OCBC’s anti-malware security feature prevented losses of over S$2 million within one month of launch
The security feature, available in versions 18.1 and above of the OCBC Digital app for Android, has prevented losses from more than 30 customers to date.
Singapore, 7 September 2023 – In the first month since its launch on 5 August 2023, OCBC’s anti-malware security feature has prevented scammers from making away with more than S$2 million in savings, from more than 30 customers’ OCBC bank accounts. The security feature was first rolled out in version 18.1 of the OCBC Digital app for Android, and since then, no losses from malware scams have been reported by OCBC customers using this version of the app and above.
Between 5 August and 5 September 2023, OCBC received reports from more than 30 customers about their Android mobile phones having been compromised by sideloaded apps – apps from sources outside of official app stores – that contained malware. Scammers used the malware to take full control of these customers’ phones. Nonetheless, there were no losses from the customers’ OCBC bank accounts as the anti-malware security feature in the OCBC Digital app had blocked access upon detection of these malicious apps on the phone. This effectively prevented the scammers who had taken control of customers’ mobile phones from making fund transfers through the OCBC Digital app.
The anti-malware security feature also prevents scammers from logging into OCBC internet banking via web browser to access customers’ bank accounts. A physical hard token, or digital token that is within the OCBC Digital app, is required to log into OCBC internet banking. The blocking of the OCBC Digital app by the anti-malware security feature therefore prevents the scammers from using the digital token.
While there was already more than S$2 million in these customers’ savings accounts, the amount that might have been lost to scammers could have been much higher as scammers have previously redeemed fixed deposits and unit trusts early or drawn down cash advances under customers’ credit cards.
Mr Beaver Chua, Head of Anti-Fraud, Group Financial Crime Compliance, OCBC, said, “Malware scams targeting Android mobile phone users have increased significantly in the past few months, with social engineering by scammers having become increasingly sophisticated. Sideloaded apps are the main conduits used by such scammers. Once customers’ mobile phones have been infected by malware, scammers can remotely access their mobile phones, and make fraudulent transfers from their bank accounts via banking apps. There was therefore an urgent need for a much stronger defence. We are heartened that since 5 August, none of our customers using version 18.1 of the OCBC Digital app and above have reported losses arising from malware scams.”
“We will continue to monitor the landscape and put in necessary safeguards for our customers, while simultaneously educating them so that they can take their own precautions.”
In response to the launch of the OCBC anti-malware security feature on 5 August, the Association of Banks Singapore stated that banks are working closely with government and law enforcement authorities to fight malware scams, and to detect behaviours consistent with known malware activities. Hence, stronger security features are being rolled out. This is in line with the 8 August 2023 statement by the Monetary Authority of Singapore that strongly supported measures by banks to address the risks associated with malware-related scams.
How the anti-malware security feature blocks scammers from accessing OCBC bank accounts
The anti-malware security feature will block access to OCBC bank accounts if the mobile phone has other apps on it that:
Malicious apps with malware meet these two conditions above. When a scammer controls the victim’s phone and tries to use the OCBC Digital app, the anti-malware security feature will pop up (as shown below) – highlighting the name(s) of the malicious app(s). Access to the OCBC Digital app will be blocked. The anti-malware security feature does not conduct surveillance or monitor activities on customers’ mobile phone.
For more information, watch the video below or refer to our FAQs.