With effect from 31 October 2023, the Business I-Banking service will be terminated and will be replaced by our new Baiduri b.Digital Business service. To help you with your transition, email us at [email protected].
The Biggest Vulnerability is You
No matter how strong your password or security setup is, scammers know there’s one vulnerability they can always exploit: You.

Ever received a phone call claiming they are from Baiduri Bank or any other financial institutions asking for your personal details? Well stop before divulging all your secrets – you may be a victim of social engineering.

Social engineering is a tactic used by scammers to obtain sensitive information from unsuspecting individuals by using you as the “human loophole”.
They use a variety of psychological tactics to instill fear, excitement or urgency to gain your trust and manipulate you into giving up sensitive information.
However, no matter how advanced and secure the technology is to protect your account, the best defense will still be you. You need to recognise signs and red flags for social engineering attacks.
In this article, we'll explore different types of social engineering tactics used over phone calls and offer tips on how to protect yourself.

How Social Engineering Tactics are Used Over Phone Calls

They pose as Banks or Government Agencies

Scammers often pose as representatives of legitimate companies or government agencies and try to convince you to provide your information over the phone. They may claim that there is a problem with your account or that you have been selected for a special offer.

They always have a story

They are masters at crafting the perfect story to obtain sensitive information. Some scammers may pose as someone in a position of authority, such as a bank employee. They may claim that there has been suspicious activity on your account and that they need to verify your identity. However some even pretend to be your friend or colleague who is in need of help or in the middle of an emergency.

They bait you with a free gift or prize

Scammers may offer a free gift or prize in exchange for your personal information. They may claim that you have won a prize or that you are eligible for a special offer or discount but first you need to pay or provide certain personal info.

How Do Social Engineering Attacks Work?

Social engineering attacks are relatively straight-forward. All a hacker needs to do is convince one under-informed, stressed, or trusting person to do what they say.

However, they all follow a similar pattern. The four phases of a social engineering attack are:

1. Recognition

Here, the attacker gathers information about you. This can include anything from your social media profiles, things you post and so on. The goal is to identify potential vulnerabilities and find ways to exploit them. The more they know about you, the more likely are you to lower down your guard.

2. Target & Attack

Once the attacker has gathered enough information, they move on to the targeting phase. This is where they select their victim and craft a convincing story that will lure you into giving up your personal information. The story may involve a fake emergency, a plausible reason for needing the information, sometimes creating a sense of urgency or fear or a promise of a reward or benefit.

They may pose as a trusted authority figure, from banks, or government agencies, or even friends or family. The goal is to get the victim to again, lower their guard and provide the requested information.

3. Exploit

Finally, in the exploitation phase, the attacker uses the information they've gathered to carry out their malicious activities.

This may involve transferring out large sums of money, making fraudulent purchases, or even stealing the victim's identity.

4. Retreat

As soon as criminals complete their mission, they’ll vanish with as little evidence as possible. Sometimes, you won’t even know what’s happened until they’re long gone.

Tips on How to Protect Yourself

Be Cautious of Unsolicited Phone Calls

If you receive a phone call from someone you don't know, be cautious. Don't provide personal information unless you are absolutely sure that the call is legitimate. If you have any doubts, hang up and call the company or agency directly to verify the call.

Never Share Personal Information

Never share personal information over the phone unless you are absolutely sure that the caller is legitimate. This includes credit card numbers, IC or passport numbers, addresses and other personal information.

Verify the Identity of the Caller

If someone claims to be a representative of a company or agency, ask for their name and employee ID number. Call the company or agency directly to verify the information before providing any personal information.

Stay Informed

Stay informed about the latest social engineering tactics used by scammers. Read up on the latest news and updates, and be aware of the different types of scams that are out there.


Social engineering scams over phone calls are on the rise, and it's important to protect yourself from these types of attacks.
Stay vigilant and stay safe.
Secure Online Payments With Baiduri UnionPay Debit Cards.
Share this page
Other good reads
Can't find what you are looking for? We are here to help you.
Get in touch
We are here to help you. Contact our customer support team if you have any further questions. Here are ways you can get in touch with us.

Subscribe to our newsletter

* indicates required
I am interested in
Baiduri Bank © 2024 All rights reserved. Legal Notice
You are about to enter a third party website & Baiduri Bank Group's privacy policy will cease to apply.
Baiduri Bank Group makes no warranties as to the status of this link or information contained in the website you are about to access.

Do you wish to proceed?
Click to login to our user-friendly online banking sites.
Please select one of the below

Important update
19 September 2023

We would like to inform you that with effect from 31 October 2023, Business i-Banking service will no longer be operational, and this will be replaced with our new Baiduri b.Digital Business service.

If your company has not transitioned to b.Digital Business, please ensure that every existing user provides the following by 8 October 2023 through the Business i-Banking Inbox:
  • User’s full name
  • User’s valid Identification Card (IC) or Passport
  • User’s mobile number
  • User's company assigned email address (General company email is not accepted e.g., [email protected])

Alternatively, you can complete the b.Digital Business Amendment Form and submit the form(s) directly to Baiduri Digital Hub, Ground Level, Baiduri Bank Headquarters.

Every user will receive a notification email at their registered email address, once they have been migrated and activated on the b.Digital Business service.

Companies who have not moved to b.Digital Business after 31 October 2023 can re-apply as a new subscriber to the b.Digital Business service. This will require additional documentations to be submitted as part of the application. Refer “Required Documents” here.

Important notice: Our Business i-Banking service will be deactivated soon. To ensure continued access and a smooth transition to the new Baiduri b.Digital Business, please provide your full name, IC, email address and mobile number via Business i-Banking Inbox. If we do not receive updated details from all authorised users, your company will not be migrated to the new platform and a fresh application will be required. For assistance, contact us at [email protected] or call 2268 637/8/9 during business hours. Thank you for your cooperation.

To strengthen our online security measures, effective 8 January 2024, we will introduce the cooling period feature on our Baiduri b.Digital Personal web and mobile app to prevent unauthorised access.

Click here for more information.

Generic Popup