Security Advisory
  • Learn how to spot and avoid these 3 common scams

    18 March 2025

    Do not let scammers steal your peace of mind and money

    Every day, countless individuals and businesses fall victim to scams.
    But you can be different. Read on to find out how to identify and steer clear of these threats before it is too late. Make sure to share these tips with your staff.


    1. Impersonation scams
    Watch out for scammers posing as officials from government agencies (e.g. the Singapore Police Force (SPF), Monetary Authority of Singapore (MAS), NTUC Union or SingCert) or employees of reputable companies (e.g. Alipay, Unionpay or facilities management companies).

    These scammers may intimidate you into thinking that you have signed up for an insurance package that needs to be renewed, or that you are under investigation/a search warrant for money laundering. Their aim in doing so is to convince you into disclosing your personal/business online banking login details. They may also frighten you into urgently sending them payments; some even pretend to not have received your initial payment in order to trick you into sending funds to them multiple times.

    Such scammers may even create deepfakes (i.e. artificially-created images, video or audio) of government officials or public figures, to trick you into disclosing your details, or to convince you to do what they want.

    How to protect your business:
    • Do not give in to pressure and let fear rush you into making hasty decisions.
    • End the call immediately if the caller is unable to properly identify himself/herself or you have doubts about the call.
    • Be wary if the other party asks you to make PayNow transfers using a mobile number instead of a unique entity number (UEN) – genuine businesses will provide you with a UEN.
    • Always verify the authenticity of any information shared with you, or requests made to you, by contacting the organisation through their official website or hotline
    • Banks will not transfer calls to any party outside the bank, such as the police or government officials.
    • Government officials will NEVER ask, over the phone or through text messages, that you:
      • Transfer money to the Police/their bank accounts, including by using mobile numbers linked to such bank accounts;
      • Give them your banking, Singpass and/or CPF-related information;
      • Click on links that lead to banks’ websites; or
      • Install apps from sources other than official app stores.

    2. Bulk order scams
    Scammers may write to you or your business, posing as customers in need of goods or services (e.g. paint jobs, repairs or bulk orders).
    Such scammers will make additional requests (e.g. for specific goods or support from a certain ‘supplier’). They will even provide screenshots of faked documentation which show that early partial payment has been made to the ‘supplier’; this is to convince you to ‘complete the payment’, supposedly so that the requested goods/support can be obtained. The scam will only be exposed when you realise that both ‘customer’ and ‘supplier’ have vanished without paying you.

    How to protect your business:
    • Independently verify the identity of any party that you communicate with.
    • Avoid making early payment or placing deposits when interacting with new suppliers. Arrange to meet the supplier and pay only upon delivery of the goods or services.
    • Look up potential suppliers online to verify their legitimacy before committing to any purchases.


    3. Business Email Compromise (BEC) scams
    Business Email Compromise scams are email-based scams designed to trick you into making fraudulent funds transfers. Recently, BEC scams have become more
    sophisticated – scammers may use malware (malicious software) to control enterprise email accounts, or create deepfakes of your company executives.

    Scammers can hack into any email account and monitor the email correspondences. At an opportune time, they will send an email (using a spoofed address) to you or your colleagues, sometimes impersonating the CEO or a director, asking for payment to be made to a bank account that differs from the regular one. Do not be duped into doing so – always verify the authenticity of such emails.

    Not sure what spoofed email addresses look like? Here are some examples:



    How to protect your business:

    • Always check the email address and the display name of the sender; BEC scammers often use spoofed email addresses that look similar to the real ones.
    • Verify payment details via channels other than email (for example, you can call the supposed sender of the email using the phone number you have in your records).
    • Ensure your staff is aware of the dangers of BEC scams. Establish a clear reporting process and encourage them to report any suspicious emails immediately.
    -------------------------

    Protect your business with these measures
    1. Never share your banking credentials with anyone.
    2. Received a suspicious call? Verify the legitimacy of the caller and his/her company by checking the official website before you provide any information or payments.
    3. Educate your staff so that they are aware of the dangers of these scams.

    Learn more about other common scams:
    go.ocbc.com/scams
  • Protect your business from emerging scams

    How to protect your business from emerging scams

    Do not let scammers steal your peace of mind and money. Every day, countless individuals and businesses fall victim to scams.
    But you can be different. Read on to learn how to spot and avoid these threats before it is too late.

    WATCH OUT FOR THESE SCAMS

    Here are 3 types of commonly seen scams. See how they work and how to protect yourself and business from them.

    Impersonation scams
    Beware of scammers posing as government officials (e.g. police officers, court officials) or employees of reputable companies (e.g. facilities management companies). These scammers often use scare tactics to convince you into disclosing your personal/business online banking login details. They may also frighten you into urgently sending them payments; some even pretend to not have received your initial payment in order to trick you into sending funds to them multiple times.

    How to protect your business:

    Do not give in to pressure and let fear rush you into making hasty decisions

    End a call immediately if the caller is unable to properly identify himself/herself

    Be wary if the other party asks you to make PayNow transfers using a mobile number instead of a unique entity number (UEN) – genuine businesses will provide you with a UEN



     

    Always verify the authenticity of any information shared with you, or requests made to you, by contacting the organisation through their official website or hotline


     

    Banks will not transfer calls to any party outside the bank, such as the police or government officials

     

    Bulk order scams

    A scammer writes to the target, posing as a customer requesting goods or services (e.g. paint jobs, repairs and bulk orders).

    The scammer makes additional requests, for specific goods such as mattresses/support from a certain “supplier”, and provides screenshots of faked documentation showing that partial payment has been made to the “supplier” in advance. The target is then convinced to complete the payment to the “supplier” so that the components/support can be obtained. The scam is exposed when the target realises that the “customer” and the “supplier” have vanished without payment being made.
     

    How to protect your business:

    Independently verify the identity of any party you are corresponding with.

    Avoid making payments or deposits in advance to new suppliers. Arrange to meet the supplier and pay only upon delivery of the goods or services.

