Learn about phishing and legitimate communications

Learn about phishing

What is phishing?

Phishing is a type of fraud in which cyber criminals attempt to steal sensitive information through email messages, websites or phone calls which appear to be legitimate.

The victim is typically duped into believing that the message or call is from a trusted source; criminals may even be pretending to be someone you know. Their aim is typically to get you to share your passwords or other personal data to steal your money, your identity or both.

How to identify phishing communications?

It’s important to be on the lookout for any suspicious signs of phishing. Here are some signs to look out for:


  • Unofficial “From” address. Look out for a sender’s email address that is similar to, but not the same as, a company’s official email address.
  • Urgent “calls to action” to try to get you to react immediately. Be wary of phrases like “your account will be closed,” “your account has been compromised,” or “urgent action required.”
  • Spelling errors, poor grammar, or inferior graphics.
  • Generic greetings like, “Dear Customer” or “Dear Member”


  • Incorrect company name. Often the web address of a phishing site looks correct but actually contains a common misspelling of the company name or a character or symbol before or after the company name. (for example, www.gra8.com instead of www.grab.com).
  • Pop-up windows asking you to enter your username and password. Phishing scams may direct you to a legitimate website and then use a pop-up to gain your account information.

Phone Calls and Texts

  • They are evasive if you have questions
  • The number is different from the official contact number
  • If you’ve received a call from a genuine source, they shouldn’t mind if you hang up and call back using their official contact channels.
  • If they provide you with a number to ring, you should verify that it belongs to a trusted source before calling it.
  • Beware of a caller who doesn’t want to end the call, or tries to put you off from calling back using the official number.

What should I do if I received a phishing communication?


  • Disconnect immediately and share the fraud number with us by calling our helpline
  • Call us immediately if you have mistakenly revealed your OTP details to someone.


  • If you get a SMS/call asking for sensitive information, do not provide these details.
  • Don’t open or forward these suspicious links via email, SMS or chat.

What should I do if I've been phished?

If you have shared your credit/debit card information with a suspected fraudster, please block your card immediately by contacting your bank or through Grab app for GrabPay Card and lodge a police report for further investigation.

If you have shared your Grab app login credentials or suspect any irregular activities/charges from your account, please reset the password or GrabPIN and report it to us here.


  • No-one should be asking for your password
    A reputable company will never ask for your password or PIN, either over the phone or by email. If they need you to reset your password, they’ll send you a link to a secure page on their official site, which will allow you to do it safely. You also shouldn’t have to give any individual person your password or PIN number.
  • Fraudsters often use threats
    In order to try to spur the victim into action, scammers may include threats in their calls. For example, they could say that your bank account will be permanently deleted if you don’t reset your password through a link that they’ve provided.
  • If the deal seems too good to be true, it is indeed
    Be cautious when you come across promotional offers that sound too good to be true. Fraudsters will claim to be from a real company with fake offers, or that you won a lucky draw.

Your security and privacy is our priority.

Activate GrabPay, a safe way to pay and keep your money.

Read other articles.

How to avoid scams, fraud and identity theft

Follow these simple steps to avoid falling prey to financial fraud

Why is verifying your account and setting up GrabPIN important

GrabPIN and biometrics adds an additional layer of authentication to access your funds