Notices

Read about these for a smoother and safer trading experience.

notices

Security Alert: Phishing & Smishing Scams

IMPORTANT NOTICE:
Lim & Tan Securities ("LTS") does not send clickable links in our SMS to clients. LTS will never ask you to key in your Login ID, Password or SMS OTP via a link sent in a SMS or email.

If you receive any such SMS or emails, or suspect the SMS and/or email is a scam, please inform your Remisier/Online Dealer/Mobile Dealer immediately. Alternatively, you can also contact our Reporting Hotline via email online@limtan.com.sg or call 6799 8181.

For our website, the URL of our login page is "trade.limtan.com.sg/login". Do not key in your Login ID, Password or SMS OTP to any other web page with a different URL.

For our mobile trading apps, please ensure these are downloaded from the official Play store (For Android) or App store (For Apple iOS). Please only key in your Login ID, Password or SMS OTP to the mobile apps downloaded from these only.

Please be informed that there are fraudulent emails and websites to mislead customers into disclosing their confidential personal account information such as Usernames, Login IDs or Passwords. This scam is known as "phishing".

The common techniques used, but not limited to, the following:
• False domain names which appears similar to the real financial institutions;
• Use of false e-mail addresses, logos and graphics to mislead customers into accepting the validity of such e-mails; and
• Use of hyperlinks and embedded forms in false e-mail addresses and websites to request for personal and confidential information.
• Never reveal your Login ID or Password to anyone. Should you receive any suspicious e-mails or require verification to the authenticity of such e-mails, please contact our Reporting Hotline at 6799 8181.
• Be alert to any e-mails purporting to request for personal sensitive account information. Be sure to contact our Reporting Hotline at 6799 8181 for further clarification.

What is Smishing?
"Smishing" is a mobile phishing attack that targets victims via the SMS messaging channel by luring victims into revealing sensitive information by disguising as a trustworthy organization or reputable person in a fraudulent text message.

The smishing text message, typically contains a link to a fake website that looks identical to a legitimate site, asking the victim to enter their account or personal information. In addition, Smishing is also used to distribute malware and spyware through links or attachments within the SMS.

In a recent SMS phishing campaign, the attackers have masqueraded as an FI by sending fraudulent SMS messages to some of the FI's customers using an alphanumeric sender ID1 ("alpha tag").

The spoofed SMS alpha tag caused the victims' mobile phones to place both phishing and legitimate SMS messages from the FI into the same SMS conversation thread, thus deceptively making the fraudulent SMS seems legitimate, which in turn increases the likelihood of victims being tricked into accessing the malicious link.

When the victim clicks on the link, he/she will be directed to a fraudulent website requesting for user credentials (i.e., Username, Password, One-Time Password). With these stolen credentials, the attackers could conduct fraudulent activities such as setting up of soft token on the attacker's mobile devices. Once the soft token is set up, the attackers will proceed with the adding of new payees and performing unauthorised fund transfers.

How to avoid being a victim of Smishing?
Do not respond. Attackers depend on your curiosity or anxiety over the situation.
Slow down if a message is urgent. Remain skeptical and proceed carefully.
Call your Remisier/Online Dealer/Mobile Dealer or our Reporting Hotline directly if doubtful.
Avoid using any links or contact info in the message. Use official contact channels.
Refrain from saving Usernames and Passwords on your phone.
You are encouraged to use LTS OTP soft token for 2FA login. An exposed password may still be useless to a smishing attacker if the account being breached requires a second "key" for verification.
Never provide a password or account recovery code via SMS. Never give passwords or text message two-factor authentication (2FA) recovery codes to anyone, and only use it on our official website and mobile apps.
Use an anti-malware app for your phone. Protection against malicious apps and SMS phishing links.

What to do if you become a victim of Smishing?
Report the suspected attack to your Remisier/Online Dealer/Mobile Dealer. Alternatively, you can also contact our Reporting Hotline.
Change all passwords and account PINs where possible.
Monitor online accounts for strange login and other activities.