    Search up these suppliers online to verify their legitimacy before committing to any purchases.

     

    Investment scams
    Individuals claiming to represent stockbrokers, banks or financial companies may approach you with unsolicited investment opportunities. They may promise quick money and/or extraordinary returns at little to no risk. Such scammers often offer time-limited deals and gifts, or rebates, to pressure you into acting quickly. They may – in attempts to persuade you to invest in their bogus opportunities – repeatedly send you messages via social media or messaging apps.

     

    How to protect your business:

    Do not send money to a non-business account for any investment.

    Conduct your investment dealings exclusively with companies licensed by the Monetary Authority of Singapore (MAS). Always do a thorough check on companies and their representatives using resources such as the Financial Institutions Directory, Register of Representatives or Investor Alert List (available on the MAS website). If a company is based outside of Singapore, check if it is licensed with the relevant overseas authority.

    Learn more about other common scams:
    go.ocbc.com/scams

    Protect your business with these measures

    Never share your banking credentials with anyone.

    Received a suspicious call? Verify the legitimacy of the caller and company from their official website before providing any information or payments.

    Educate your employees so that they are aware of the dangers of these scams.



  • Protect your funds from bulk order and tech support scams

    Put scammers out of work. For good.

    Received a bulk order that sounds too good to be true? Saw a mysterious pop-up message telling you to call a number as your device has been compromised? These are common scam tactics that you should be cautious of.

    Let us work together to stay one step ahead of scammers. Read the tips below to protect your business from bulk order and tech support scams.


    WATCH OUT FOR THESE SCAMS

    Bulk order scams

    • The approach: A scammer writes to the target, posing as a customer requesting goods or services (e.g. paint jobs, repairs and bulk orders).
    • The scam: The scammer makes additional requests, for specific components/support from a certain “supplier”, and provides screenshots of faked documentation showing that partial payment has been made to the “supplier” in advance. The target is then convinced to complete the payment to the “supplier” so that the components/support can be obtained. The scam is exposed when the target realises that the “customer” and the “supplier” have vanished without payment being made.

     

    How to protect your business:

    • Independently verify the identity of any party you are corresponding with.
    • Avoid making payments or deposits in advance to new suppliers. Arrange to meet the supplier and pay only upon delivery of the goods or services.
    • Search up these suppliers online to verify their legitimacy before committing to any purchases.

     

    Tech support scams

    • The approach: A target gets a pop-up message on his/her device claiming that the device has been compromised or has a software issue.
    • The scam: The message asks the target to contact a ‘tech support’ hotline to fix the issue. The hotline is actually manned by scammers, who will try to trick the target into revealing sensitive information. The target could also be asked to access websites or download files that give the scammer control of the target’s device, including banking apps. The scammer then steals money or makes fraudulent transactions using the target’s business account(s).

     

    How to protect your business:

    • Do not contact tech support via hotlines or email addresses that appear in pop-up messages which claim your device has been compromised. Legitimate tech companies will never send you such messages. If your device has any issues, search for the company’s hotline or email address via their website.
    • Regularly scan your devices using antivirus software.
    • Never share your banking details with anyone.

    PROTECT YOUR BUSINESS WITH THESE MEASURES

    1. Never share your banking credentials with anyone.
    2. Received a suspicious call? Verify the legitimacy of the caller and company from their official website before providing any information or payments.
    3. Educate your employees so that they are aware of the dangers of these scams.

     

     

     

  • Protect your business’ funds from scams
    The power to protect your business is in your hands

    Protect your business’ funds from scams! Equip yourself with the knowledge to spot and stop scams like a pro.
    Not sure where to start? Read the tips below to protect yourself from 3 common scams – malware, phishing and impersonation.


    WATCH OUT FOR THESE SCAMS

    Here are 3 scams you should know about and the ways to protect your business’ funds from them.

    1. Malware threats
    Malware is a type of malicious software that scammers use to infect computers and mobile devices in order to carry out criminal activities. Once infected, the devices can be accessed remotely by scammers. Confidential data like your online banking login details (both personal and business) may be stolen.

    How to protect your funds:
    • Avoid installing software or running programs from unknown sources
    • Do not open attachments and links – or scan QR codes – from unsolicited emails and WhatsApp messages, and social media platforms
    • Keep your devices secure by using trusted anti-virus solutions
    • Never store your personal/business online banking login details in your web browsers or devices
    2. Phishing scams
    Phishing scams are those where scammers trick you into sharing confidential information by pretending to be someone they are not or offering something in exchange.

    How to protect your funds:
    • Be sceptical of deals that seem too good to be true
    • Do not provide your personal details or personal/banking online banking login details when prompted by unverified websites
    3. Impersonation scams
    Beware of scammers posing as government officials (e.g. police officers, court officials) or employees of reputable companies (e.g. facilities management companies). These scammers often use scare tactics to convince you into disclosing your personal/business online banking login details. They may also frighten you into urgently sending them payments via PayNow; some even pretend to not have received your initial payment in order to trick you into sending funds to them multiple times.

    How to protect your funds:
    • Do not give in to pressure and let fear rush you into making hasty decisions
    • End a call immediately if the caller is unable to properly identify himself/herself
    • Be wary if the other party asks you to make PayNow transfers using a mobile number instead of a unique entity number (UEN) – genuine businesses will provide you with a UEN
    • Always verify the authenticity of any information shared with you, or requests made to you, by contacting the organisation through their official website or hotline

    REMEMBER THESE ANTI-SCAM TIPS
    1. Never share your banking credentials with anyone
    2. Always check that the websites you browse are official ones
    3. Ensure that your employees recognise the dangers of scams
  • Protect your company from email scams
    19 January 2024

    With more companies moving their operations online, cybercriminals have more opportunities to launch Business Email Compromise (BEC) attacks. These attacks often use current events or themes to make the content of emails seem more plausible, increasing the likelihood of recipients falling prey.

    As businesses are usually the primary targets of BEC attacks, it is important to stay vigilant. If attacked, act swiftly.


