Security Advisory

Your well-being matters to us. We have security measures to keep your privacy and policies as secure as possible.

Emails and SMSes from AIA will not include clickable links that require your account details or personal identifiable information. Do not disclose your username, password, or OTPs to unverified sources. AIA staff and government officials will never request for your account details, OTPs through SMS, voice calls, or unofficial websites.
 
To combat surge of SMS scams, AIA has registered SMS Sender ID with the Infocomm Media Development Authority ("IMDA").
SMS from AIA can be identified using the following SMS Sender ID:
 
  • AIA SG/AIASG
  • From AIA/FROMAIA
  • AIAeBenSG
  • AIAVitality
Email from AIA can be identified using the following domain:
 
  • aia.com.sg
  • aia.com 
Should you require further assistance, please contact us at 1800 248 8000 or +65 6248 8000 (overseas calls) from Monday – Friday excluding public holiday, 8.45am to 5.30pm or visit AIA customer service centres located at 1 Finlayson Green, Singapore 049246 or 3 Tampines Grande, Singapore 528799.

Reset your password, turn on airplane mode, and ensure that Bluetooth, mobile data and Wi-Fi are turned off. After which, run an anti-virus scan on your device. Should you require further assistance, please contact us at 1800 248 8000 or +65 6248 8000 (overseas calls) from Monday – Friday excluding public holiday, 8.45am to 5.30pm or visit AIA customer service centres located at 1 Finlayson Green, Singapore 049246 or 3 Tampines Grande, Singapore 528799.

As an extra layer of protection, all AIA systems, including AIA+, are secured using two-factor authentication. This means that on top of your login credentials, a One-Time Password (OTP) or Singpass authentication is also required before you can perform any transactions.

AIA provides a Secure Zone icon (as symbolized by a 'lock' icon) within our site to reassure you that information transmitted from computer to our systems are encrypted according to the latest encryption standards.

Any transaction to your policies, whether it is performed by you or by your AIA Financial Service Consultant, is secured by a one-time password which will be sent to your registered mobile phone number.
 
In addition, you will also be asked to review and authorise the transaction before it is processed.

Phishing is one of the most common form of cyberattack whereby scammers disguise themselves as a trusted entity and tricks a victim into opening a malicious link to steal user data, including login credentials and credit card numbers.
 
How to protect yourself?
 
  • Verify legitimacy of sender's email address/identity.
  • Stop and think prior to taking any actions.
  • Do not click on any malicious links and/or attachments.
  • If the sender/caller claims to be from AIA you may contact us at 1800 248 8000 or (65) 6248 8000 (from overseas), Mondays to Fridays between 8:45 am and 5:30 pm excluding Public Holidays to verify the authenticity of the call/message.
For more tips on protection measures, please visit:
1. Cyber Security Agency of Singapore: Cyber Tip - Spot Signs of Phishing
2. Moneysense: Phishing Scam

Smishing is a form of phishing attack which involves text-messages (SMS/WhatsApp). Scammers will send misleading text messages to trick you into believing that a message has arrived from a trusted person or organisation and convince you to take action that gives the scammer exploitable information (login credentials, policy number) or access to your device.
 
Scammers often use good news (i.e promise of free gifts, exclusive offers etc.) to trick you into taking action.
 
How to protect yourself?
 
  • Verify legitimacy of sender's phone number/identity.
  • Stop and think prior to taking any actions – if it is too good to be true, it is usually a scam!
  • Do not click on any malicious links and/or attachments.
  • If the sender/caller claims to be from AIA you may contact us at 1800 248 8000 or (65) 6248 8000 (from overseas), Mondays to Fridays between 8:45 am and 5:30 pm excluding Public Holidays to verify the authenticity of the call/message.

Vishing is another common form of phishing whereby scammers use savvy social engineering tactics to convince victims to act and, in the process, give up private information and access to accounts.
 
Often, the caller will pretend to be calling from the government, tax department, police, or trusted organisations such as AIA and use threats and convincing language to make the victim feel as though as they have no other option then to provide the information being asked of them. For example, a scammer may call you to threaten that your AIA policy may be terminated unless you provide the login credentials of your AIA+ account.
 
How to protect yourself?
 
  • Verify legitimacy of caller's phone number/identity.
  • Do not reveal any confidential personal information and end the call immediately if you are unable to verify the legitimacy of the caller.
  • If the sender/caller claims to be from AIA you may contact us at 1800 248 8000 or (65) 6248 8000 (from overseas), Mondays to Fridays bet.

