Keeping your data safe
At Singapore Airlines, we take the security of your personal and financial information seriously. We're constantly enhancing our security systems, but there are several things you can do too to safeguard your privacy:
Latest Security Alerts
Cybercriminals may try to impersonate Singapore Airlines to trick you into revealing sensitive information. For the latest security alerts, please refer to our Facebook page
.
Enable two-factor authentication (2FA) for bookings
You can now add an extra layer of verification when you manage flight bookings. This strengthens the security of your booking from unauthorised changes.
With 2FA enabled, a One-Time Password (OTP) will be required when you want to access passenger details, change flights, or cancel flights.
How to enable 2FA:
- You will be prompted to enable 2FA on the passenger details page when you make a flight booking.
- 2FA cannot be turned off after booking confirmation. It is recommended that you enable or disable it before you proceed to the next page in your booking.
When will 2FA be applied:
- Accessing passenger details
- Turing auto check-in on
- Making changes to your booking
- Cancelling your booking
Performing OTP verification:
- OTP will be sent to your email address or mobile number registered in your booking. If you logged in to your KrisFlyer profile, it will be sent to the contact details registered in your KrisFlyer profile.
- OTP will be sent from an official Singapore Airlines account (SMS: SQbooking and Email: Singapore Airlines).
- Do not share OTP with anyone when received.
- If you did not request for OTP, contact us, or call +65 67898188 if you are a KrisFlyer member.
How to keep your KrisFlyer account safe
- Never reveal your KrisFlyer login details. Singapore Airlines will never ask for your password or One-Time Password (OTP) through phone call, email or SMS.
- Always type in the URL of the official Singapore Airlines website (www.singaporeair.com) directly into the address bar of your browser.
- Before logging in to your KrisFlyer account, check that you are on the official Singapore Airlines website (www.singaporeair.com) or the official Singapore Airlines mobile apps.
- Ensure that your internet browsers and official Singapore Airlines mobile apps are up to date. Using the latest versions may provide you with enhanced security features.
- If you are using a shared computer, always log out of your KrisFlyer account and clear the web browser cache when you’re done.
- Avoid using public unsecured Wi-Fi when logging into your KrisFlyer account. Use a Virtual Private Network (VPN) to secure your connections on a public Wi-Fi.
- Do not update your contact details (email, contact numbers, addresses) for accounts that do not belong to you.
- Protect your computer by making sure your antivirus software and all other software are up to date.
- Contact us immediately if you notice any suspicious activity in your KrisFlyer account. This can include unknown transactions, unidentified redemption nominees, or unsolicited OTPs.
Know the telltale signs of phishing emails / SMS
Phishing attacks are becoming more common and sophisticated around the world. Therefore, it’s important to recognize an attack. Here are some signs to look out for:
- The sender’s email address doesn’t look right
For example, if you receive an email from singair@sporeair.com instead of SIA’s official email address, singaporeair@email.singaporeair.com, do not open the email.
- The email asks you for confidential information
We will never ask for your banking, credit card details or passwords over email, messages or calls. Never click on any suspicious links in an email.
- The email requires you to open an attachment for an activity you did not request for
The sender may claim the attachment contains important information on your booking or flight. Sometimes, the attachment may have a file extension you may not be familiar with. When in doubt, don’t open the attachment as it may be malware, a malicious software or virus. Contact us instead to verify its authenticity.
- “You’ve just won a prize!”
If it comes as a surprise to learn that you’ve just won a lucky draw you don’t remember ever having taken part in, contact us to verify its authenticity.
- The email is poorly put together
If the email’s visuals look hastily put together, and is filled with spelling and grammatical mistakes, it’s likely to be the work of a cybercriminal.
- Website link to login is not secure
Avoid logging in to unsecured websites (i.e. URLs which do not start with HTTPS) and do not disclose any sensitive confidential information there.
- Suspicious SMS text messages
Customers with a Singapore country code (+65) contact number will be able to verify if the text messages they receive are from the airline as potential scam text messages from unauthorised senders will be marked as ‘Likely-SCAM’.
Email Security
How to protect your email account from being compromised or hacked:
- Do not re-use the password of the email account on other websites
- Change password regularly e.g. 90 days
- Use strong passwords with mix of alphabets (lower and uppercase), numbers and special characters
- Do not use words from dictionary, birthdays or common passwords like 123abc, 123456 etc
- Enable 2-FA if available.
- Beware of phishing emails! Refrain from clicking on links or opening attachments from unknown senders or senders impersonating SIA
- When accessing public email service via a public WiFi, ensure that it is accessed through a secured connection.
- Check your email settings for any suspicious activity (e.g. auto forwarding of messages to an unknown party, sending malware, phishing spam)
- Pay attention to data breaches reported in the news as your email provider may be affected.
- If your email has been hacked, immediately scan your devices for malware before changing your password. Consider alerting your contacts to ignore any suspicious message or posts bearing your name and warn them against opening unknown attachments or clicking on links sent by you
- Stay updated with Cybersecurity tips at Go Safe Online