    WHAT ARE BUSINESS EMAIL COMPROMISE SCAMS?


    Business Email Compromise (BEC) scams are email-based scams designed to trick you into making fraudulent funds transfers. Recently, these scams have become more advanced, such as by using malware to take control of business email accounts. Here is what a typical BEC scam looks like:

    A legitimate-looking email arrives
    Adam, an F&B business owner, gets an email from his regular supplier, Ben. The email contains Ben’s company logo, website details and messaging format – everything Adam is used to.

    The email informs Adam that Ben’s company has recently opened an account with another bank and Adam must make payment for outstanding invoices to this account. Adam reviews the invoices and makes payment as requested.

    The scam unravels
    A week later, Adam gets an email from Ben asking him to make payment for his outstanding invoices. Upon further clarification, Adam realises that the account he made the payment to does not belong to Ben. In fact, the email he received earlier was not sent by Ben. It was a spoofed email sent by a scammer.


    Stay vigilant
    Scammers can hack into your email account, or anyone else’s, and monitor the email correspondences. At an opportune time, they may send an email (using a spoofed address) to you or your colleagues asking for payment to be made to a bank account that differs from the regular one. Do not be duped into doing so. Make your checks first. Verify, then verify again.

    Not sure what spoofed email addresses look like? Here are some examples:




    PROTECT YOURSELF WITH THESE MEASURES

    Improve employee awareness
    Ensure that your employees are aware of the dangers of BEC scams and urge them to report any suspicious emails – via a clear reporting process – immediately.


    Verify payment details via channels other than email
    Always verify the legitimacy of an email by reaching out to the sender through alternative means, such as a messaging app or phone call.


    Practise good cyber hygiene
    Prevent unauthorised access to your company’s systems and data by using anti-spam and anti-phishing software to block malicious emails.


    STOP. THINK BEFORE YOU ‘ACT’
     
    Stay vigilant and do not respond to any email that asks for your confidential information. If you are unsure, please verify the request. Should you receive any phone calls, SMSes or emails alerting you of transactions that are unfamiliar in your account, please call us immediately. You can also block access to your company’s online banking account instantly via the OCBC Velocity login page or the OCBC Business app.
     
    Add
    Instal security tools like antivirus software to be better protected online.
     
     
    Check
    Look out for potential scam signs by verifying information with trusted sources.
     
     
    Tell
    If you encounter any scams, inform the authorities and let others know promptly.

    Learn more about ACT on the NCPC website.

    If you believe you have fallen prey to a scam, please visit any OCBC branch. Alternatively, call our Business Banking hotline: OCBC website > Contact us. Alternatively, use our Enquiry Assistant at the OCBC website > Banking for businesses > Business Banking > Contact us.This message contains links to third-party websites.

    By accessing any such websites, you agree to our terms of use.

  • Adopting the latest security measures against malware
    6 November 2023

    As part of our ongoing efforts against cybercrime and to protect your online banking experience, we introduced an essential security feature to the OCBC Business app.

    The latest version of the OCBC Business app on Android are built to work more optimally and securely on devices whose mobile apps were all downloaded from the official app stores (e.g. Google Play Store or Huawei AppGallery). Such apps are verified before they are made available for downloading. Apps from other sources (e.g. official brand websites or apps installed using Android Package Kit (APK) files) are not verified. They tend to have more security vulnerabilities and so are more susceptible to malware infection, which can allow cybercriminals to gain control of your device and, subsequently, your banking app(s) and personal details.

    This inherent risk in apps downloaded from sources other than official app stores has been reiterated by Singaporean authorities, who classify malware scams as particularly aggressive and a serious threat to consumers. Despite constant reminders by the authorities of the dangers of downloading these apps, the number of customers falling prey to malware scams has continued to increase.


    When one or more potentially malicious apps are detected

    If you try to access the latest version of the OCBC Business app on a device with one or more apps downloaded from unofficial sources, a message – warning you that one or more of these apps may contain malware – will pop up on the screen. For your security, we recommend that you uninstall such apps before proceeding to use the OCBC Business app. You do not have to delete the OCBC Business app.

    Alternatively, if you prefer to keep these apps after having assessed that they are not malicious and do not pose a malware risk, you may turn off ‘Accessibility’ for these apps before continuing to use the OCBC Business app securely. You can do so via the Settings menu on your device. For example, on Samsung mobile devices with the latest One UI user interface, you can navigate to Settings > Accessibility > Installed Apps*.

    Turning off 'Accessibility' will cut off scammers’ remote access to, or keylogging of, your phone and any access to your bank account(s). However, we do not recommend this option because of the residual risk – cybercriminals may still exploit ‘Accessibility’ services to compromise your devices. The preferred and safer option is to uninstall apps not downloaded from official app stores to completely remove the risk of malware from such apps.

    *The steps to turn off an app’s ‘Accessibility’ may differ by phone model. Please refer to question 7 or check with your device manufacturer.


    When ongoing screen-sharing is detected

    If you try to access the OCBC Business app on a device which screen is being shared, a message – warning you that one or more security risks have been detected – will pop up on the screen. You may proceed to use the OCBC Business app once screen-sharing has stopped.

    If you are not sharing your screen, we recommend that you take one of these precautionary measures to protect your account(s):

    • Access the OCBC Velocity login page via a computer and click on ‘Block my access temporarily’; or
    • Call us at +65 6538 1111 immediately.

    You may refer to our article on malware for more information on protecting yourself.


    FAQs

    1. When I open the OCBC Business app, I see a pop-up message informing me that one or more apps on my device may contain malware. Why?

    As part of our efforts to safeguard our customers against malware attacks, and combat fraud and scams, we have introduced an essential security feature to the OCBC Business app.

    The OCBC Business app will now work more securely on devices whose mobile apps were all downloaded from official app stores. Malware attacks may emerge from apps that are downloaded from websites and other sources (i.e. not official app stores), potentially giving cybercriminals control of your devices.

    When one or more potentially malicious apps are detected

    The pop-up message is meant to inform you that that access to the OCBC Business app will be restricted until you uninstall all apps that were not downloaded from official app stores (this is the preferred option) or turn off ‘Accessibility’ for these apps.

    Here is what the pop-up message looks like:


    When screen-sharing is detected
    The pop-up message is meant to inform you that access to the OCBC Business app will be restricted until screen-sharing has stopped.




    2. Do I have to install the OCBC Business app again when I see one of the pop-up messages?
    You do not have to delete and download, or do anything to the OCBC Business app. Instead, here is what you should do to continue using the app:

    if the pop-up message informs you that one or more apps on your device are from an unofficial app store:

    • Uninstall the apps shown in the message (this is the preferred option) or turn off ‘Accessibility’ for those apps.

    If the pop-up message informs you that your screen is being shared:

    • Ensure that screen-sharing has stopped.

     

    3. Will OCBC know what other apps I have on my device through this security feature?

    We take privacy seriously. We do not monitor customers’ phone activity or conduct surveillance on customers’ phones. The new security feature does not collect or store any personal data; neither will it identify the owner of the device. We do not collect or store information on how our customers use apps installed on their mobile device.

    Instead, an additional security check is simply performed directly at the device level. This means that no information or data will be transmitted back to us. The information collected at the device level is only used to identify if certain security parameters are not met. These parameters include apps residing on a device which were not downloaded from an official app store, and which have ‘Accessibility’ turned on. Apps with ‘Accessibility’ turned on can render your device more vulnerable to exploitation by hackers, scammers and other bad faith actors using malware.

    We apologise for the inconvenience caused and seek your understanding that the security feature was implemented to protect our customers from malware or suspected malicious apps. Please refer to our article on malware for more information on how you can protect yourself.

    4. I want to continue using my OCBC Business app alongside these apps. Is it possible for this control to be removed?

    This security feature was implemented with the intent of protecting our customers from malware and suspected malicious apps. If you wish to continue using your OCBC Business app alongside apps that are downloaded from websites and other sources (i.e. not official app stores), you may turn off ‘Accessibility’ and screen-sharing (if applicable) for such apps.

    Please refer to our article on malware for more information on how you can protect yourself.

    5. I want to continue using my OCBC Business app. What can I do?

    To continue using your OCBC app securely, we recommend that you follow these steps:

      1. Depending on the message that pops up on your screen when you launch your OCBC Business app, uninstall the app(s) shown in the message or ensure that screen-sharing has stopped.
      2. Log in to the OCBC app to ensure that it works.
      3. Once you confirm that the OCBC app works, you can try to download the app(s) you deleted from an official app store (e.g. Google Play Store, Samsung Galaxy Store, Huawei Store).

    Alternatively, you can turn off ‘Accessibility’ for the app(s) via the Settings menu on your device. For example, on Samsung mobile devices with the latest One UI user interface, navigate to Settings > Accessibility > Installed apps*.

    *The steps to turn off an app’s ‘Accessibility’ may differ by phone model. Please refer to question 7 or check with your device manufacturer.

    6. What are 'Accessibility' services and how do criminals exploit them?
    Accessibility services, like text-to-speech and speech recognition, are designed to make technology easier to use. For these services to work, advanced Android system permissions have to be granted to the app requesting them, such as allowing the app to read the text on the device’s screen or record text typed using the device’s keyboard. The latter, for instance, could be used to record your online banking login details.


    7. How do I change the Accessibility settings for the third-party apps that I have downloaded?

    The path to changing Accessibility settings may differ by device manufacturer and operating system.

    Here are the possible paths for some popular phone models. If you continue to face difficulties with changing the Accessibility settings, please check with your device manufacturer.

    Samsung Galaxy A53 5G / Flip 4 / Fold4 / A73 5G / S21 Ultra / A23 5G: Settings > Accessibility > Installed Apps

    Samsung Galaxy S21 5G / Galaxy S10: Settings > Accessibility > Installed Services

    Oppo A78 5G / Reno8 5G: Settings > Additional Settings > Accessibility

    Oppo Find X2 Pro / A17: Settings > System Settings > Accessibility

    Huawei P50 Pro: Settings > Accessibility features > Accessibility > Installed Services

    Huawei Nova 3i / Nova 5T: Settings > Smart Assistance > Accessibility

    Huawei Mate30 & Huawei Y9a: Settings > Accessibility features > Accessibility (Scroll down to Downloaded Services)

    Google Pixel 5 / Pixel 3 XL: Settings > Accessibility

    Redmi Note 10 5G: Settings > Additional Settings > Accessibility > Downloaded Apps

    Poco X5 5G: Settings > Additional Settings > Accessibility > Downloaded Apps


    8. Why are some well-known apps being flagged by the OCBC Business app?

    This security feature flags apps that have been downloaded from sources other than official app stores. You may have downloaded them from websites or other sources. If you need to continue using these apps, we advise you to first uninstall them. After taking the steps listed in question 5, you can then download and install the most up-to-date version of the app(s) from an official app store (this is the preferred option).

    Alternatively, if you prefer to keep these apps after having assessed that they are not malicious and do not pose a malware risk, you will be given the option to continue using the OCBC Business app after turning off ‘Accessibility’ for these apps – via the Settings menu on your device (e.g. on Samsung mobile devices with the latest One UI user interface, you can navigate to Settings > Accessibility > Installed Apps). This step will help to prevent your device – and OCBC account(s) – from being controlled by cybercriminals looking to exploit potential vulnerabilities in these apps (because ‘Accessibility’ is turned on).

    We apologise for the inconvenience caused. The security feature was implemented to protect our customers from malware or suspected malicious apps. Should you require further assistance, please provide more information to us via our enquiry form.

    9. Where can I read more about how malware may infect my mobile device?
    You may refer to the joint advisory issued by the Singapore Police Force and Cyber Security Agency on how malware may infect your mobile device through the downloading of apps that are not found on official app stores.


