This is known as phishing... where a rogue site is set up to look like the actual site with the aim of collecting unwary users' login credentials, credit card details, personal data, etc. Often, unsuspecting users are directed to these rogue sites when they click on URL links contained in emails which purport to be from the actual company, e.g. claiming that there's an action required of the user. Note that these emails often look legitimate - complete with company logos and signatory, etc!
As what Ryan said... anyone can get a digital certificate for his/her site. The yellow lock only indicates that the site is SSL enabled - provides confidentiality and integrity of data in transit, and certifies (usually thru a trusted 3rd party CA like Verisign, Entrust, etc.) that the site is indeed who it says it is... in this case, it's
www.dbsonlineservice.com. The problem here is that the "dbs" makes one think he/she is indeed accessing a DBS site.
Be wary when you receive any suspicious emails seemingly from your banks, etc. When in doubt, give the bank or company a call to verify the authenticity. Careful when you click on any URL links (e.g. in emails, web pages, etc.) too. Also, don't trust what you see on the browser's address bar ... it can be faked! Best is to type in the URL yourself.
In essence, end users like us also need to practice due diligence in order to protect our personal assets. User awareness is key here... just my 2 rupiahs worth...
ops: