Keeping your data safe

At Singapore Airlines, we take the security of your personal and financial information seriously. We're constantly enhancing our security systems, but there are several things you can do too to safeguard your privacy:

Latest Security Alerts

Cybercriminals may try to impersonate Singapore Airlines to trick you into revealing sensitive information. For the latest security alerts, please refer to our Facebook page.

Enable two-factor authentication (2FA) for bookings

You can now add an extra layer of verification when you manage flight bookings. This strengthens the security of your booking from unauthorised changes.

With 2FA enabled, a One-Time Password (OTP) will be required when you want to access passenger details, change flights, or cancel flights.

How to enable 2FA:

  • You will be prompted to enable 2FA on the passenger details page when you make a flight booking.
  • 2FA cannot be turned off after booking confirmation. It is recommended that you enable or disable it before you proceed to the next page in your booking.

 

When will 2FA be applied:

  • Accessing passenger details
  • Making changes to your booking
  • Cancelling your booking

 

Performing OTP verification:

  • OTP will be sent to your email address or mobile number registered in your booking. If you logged in to your KrisFlyer profile, it will be sent to the contact details registered in your KrisFlyer profile.
  • OTP will be sent from an official Singapore Airlines account (SMS: SQbooking and Email: Singapore Airlines).
  • Do not share OTP with anyone when received.
  • If you did not request for OTP, contact us, or call +65 67898188 if you are a KrisFlyer member.

How to keep your KrisFlyer account safe

  • Never reveal your KrisFlyer login details. Singapore Airlines will never ask for your password or One-Time Password (OTP) through phone call, email or SMS.
  • Always type in the URL of the official Singapore Airlines website (www.singaporeair.com) directly into the address bar of your browser.
  • Before logging in to your KrisFlyer account, check that you are on the official Singapore Airlines website (www.singaporeair.com) or the official Singapore Airlines mobile apps.
  • Ensure that your internet browsers and official Singapore Airlines mobile apps are up to date. Using the latest versions may provide you with enhanced security features.
  • If you are using a shared computer, always log out of your KrisFlyer account and clear the web browser cache when you’re done.
  • Avoid using public unsecured Wi-Fi when logging into your KrisFlyer account. Use a Virtual Private Network (VPN) to secure your connections on a public Wi-Fi.
  • Do not update your contact details (email, contact numbers, addresses) for accounts that do not belong to you.
  • Protect your computer by making sure your antivirus software and all other software are up to date.
  • Contact us immediately if you notice any suspicious activity in your KrisFlyer account. This can include unknown transactions, unidentified redemption nominees, or unsolicited OTPs.

Know the telltale signs of phishing emails / SMS

Phishing attacks are becoming more common and sophisticated around the world. Therefore, it’s important to recognize an attack. Here are some signs to look out for:

  • The sender’s email address doesn’t look right

    For example, if you receive an email from singair@sporeair.com instead of SIA’s official email address, singaporeair@email.singaporeair.com, do not open the email.

  • The email asks you for confidential information

    We will never ask for your banking, credit card details or passwords over email, messages or calls. Never click on any suspicious links in an email.

  • The email requires you to open an attachment for an activity you did not request for

    The sender may claim the attachment contains important information on your booking or flight. Sometimes, the attachment may have a file extension you may not be familiar with. When in doubt, don’t open the attachment as it may be malware, a malicious software or virus. Contact us instead to verify its authenticity.

  • “You’ve just won a prize!”

    If it comes as a surprise to learn that you’ve just won a lucky draw you don’t remember ever having taken part in, contact us to verify its authenticity.

  • The email is poorly put together

    If the email’s visuals look hastily put together, and is filled with spelling and grammatical mistakes, it’s likely to be the work of a cybercriminal.

  • Website link to login is not secure 

    Avoid logging in to unsecured websites (i.e. URLs which do not start with HTTPS) and do not disclose any sensitive confidential information there.

  • Suspicious SMS text messages

    Customers with a Singapore country code (+65) contact number will be able to verify if the text messages they receive are from the airline as potential scam text messages from unauthorised senders will be marked as ‘Likely-SCAM’.

Email Security

How to protect your email account from being compromised or hacked:

  • Do not re-use the password of the email account on other websites
  • Change password regularly e.g. 90 days
  • Use strong passwords with mix of alphabets (lower and uppercase), numbers and special characters
  • Do not use words from dictionary, birthdays or common passwords like 123abc, 123456 etc
  • Enable 2-FA if available.
  • Beware of phishing emails! Refrain from clicking on links or opening attachments from unknown senders or senders impersonating SIA
  • When accessing public email service via a public WiFi, ensure that it is accessed through a secured connection.
  • Check your email settings for any suspicious activity (e.g. auto forwarding of messages to an unknown party, sending malware, phishing spam)
  • Pay attention to data breaches reported in the news as your email provider may be affected.
  • If your email has been hacked, immediately scan your devices for malware before changing your password. Consider alerting your contacts to ignore any suspicious message or posts bearing your name and warn them against opening unknown attachments or clicking on links sent by you
  • Stay updated with Cybersecurity tips at Go Safe Online 

FAQs

  • Contact us to report the matter immediately.
  • Change your KrisFlyer account password immediately.
  • Ensure the antivirus software on your computer/ laptop/ mobile devices is updated with the latest virus signature. Perform the antivirus scan for your system or mobile device.
  • Ensure that the operating system for your computer/ laptop/mobile devices is updated and that the latest patches are installed.
  • If your KF account (i.e. email ID) and password are also used as the login credentials for other websites, check for any suspicious transactions in those accounts and change the email password.

Phishing is a method of obtaining sensitive personal or financial information from targeted individuals. Phishing sites try to mimic legitimate sites to trick you into providing your data. Phishing emails are made to look like they were sent by a trusted organization, and prompts you to take an urgent action by clicking a link or opening a file.

These emails, text messages or SMS will include links that lead you to provide certain information including, but not limited to:

  • Personal information (NRIC/passport numbers, address, emails)
  • Banking credentials (bank account numbers, credit card numbers, expiry date, CVV, One Time Password (OTP), PIN)
  • KrisFlyer account number and password


With this, scammers can gain access to your accounts.

Singapore Airlines will never request the following from our customers/members:

  • Ask customers to click on a link to enter their personal or credit card details, KrisFlyer number and password, into a website
  • Make unsolicited requests for sensitive information, bank account, credit/debit card information
  • Ask you to reveal your KrisFlyer account password or secret Q&A

Phishing threats come in various forms and are constantly evolving. If you are unsure about the authenticity of the emails, please contact us via the following link and we will get back to you as soon as possible.

Singapore Airlines’ emails may contain links. However, we will not ask customers to click on a link to enter their personal or credit/debit card details, KrisFlyer number and password unnecessarily. You will only be required to enter such details when making a booking on singaporeair.com / silkair.com or when logging in to krisflyer.com/ krisshopair.com/ krisflyerspree.com. Check that you are using the official websites before providing your credit/debit card details or logging in to your KrisFlyer account.

Should recipients wish to verify such calls or emails, or report a fake Singapore Airlines website, please send us the details via the following link and we will get back to you as soon as possible. Additionally, a police report may also be lodged.

Singapore Airlines does conduct lucky draws and contests from time to time and we would require the winner to furnish their details for verification purposes. All contact will be carried out by Singapore Airlines staff, whose emails will come from singaporeair.com.sg. Should recipients wish to verify such calls or emails, please send us the details via the following link and we will get back to you as soon as possible.