    10. What are the official app stores?

    The list includes:

    • Google Play Store
    • Samsung Galaxy Store
    • Huawei AppGallery
    • Xiaomi MI App Store
    • Amazon appstore
    • Vivo V-Appstore
    • Oppo App Market
  • Sounds too good to be true? It could be a scam
    23 October 2023

    Came across an advertisement that offered an unbelievably good deal? Did a job offer – promising lucrative commissions – suddenly fall into your lap? If something sounds too good to be true, it likely is.

    Learn to identify the tricks used by scammers. Join us and the National Crime Prevention Council (NCPC) to ACT Against Scams by remembering three simple steps: Add, Check, Tell.


    COMMON THREATS

    Here are two types of scams that aim to expose your vulnerabilities: 


    Investment scams

    How scammers may approach you:

    Individuals claiming to represent stockbrokers, banks or financial companies may approach you with unsolicited investment opportunities. They may promise quick money and/or extraordinary returns at little to no risk. Such scammers often offer time-limited deals and gifts, or rebates, to pressure you into acting quickly. They may – in attempts to persuade you to invest in their bogus opportunities – repeatedly send you messages via social media or messaging apps.

    Watch out for these tactics:

    • If you express interest in the investment, the scammer will ask you to give them your business and personal information/bank account details, and/or install an "investment" app. They will claim that you need to do so to open an investment account.
    • You may be asked to visit professional-looking websites – complete with fake client testimonials and case studies used to support the scammer’s false claims.
    • The scammer may ask you to send money to a non-business account, supposedly to pay an ‘initial fee’ and for the investment. Later, when you try to withdraw your returns or initial investment amount, you may realise that the scammer has disappeared with your money.

    Job scams

    How scammers may approach you:

    Scammers may approach you with unsolicited offers that promise low-effort, high-paying jobs; or ‘guaranteed’ ways of generating fast income. If you do express interest, they will try to get you to hand over your money, business and personal information and/or bank account details, which they then use to commit fraud and theft.

    Watch out for these tactics:

    • You receive, via messaging apps, unsolicited messages offering part-time job opportunities from seemingly legitimate companies or recruiters. These messages are typically poorly written or sent from an unknown or unverifiable number.
    • You are added to a group chat where multiple people – possibly the scammer(s) using multiple accounts – share fake testimonials to drum up interest in the job opportunity.
    • You are directed to a website/app and asked to enter your personal information/banking details to access a job opportunity. Any details you enter may be stolen to commit fraud.
    • Scammers may offer you a commission for performing simple tasks – reviewing restaurants or completing simple surveys, for example – through messaging platforms like WhatsApp or Telegram. To gain your trust, they may initially pay you a small commission for each task you do. However, they will eventually ask you send them increasingly large sums of money to continue accessing the tasks. They will then vanish with the cash.

    Learn more about job scams.


    ‘CHECK’ WITH OCBC AND NCPC

    Adopt these security measures to safeguard your online experience:

    Only download apps from official stores like the App Store (for iOS) or Google Play Store (for Android) and review the permissions that are requested. Make sure they are genuinely necessary.

    Keep your devices with Internet access secure and up to date by enabling automatic updates and installing anti-virus software.

    Always check that the websites you browse are official ones. Do not let your web browser or devices store your login credentials.

    Conduct your investment dealings exclusively with companies licensed by the Monetary Authority of Singapore (MAS). Always do a thorough check on companies and their representatives using resources such as the Financial Institutions Directory, Register of Representatives or Investor Alert List (available on the MAS website). If a company is based outside of Singapore, check if it is licensed with the relevant overseas authority.

    Enable biometric authentication for your devices and apps (where available) and two-factor authentication (2FA) for any online accounts you have.

    Do not transfer money to or agree to receive money from people you do not know. Be responsible for all transactions made under your account(s) and do not let third parties use your account(s) to make transactions.

    STAY ALERT

    Quickly detect and respond to fraudulent activities. To get timely notifications related to your account(s) and banking activities, ensure your mobile number and email address in our records are up to date.

    ALWAYS REMEMBER TO ‘ACT’

    Organised by the NCPC, the ACT Against Scams campaign aims to educate the public on how to prevent, spot and stop scams.

    ADD
    Instal security tools like antivirus software to be better protected online.

    CHECK
    Look out for potential scam signs by verifying information with trusted sources.

    TELL
    If you encounter any scams, inform the authorities and let others know promptly.

    Learn more about ACT on the NCPC website.

    If you believe you have fallen prey to a scam, please visit any OCBC branch. Alternatively, call our Business Banking hotline: OCBC website > Contact us. Alternatively, use our Enquiry Assistant at the OCBC website > Banking for businesses > Business Banking > Contact us.This message contains links to third-party websites.

    By accessing any such websites, you agree to our terms of use.

  • Be alert to scams that use fear tactics

    11 July 2023

    Is someone telling you that, to avoid serious consequences, you must reveal your banking details or sensitive information? Creating a sense of fear and urgency like this is a common tactic used by scammers to make it harder for their targets to think critically and take precautions.

    Be wary – even if the caller claims to be from a government agency or a reputable business.

    Learn how to spot such fear tactics. Join us and the National Crime Prevention Council (NCPC) to ACT Against Scams by remembering three simple steps: Add, Check, Tell.


    COMMON THREATS

    In our previous security advisory, we learnt how to ACT against the dangers of malware, phishing and impersonation scams. Now, let us learn about:


    Government official impersonation scams


    How scammers may approach you:

    Scammers might contact you claiming to be government officers investigating an alleged offence you have committed in Singapore or overseas. To gain your trust, they may even use a real officer’s name. Their aim in leveraging the authority and reputation of the officer is to stop you from questioning their demands.

    Watch out for these tactics:

    • Using the threat of legal action or arrest, they will try to manipulate you into revealing personal details. They may claim that they need such details before they can tell you more about the (fake) investigation that they are conducting.
    • They may also ask you to visit websites that would, under the guise of ‘verifying your identity’, prompt you to scan a Singpass QR code or enter your online banking details. Your details would then be stolen and used for fraudulent activities.

      Learn more about Impersonation Scams.


