Contact your telco immediately to freeze your number.
• Notify your bank, reset your credentials, and request a freeze on high-risk transactions.
• File a police report and raise the incident with the IMDA if the telco response is unsatisfactory.

Practical Steps Every DBS, OCBC, and UOB Customer Should Take

1.Update contact methods and security settings

• Register a unique mobile number and email for your bank.
• Enable biometric logins and set transaction alerts.

2.Use only official apps and sites

• Download DBS, OCBC, and UOB apps from the Apple App Store or Google Play Store.
• Bookmark official bank websites instead of clicking on links.

3.Verify before you act

• Hang up on suspicious calls and dial the DBS scam hotline, OCBC scam hotline, or UOB fraud hotline directly.
• When in doubt, visit a physical branch for sensitive matters.

Keep devices secure

• Update your operating system, apps, and anti-malware tools regularly.
• Be cautious with personal data
• Avoid uploading NRICs, bank statements, or SingPass screenshots to unknown sites.
• Share sparingly on social media to prevent scammers from profiling you.

Know where to report

Police: dial 999 in emergencies or use the Police@SG app.

ScamShield: block and report scam numbers.

Scam.SG: report the incident to build awareness within the community

CSA: report phishing websites or cyber incidents.

Bank hotlines: act fast to request freezes on compromised accounts.

• DBS scam hotline: 1800 339 6963 (local), +65 6339 6963 (from overseas)
• OCBC scam hotline: 6535 7677 (local), +65 6535 7677 (from overseas)
• UOB fraud hotline: 6255 0160

What Banks in Singapore Are Doing

DBS, OCBC, and UOB continue to strengthen their anti-fraud defences. They employ AI-driven transaction monitoring, behavioural analytics, and industry-wide watchlists. The banks also work with MAS, CSA, and local telcos to clamp down on SIM-based scams and coordinate real-time alerts.

Still, technology alone is not enough. Since most scams exploit human trust, customer awareness remains the most powerful line of defence.

Quick Reference: One-Minute Action Guide

1. Never share OTPs, PINs, or passwords.
2. Hang up and call your bank using the official hotlines.
3. Avoid scanning unknown QR codes or clicking unverified links.
4. Switch to app-based 2FA where possible.
5. Report scams promptly to the police, CSA, ScamShield, Scam.SG and your bank

Conclusion: Stay Smart, Stay Safe, Stay Vigilant with Scam.SG

Fraudsters will keep refining their tactics, from deepfake calls to fake portals and QR scams. For DBS, OCBC, and UOB customers, the best protection is vigilance. If something feels suspicious, pause and verify. A few minutes of scepticism could save you months of stress and financial loss.