To ensure the confidentiality of your password, we recommend the following:
 
  • Create a password that is at least 8 alphanumeric characters long containing a combination of letters (A-Z) and numbers (0-9).
  • Select a unique password to make it difficult for anyone to guess. Avoid using common phases and easily obtainable personal information in your passwords such as:
    • Partner's name
    • License Plate Number
    • Phone number
    • NRIC Number
    • Date of birth
  • Avoid using sequential numbers (e.g. 123456) or the same number more than once (e.g. 121145).
  • Avoid writing down your password or storing it in a computer, mobile phone or any unprotected media.
  • Change your password regularly.
  • Memorise your password. If you suspect it has been revealed to others, change it immediately.
  • Never reveal your User ID and password to anyone.
Note: No staff of AIA should ever need to ask you for your password for any reason.

Protect your computer against viruses and malicious programs.
 
You should exercise precaution to protect your PC against viruses. Besides damaging and/or destroying data, some of the viruses (e.g. Trojan Horse) can capture your password keystrokes as well as other personal information and transmit the data to a third party without your consent. To prevent against viruses and possible hacking, you should:
 
  • Avoid using preview features of Outlook and other PC mail programs.
  • Only download information/files from websites that have been verified to be authentic and safe.
  • Equip your PC with the latest personal firewall software to protect against hackers and viruses and ensure that you update it to the latest version when it is available.
  • Equip your PC with the latest virus detection software and update your PC virus definition file regularly.
  • Do not open any email or attachment from an unknown sender. Delete the email immediately.
Exercise vigilance against SPAM and phishing
 
SPAM and phishing attacks are increasingly prevalent in email communications that result in misleading communications, deceptive marketing and identity theft.
 
To assist you in continuing to enjoy safe transactions with AIA, we seek your ongoing vigilance and adherence to the following guidelines:
 
  • Understand what SPAM, phishing attacks or suspicious emails look like. They are often generated from obscure email addresses and recent examples we have include: john.d@b631.com; john2@catworld.net: abuse@aia.com and rich.c@zenzones.com
  • Do not click on email, Web links or "shortcuts" from unknown or suspicious senders.
  • Beware of email requesting confirmation of receipt of messages and personal information, such as bank accounts, Social Security numbers and credit card information. Contact the purported sender by means other than email to confirm the authenticity of the message.
  • Do not contribute to SPAM and refrain from forwarding or "replying to all" for chain and junk email.
  • Do not respond to email claiming to have identified a problem with your user identity, email address, employment status, credit or account. These communications are typically hoaxes seeking to extract information that may result in identity theft.

Avoid conducting any personalised or sensitive transaction using the Internet access provided by public places.
 
This is to minimise the possibility of hacking and viruses.

Always update internet browsers to the latest version so that you have the most updated security features available.

As a form of added security, clear your browser's cache and history after each session so that your account information is removed.

Legitimate AIA websites are represented by the lock icon which demonstrates that the website is secured by digital certificates issued by a trusted certificate authority. A valid certificate provides assurance that the website is genuine and not spoofed by malicious threat actors.
You can click on the icon to view the details of the certificate such as the issuing party, validity period, etc.

Whilst acessing AIA+, make sure that the URL is preceded by "https://". You can check for security information about the site by clicking on the lock icon displayed at the browser bar.

When accessing AIA website, always personally and directly enter the relevant website address in the browser address bar to ensure that you are on AIA legitimate website. Do not login via any hyperlinks within emails.

You can prevent any User ID/Password from being stored in your browsers by de-activating the function:
 
Launch your Web Browser
 
  • Search for Tools / Settings / Options / Preferences.
  • Go to autofill / passwords / privacy and security / advanced settings.
  • Uncheck or turn off save passwords feature.
  • Remember to save your changes.

Logon to AIA+ on a regular basis and monitor the 'Account Activities and History Transactions' displayed under 'Notices' section to make sure that the information displayed is accurate and there had been no unauthorised transactions on your accounts.
 
Also note the 'Last Login Login Date and Time' which is displayed within the summary section of AIA+
 
Should the information be inconsistent with your previous login date and time, inform our Customer Care Consultants at 1800 248 8000 or (65) 6248 8000 (from overseas), Mondays to Fridays between 8:45 am and 5:30 pm excluding Public Holidays.

Log out from AIA+ and disconnect from the Internet if you are to leave your computer, even for a short while. For security reasons, we have incorporated a function that will automatically log you out when no activity has been detected after a given duration.

Notify our Customer Care Consultants at 1800 248 8000 or (65) 6248 8000 (from overseas), Mondays to Fridays between 8:45 am and 5:30 pm excluding Public Holidays.

Date Issued: 30 August 2024

Date Issued: 24 May 2024

Date Issued: 23 February 2024

Date Issued: 17 November 2023

Date Issued: 28 August 2023

Date Issued: 28 June 2023

Date Issued: 30 March 2023

Date Issued: 23 December 2022

Date Issued: 30 September 2022

Date Issued: 3 June 2022

Date Issued: 25 January 2022

Date Issued: 9 November 2021

Date Issued: 6 August 2021

Date Issued: 4 June 2021

Date Issued: 21 May 2021

See how vigilant you are against online scams

Take the national crime prevention council quiz!

Recommendation Prompt