    Tech support scams

    How scammers may approach you:

    Impersonating employees from legitimate companies, scammers may call you – or scare you into calling them with website pop-ups made to look like warnings from your device or anti-virus software.

    They often claim that there is a software, online account or Wi-Fi issue that requires your immediate attention. Their goal? To create anxiety so that you will act hastily without confirming the legitimacy of their claims.

    Watch out for these tactics:

    • They may threaten to suspend your account unless you provide them with sensitive information or make an immediate payment to ‘fix’ the issue.
    • They may ask you to share personal and banking details via a spoofed website/email address made to look like it belongs to a legitimate company or government agency.
    • Others may claim that your device or Wi-Fi network has been hacked and/or fraudulent transactions were made in your name. Under the guise of diagnosing the issue, they may ask you to download a remote access application (which would give them access to your device) and have you log in to your online banking account or share sensitive information (e.g. card details or One-Time Passwords).

    Learn more about other common threats.


    ‘ADD’ WITH OCBC AND NCPC

    Adopt these security measures to safeguard your online experience:

    Be very wary of messages containing links or attachments that prompt downloads. Only download apps from the App Store (for iOS) or Google Play Store (for Android).

    Download the ScamShield app by NCPC. ScamShield can block scam calls and detect scam SMSes.

    Instal anti-virus software and malware removal tools on your phone, computer and other devices with Internet access; and enable automatic updates. Look for software with features that help identify and block fraudulent pop-up ads. When installing apps, review the permissions that are requested to ensure they are necessary.

    Enable biometric authentication for your devices and apps (where available) and two-factor authentication (2FA) for any online accounts you have.

    Enable OCBC OneToken so you can log in to your online banking account and authorise transactions securely.

    Opt for e-Statements to closely keep track of all your transactions via OCBC Velocity or the OCBC Business App.

     

    STAY ALERT

    Quickly detect and respond to fraudulent activities. To get timely notifications related to your account(s) and banking activities, ensure your mobile number and email address in our records are up to date.


    ALWAYS REMEMBER TO ‘ACT’

    Organised by the NCPC, the ACT Against Scams campaign aims to educate the public on how to prevent, spot and stop scams.

    ADD
    Instal security tools like antivirus software to be better protected online.

    CHECK
    Look out for potential scam signs by verifying information with trusted sources.

    TELL
    If you encounter any scams, inform the authorities and let others know promptly.

    Learn more about ACT on the NCPC website.

    If you believe you have fallen prey to such scams or that your OCBC account details/funds may be, or may have been, compromised, please call us at +65 6538 1111

    You may also stop your ID from being used to access your account:

    • Via OCBC Velocity: Go to the OCBC Velocity login page > Click ‘Block my access temporarily’.
    • Via the OCBC Business app: Open the app > More > Block Access > Enter your Org ID, User ID and Password > Block Access.
    As scams constantly evolve, please stay vigilant at all times.

    This message contains a URL that redirects to a third-party website. By accessing any such websites, you agree to our terms of use which you can find at OCBC website > Conditions of Access.

  • ACT against scams to keep your business safe
    15 May 2023

    Safeguard your business’ finances 

    Last year saw a spike in the number of scams reported in Singapore. Millions of dollars have been lost – young adults are especially affected by job and e-commerce scams while seniors increasingly fall victim to fake friend, investment and phishing scams.

    So how can you avoid falling prey to scams?

    Join us and the National Crime Prevention Council (NCPC) to ACT against scams.
    By remembering the three simple steps of ‘Add, Check, Tell’, you can protect yourself and your business.

    WHAT IS ACT?

    Organised by the NCPC, the ACT Against Scams campaign aims to educate the public on how to prevent, spot and stop scams.

    Add
    Install security tools (e.g. antivirus software) on your devices and adopt security features (e.g. biometric authentication) that protect you online

    Check
    Be vigilant and on the lookout for signs of scams. Always check with trusted sources to verify if the information you receive or are asked to share is true

    Tell
    If you encounter a scam, inform the authorities, your bank and your staff/colleagues at once



    Learn more about ACT on the NCPC website.
    Read about how we can all “ACT Against Scams” in the Scaminar 2023 keynote address delivered by Ms Sun Xueling the Ministry of Home Affairs.

    COMMON THREATS

    Be better prepared to ACT by learning more about the following threats:

    Phishing scams

    Scammers may pretend to be from a legitimate organisation and approach you via email or SMS, or on social media. They often offer fake benefits or rewards, or use fear tactics (e.g. demanding immediate action to resolve a fictitious urgent issue), to trick you into disclosing confidential information (e.g. NRIC number, card details, or online banking or Singpass credentials).

    Malware

    Cybercriminals may use malware, a type of malicious software, to infect your devices. They may then steal confidential data, take control over the compromised device and data remotely, and spy on your online activities.

    Impersonation scams

    Impersonators may contact you, claiming to be a member of a legitimate business, bank or the government. They may use fear tactics to get you to reveal personal details, which they will then use to commit fraud.


    Learn about the above and other common threats.

    ‘ADD’ WITH OCBC

    Use the following security measures by OCBC to safeguard your banking experience.

    Enable e-alerts to get timely notifications related to your account(s) and banking activities.

    Opt for e-Statements to closely keep track of all your transactions via OCBC Velocity or the OCBC Business app.


    For an extra layer of protection, download the ScamShield app by the NCPC to block scam calls and detect scam SMSes.

    Find out how to make use of these features and the other solutions OCBC has designed to safeguard your banking experience: go.ocbc.com/security


    This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use

  • Security advisory: Protect yourself against malware

    17 Feb 2023

    Look out – especially if you have an Android device.

    New variants of Android malware (‘malicious software’) allow scammers to control your device remotely or steal sensitive information like login credentials or card details. This means that scammers can log in to your account and make fraudulent transactions or transfers without your knowledge.

    Android malware may be found in apps available in the Google Play Store. They could also be disguised as ‘helpful apps’ in Android Package Kit (APK) files that you may be tricked into downloading. By downloading them or giving access to certain functions, you may unwittingly allow scammers to take control of your device.

