Singapore Airlines

Keeping your data safe

At Singapore Airlines, we take the security of your personal and financial information seriously. We're constantly enhancing our security systems, but there are a number of things you can do too to safeguard your privacy:

Latest Security Alerts

Cyber criminals may try impersonating Singapore Airlines to trick you into revealing sensitive information. These are the latest security alerts, and how you can identify them.

How to keep your KrisFlyer account safe

  • Never reveal your KrisFlyer login details. Singapore Airlines will never ask for your password or One Time Password (OTP) through phone call, email or SMS.

  • Always type in the URL of the official Singapore Airlines website ( directly into the address bar of your browser.

  • Before logging in to your KrisFlyer account, check that you are on the official Singapore Airlines website ( or the official Singapore Airlines mobile apps.

  • Ensure that your internet browsers and official Singapore Airlines mobile apps are up to date. Using the latest versions may provide you with enhanced security features.

  • If you are using a shared computer, always log out of your KrisFlyer account and clear the web browser cache when you’re done.
  • Avoid using public unsecured Wi-Fi when logging into your KrisFlyer account. Use a Virtual Private Network (VPN) to secure your connections on a public Wi-Fi.
  • Do not update your contact details (email, contact numbers, addresses) for accounts that do not belong to you.
  • Contact us immediately if you notice any suspicious activity in your KrisFlyer account. This can include unknown transactions, unidentified redemption nominees, or unsolicited OTPs.

Telltale signs of a phishing email

Phishing attacks are becoming more common and sophisticated around the world. Therefore, it’s important to recognize an attack. Here are some signs to look out for:

  • The sender’s email address doesn’t look right

    For example, if you receive an email from instead of SIA’s official email address,, do not open the email.

  • The email asks you for confidential information

    We will never ask for your banking, credit card details or passwords over email, messages or calls. Never click on any suspicious links in an email.

  • The email requires you to open an attachment for an activity you did not request for

    The sender may claim the attachment contains important information on your booking or flight. Sometimes, the attachment may have a file extension you may not be familiar with. When in doubt, don’t open the attachment as it may be malware, a malicious software or virus. Contact us instead to verify its authenticity.

  • “You’ve just won a prize!”

    If it comes as a surprise to learn that you’ve just won a lucky draw you don’t remember ever having taken part in, contact us to verify its authenticity.

  • The email is poorly put together

    If the email’s visuals look hastily put together, and is filled with spelling and grammatical mistakes, it’s likely to be the work of a cybercriminal.

  • Website link to login is not secure 

    Avoid logging in to unsecured websites (i.e. URLs which do not start with HTTPS) and do not disclose any sensitive confidential information there.

Email Security

How to protect your email account from being compromised or hacked:

  • Do not re-use the password of the email account on other websites
  • Change password regularly e.g. 90 days
  • Use strong passwords with mix of alphabets (lower and uppercase), numbers and special characters
  • Do not use words from dictionary, birthdays or common passwords like 123abc, 123456 etc
  • Enable 2-FA if available.
  • Beware of phishing emails! Refrain from clicking on links or opening attachments from unknown senders or senders impersonating SIA
  • When accessing public email service via a public WiFi, ensure that it is accessed through a secured connection.
  • Check your email settings for any suspicious activity (e.g. auto forwarding of messages to an unknown party, sending malware, phishing spam)
  • Pay attention to data breaches reported in the news as your email provider may be affected.
  • If your email has been hacked, immediately scan your devices for malware before changing your password. Consider alerting your contacts to ignore any suspicious message or posts bearing your name and warn them against opening unknown attachments or clicking on links sent by you
  • Stay updated with Cybersecurity tips at Go Safe Online


I suspect my account has been hacked. What should I do?

  • Contact us to report the matter immediately.
  • Change your KrisFlyer account password immediately.
  • Ensure the antivirus software on your computer/ laptop/ mobile devices is updated with the latest virus signature. Perform the antivirus scan for your system or mobile device.
  • Ensure that the operating system for your computer/ laptop/mobile devices is updated and that the latest patches are installed.
  • If your KF account (i.e. email ID) and password are also used as the login credentials for other websites, check for any suspicious transactions in those accounts and change the email password.

What is phishing?


Phishing is a method of obtaining sensitive personal or financial information from targeted individuals. Phishing sites try to mimic legitimate sites to trick you into providing your data. Phishing emails are made to look like they were sent by a trusted organization, and prompts you to take an urgent action by clicking a link or opening a file.

These emails, text messages or SMS will include links that lead you to provide certain information including, but not limited to:

  • Personal information (NRIC/passport numbers, address, emails)
  • Banking credentials (bank account numbers, credit card numbers, expiry date, CVV, One Time Password (OTP), PIN)
  • KrisFlyer account number and password

With this, scammers can gain access to your accounts.

How can I tell if an email/message/call is from Singapore Airlines?


Singapore Airlines will never request the following from our customers/members:

  • Ask customers to click on a link to enter their personal or credit card details, KrisFlyer number and password, into a website
  • Make unsolicited requests for sensitive information, bank account, credit/debit card information
  • Ask you to reveal your KrisFlyer account password or secret Q&A

Phishing threats come in various forms and are constantly evolving. If you are unsure about the authenticity of the emails, please contact us via the following link  and we will get back to you as soon as possible.

Does this mean emails from Singapore Airlines will not contain hyperlinks?


Singapore Airlines’ emails may contain links. However, we will not ask customers to click on a link to enter their personal or credit/debit card details, KrisFlyer number and password unnecessarily. You will only be required to enter such details when making a booking on / or when logging in to Check that you are using the official websites before providing your credit/debit card details or logging in to your KrisFlyer account.

How should I report phishing emails/websites/calls? /What do I do?


Should recipients wish to verify such calls or emails, or report a fake Singapore Airlines website, please send us the details via the following link and we will get back to you as soon as possible. Additionally, a police report may also be lodged.

I have received a call that I have won a lucky draw and the caller is asking me to send over my passport/NRIC details for verification purposes. How do I know if it is genuine?


Singapore Airlines does conduct lucky draws and contests from time to time and we would require the winner to furnish their details for verification purposes. All contact will be carried out by Singapore Airlines staff, whose emails will come from Should recipients wish to verify such calls or emails, please send us the details via the following link and we will get back to you as soon as possible.