Safeguarding your Online Services Access

At MSIG, your online security is important to us. We understand your concerns and we strive to update you on ways to protect yourself against identity theft and other cybersecurity risks. 

1. Protect Your Username and Password

Keep your sign-in credentials private and never share them with anyone. This includes the One-Time Pin (OTP) sent to your mobile phone as part of 2FA (two-factor authentication). 

To further protect your privacy, disable any web browser's prompt to save your information.

Log off your browser after you complete a transaction and do not leave your device unattended until the transaction has been processed. It is advisable to clear your browser's cache after an online session. 

MSIG will never ask for your password or any other confidential information. 

Learn more on how to create a strong password and remember it. 

2. Protect Your Computer and Mobile Device

Secure your device with a password, pin, biometric authentication or relevant mechanism to prevent unauthorised use. 

Do not install software or run programs of unknown origin. You can prevent malware infections by installing and updating your virus protection software. 

If you have enabled data synchronisation between your mobile device and online storage or cloud services, you should set up 2FA for your online cloud accounts to prevent your personal information from being hacked by unauthorised persons. 

Here are some extra precautions you can take to protect your devices

3. Safeguard Against Online Threats

Stay alert of phishing scams and spyware as they are becoming more prevalent and difficult to detect. Phishing can happen through phone calls, SMS, emails and spoofed websites, whilst spyware is a form of malicious software that can compromise your system without you knowing it. 

If you suspect any phishing scam, fraudulent email or fake website is directed at you as a customer or potential customer of MSIG, please notify us immediately. 

Learn how to protect yourself from online threats.

Creating Strong Password and Remember it
  • Do not choose a password that can be easily guessed by others, such as your name, date of birth, telephone number, NRIC, User ID, dictionary words or other associated data. You should select a unique combination that you can easily remember.
  • For ease of remembering your password, consider using methods such as adopting the first character of a phrase or sentence to form your password. Example: We are going to the movie after a romantic candlelight dinner – “Wag2tmaarcd”.
  • Do not use password storage software, application, or cloud/electronic diary.
  • The same password should not be used for different websites, applications or services, particularly when they relate to different entities.
  • Do change your password regularly.
Protect Your Devices
  • Do not use a computer or a device that cannot be trusted.
  • Do not use public or internet cafe computers to access sensitive online services or perform financial transactions.
  • Do not remove safeguards that the manufacturers have put in place in your mobile devices as it increases the risk of malicious software infection. 
  • Malicious software can also cause harm to your computer and devices. Avoid opening emails and attachments from senders whom you do not know.
  • Do not allow anyone to keep, use or tamper with your 2FA (two-factor authentication) token and ensure it is always kept secured.
  • Download our mobile app(s) only from official sources such as the Apple App Store or Google Play Store.
  • Always install the latest updates for your device from official repositories such as Apple App Store or Google Play Store. New updates are sometimes used to fix bugs and address security vulnerabilities.
  • If you are using your mobile phone as 2FA and have recently changed your device number, please notify us to ensure you receive your OTP when carrying out your transaction with MSIG.
Protect Yourself from Online Threats

How to protect data from being compromised?
Consider the use of encryption technology to protect highly sensitive or confidential information.

How to protect yourself from phishing websites?

  • Always ensure that the Online Services URL is correct before you enter your login information.
  • Before using MSIG Singapore online services, always ensure that the website you are accessing belongs to MSIG Singapore. The website URL should bear our domain names (i.e.,,,,, and 
  • Before submitting any information, ensure that there is a "lock" icon on the browser's status bar. It means that your information is secure during transmission.

What should you do when you encounter SSL Certificate or Website Security Certificate warnings?
Secure Sockets Layer (SSL) is the standard security technology for encrypted connection between our server and your browser. The secure connection has an encryption key assigned to it in the form of an SSL certificate. If you encounter a certificate warning or a certificate error message, please log off immediately and notify MSIG immediately.

How to protect yourself from Smishing (SMS Phishing)?

  • Do not provide your personal data, such as your NRIC, credit card information unless you are sure of the authenticity of the message.
  • Do not reply to SMSes, calls or emails on transactions that you did not perform.
  • Do not click on any website links found in unsolicited SMS or multi-media messages (MMS) from unknown sources. Do not reply to such SMSes, delete them immediately.

How to protect yourself from Vishing (Voice Phishing)?
Validate that the call you receive is from a trustworthy source via various ways, including contacting our customer service hotline.

What are the common symptoms of a Spyware infection?

  • An increase in pop-up ads on your web browser.
  • Often being re-directed to an unfamiliar web page.
  • A new icon appears on your web browser toolbars.
  • Unexplained changes of home page settings.
  • Random windows error message appears.
  • Computer processing speed slows down.
  • Frequent computer crashes.

How to protect yourself against Spyware?

  • Be wary of banners, advertisements and pop-ups while surfing the Internet. Do not click on these advertisements.
  • Do not download software from unknown sources.
  • Do not open email attachments from untrustworthy sources.
  • Do not play movie or music files from unknown sources.
  • Update and patch your operating system and web browser regularly.
  • Install and regularly update anti-spyware, virus protection and firewall software.
  • Change your password on a regular basis.
  • Adjust browser settings to prompt you whenever a website tries to install a new program.

How to stay resilient against Cybersecurity risk?

  • Always perform regular backups, especially for data that are of importance to you.
  • Stay calm and seek help, especially when you are in a state of loss.
  • If you receive SMS or email alerts for transactions that you did not perform or are using your mobile phone or token as your 2FA to access any of our services, please notify us immediately in the event of loss or theft of the device, and/or if you suspect there is unauthorized access to your account.