    Here is how you can protect yourself against malware:

    • Only download apps from the App Store (for iOS) or Google Play Store (for Android).

    • Do not download apps (e.g. email attachments, pop-up advertisements or links coming from unsolicited emails, messages or social media posts) without verifying the authenticity and source.

    • When installing apps, review the permissions that are requested. Make sure they are genuinely necessary. Asked to download additional apps? Be very wary.

    • Instal anti-virus software and malware removal tools on phones, computers and devices with Internet access.

    • Always get the latest versions of your devices’ operating systems and applications – the latest security patches will address security vulnerabilities. Enable automatic updates so your devices are protected.

    • Check transaction details carefully and read the notifications we send you. Notify us immediately if you receive alerts for transactions you did not make.

    If you believe you have fallen prey to a scam, please call us at +65 6538 1111

    You may also stop your ID from being used to access your account:

    • Via OCBC Velocity: Go to the OCBC Velocity login page > Click ‘Block my access temporarily’.

    • Via the OCBC Business app: Open the app > More > Block Access > Enter your Org ID, User ID and Password > Block Access.

    As scams constantly evolve, please stay vigilant at all times.

  • Scam alert: Fake OCBC Velocity websites

    18 March 2022

    Scammers may use fraudulent links that direct you to fake websites resembling OCBC Velocity’s login page in order to steal login credentials.



    These fake websites will prompt you to enter login credentials such as your Organisation ID, User ID, Password or One Time Password (OTP). The scammers can then make fraudulent transfers using your account(s). To prevent such unauthorised activity, never key in such details into unverified websites.

    We urge you to stay vigilant and take necessary precautions.

    How to protect yourself:

    • Verify the authenticity of the website you are accessing
    • Always type the official OCBC Velocity login URL (https://velocity.ocbc.com) directly into the address bar
    • Do not divulge your login credentials to anyone or any organisation, or enter such confidential information into unverified webpages
    • Do not click on any links provided in suspicious SMSes
    • Be cautious of scanning unknown QR codes when making payments or transactions in unsecure or unfamiliar environments


    Please call us immediately at +65 6538 1111 if you:

    • Receive SMS transaction alerts or email notifications for transactions or activities you did not initiate or perform
    • Lose your security device or security details – or suspect these have been compromised in any way.
  • I have received a call from OCBC. How can I verify that the caller is from OCBC and contacting me for legitimate purposes?

    Verify the person’s identity and ask about the purpose of the call. You may want to take down the number and request the full name and department of the person calling. The caller’s email should also be “xxx@ocbc.com”. If in doubt, call us at +65 6538 1111 for further assistance.

    Be vigilant and protect yourself from scams. Beware of such calls or messages from persons impersonating as employees from OCBC.

    Do adopt the following measures to prevent your bank account from being compromised:

    • NEVER disclose your online banking login details such as your Organisation ID, User ID, PIN, or OTPs to anyone. OCBC Bank employees will never request your PIN and/or OTP. Banks will not transfer calls to any party outside the bank, such as the Police or government officials.
    • DO NOT respond to or authorise any authentication requests (through your OneToken or hardware token) if you did not initiate any online banking transaction.
    • If you receive a suspicious message or call purporting to be from OCBC Bank, do not call the number provided in the SMS or by the caller. Instead, call us back at +65 6538 1111 to verify the authenticity of the request.
  • How can I ensure that my OCBC Velocity User ID is not compromised?
    • DO NOT click on any links provided in suspicious emails or SMSes.
    • NEVER divulge banking credentials or one-time passwords to anyone or any organisation, or key such confidential information into unverified webpages.
    • If you have an employee leaving the organisation, make sure you submit the request to us to remove the user from OCBC Velocity. While waiting for the request to be processed, you may also take these precautions:
      1. Block his/her access via the “Block my access temporarily” hyperlink on the OCBC Velocity login page. You will need to enter his/her OCBC Velocity login credentials.
      2. Delete the OCBC Business app from their devices
    • Look out for notifications from OCBC either via SMS or email notifying you of major changes or transactions. Notify the bank immediately at +65 6538 1111 if these are not valid actions initiated by you.
  • How can I minimise my risk from phishing scams as an OCBC Velocity User?
    • DO NOT click on any links provided in suspicious emails or SMSes.
    • NEVER divulge banking credentials or one-time passwords to anyone or any organisation, or key such confidential information into unverified webpages.
    • Look out for notifications from OCBC either via SMS or email notifying you of major changes or transactions. Notify the bank immediately at +65 6538 1111 if these are not valid actions initiated by you.
  • I have received an SMS which contains an OCBC hotline number. How do I know if this is legitimate?

    Beware of SMS scams which may direct you to call a fake hotline.

    DO NOT call any numbers within SMSes or click on any links in SMSes.

    When in doubt, call us at our official OCBC Business Banking hotline number at +65 6538 1111.

  • What should I do if I receive an email or SMS notification from OCBC informing me that my OneToken has been activated when I have not applied for a new one?

    This could be a situation where your OCBC Velocity ID/Password has been compromised.

    We recommend that you block your own ID access via the following methods:

    • Click on the “Block my access temporarily” hyperlink on the OCBC Velocity login page, and submit a request to delete and re-apply for a new user ID.
    • Open your OCBC Business app and tap on “More”, followed by “Block Access”. Then, key in your Org ID, User ID, and Password before tapping on “Block Access”.

    Alternatively, you may call us at +65 6538 1111 for further assistance.

  • If the SMS is not legitimate, why did it appear under the OCBC SMS thread?

    Scammers are using technology to spoof the SMS sender name as “OCBC”. When the spoofed SMS is received on the user’s mobile phone, the spoofed SMS with the name “OCBC” will appear in the same SMS conversation thread with OCBC.

    These messages usually come with a phishing URL link to obtain your details on a lookalike OCBC login page. It is therefore important to stay vigilant against phishing scams.

    Do not click on such phishing SMS links. The links will lead you to a fake website controlled by the scammers. You should always type URLs directly into the address bar of the browser or log in via the official OCBC Business app. Never key in your login credentials through the phishing URL links in the SMSes.

  • How does the scammer know that I have an account with OCBC? Has the bank’s system been compromised?

    Scammers are sending mass phishing SMSes and emails, not knowing if the recipients are OCBC customers or not. Should you click on the link and provide your login credentials, they will then know that you have an account with OCBC. It is therefore important to stay vigilant against such phishing scams. Do not click on any phishing SMS links.

    We wish to assure you that our banking systems remain secure and have not been compromised.

  • Did the OCBC system get hacked? Are you sure that your system has not been hacked?

    We wish to assure you that our banking systems remain secure and have not been compromised.

  • With so many SMSes sent by scammers, how can I differentiate them from legitimate SMSes by OCBC?

    We will not send you any message asking you to click on any links to verify or validate certain transaction information. When in doubt, please call us at +65 6538 1111.

    We wish to assure you that our banking systems remain secure and have not been compromised.

  • What should I do if I suspect my OCBC Velocity User login credentials have been compromised?

    You can log in to OCBC Velocity and change your password immediately.

    You may also block your own ID access via the following methods:

    • Click on the “Block my access temporarily” hyperlink on the OCBC Velocity login page, and submit a request to delete and re-apply for a new user ID.
    • Open your OCBC Business app and tap on “More”, followed by “Block Access”. Then, key in your Org ID, User ID, and Password before tapping on “Block Access”.

    Alternatively, call us at +65 6538 1111 for further assistance.

    To reactivate your account, please submit a request form. Simply visit the OCBC Business Banking website and click on Help & Support (top of webpage) > Banking forms > Apply & Manage OCBC Velocity.

  • What should I do if I lose my mobile phone?

    You can activate OneToken on another mobile device, and this will automatically deactivate OneToken on your previous device. Simply download the OCBC Business app on your new device. Then log in with your OCBC Velocity credentials and follow the steps shown in the “Lost/Changed Phone” hyperlink.

    You may also block your own ID access via the following methods:

    • Click on the “Block my access temporarily” hyperlink on the OCBC Velocity login page, and submit a request to delete and re-apply for a new user ID.
    • Open your OCBC Business app and tap on “More”, followed by “Block Access”. Then, key in your Org ID, User ID, and Password before tapping on “Block Access”.

    Alternatively, call us at +65 6538 1111 for further assistance.

    To reactivate your account, please submit a request form. Simply visit the OCBC Business Banking website and click on Help & Support (top of webpage) > Banking forms > Apply & Manage OCBC Velocity.

  • My customer did not log in to OCBC Velocity but received a push notification from our app on 2FA login. What precautions can we advise the customer to take?

    This could be a situation where your OCBC Velocity ID/Password might be compromised.

    We recommend that you log in to OCBC Velocity and change your password immediately, as well as call us at +65 6538 1111 to report the suspicious login. We will investigate the case for any abnormality.

    You may also block your own ID access via the following methods:

    • Click on the “Block my access temporarily” hyperlink on the OCBC Velocity login page, and submit a request to delete and re-apply for a new user ID.
    • Open your OCBC Business app and tap on “More”, followed by “Block Access”. Then, key in your Org ID, User ID, and Password before tapping on “Block Access”.
  • I would like to switch from OneToken to a hardware token. How do I do so?

    The standard process for the request of hardware token applies.

    While customers are given a choice to choose between OneToken or a hardware token, we encourage customers to apply for OneToken, given the following benefits:

    • The processing time taken to equip you with OneToken is shorter.
    • It is simpler and more convenient as OneToken is installed on your mobile phone.

    If you need further assistance, please call us at +65 6538 1111.

  • What should I do if I lose my hardware token?

    We recommend that you block your own access via the following methods:

    • Click on the “Block my access temporarily” hyperlink on the OCBC Velocity login page, and submit a request to delete and re-apply for a new user ID.
    • Open your OCBC Business app and tap on “More”, followed by “Block Access”. Then, key in your Org ID, User ID, and Password before tapping on “Block Access”.

    When applying for a new token, you may want to consider switching to OneToken, given the following benefits:

    • The processing time taken to equip you with OneToken is shorter.
    • It is simpler and more convenient as OneToken is installed on your mobile phone.

    To request a new token, please submit a request form. Simply visit the OCBC Business Banking website and click on Help & Support (top of webpage) > Banking forms > Apply & Manage OCBC Velocity.

    If you need further assistance, please call us at +65 6538 1111.

  • What should I do if I suspect that my mobile phone has been hacked?

    This could be a situation where your OCBC Velocity ID/Password might be compromised. We recommend that you block your own access via the following methods:

    • Click on the “Block my access temporarily” hyperlink on the OCBC Velocity login page, and submit a request to delete and re-apply for a new user ID.
    • Open your OCBC Business app and tap on “More”, followed by “Block Access”. Then, key in your Org ID, User ID, and Password before tapping on “Block Access”.

    Alternatively, you can call us at +65 6538 1111 for further assistance.

    To reactivate your account, please submit a request form. Simply visit the OCBC Business Banking website and click on Help & Support (top of webpage) > Banking forms > Apply & Manage OCBC Velocity. 

  • What measures have the Bank implemented to prevent scams and phishing attacks?

    The Bank is diligently monitoring and taking down phishing sites 24/7.

    To better safeguard your interests, we have rolled out the following measures:

    • Increase the soft token provision cooling period to 12 hours before the user can log in again.
    • Remove all links in SMSes.
  • What should I do if I discover a fraudulent transaction in my account?

    Please call us immediately at +65 6538 1111.

    We recommend that you also block your own ID access via the following methods:

    • Click on the “Block my access temporarily” hyperlink on the OCBC Velocity login page, and submit a request to delete and re-apply for a new user ID.
    • Open your OCBC Business app and tap on “More”, followed by “Block Access”. Then, key in your Org ID, User ID, and Password before tapping on “Block Access”.