Online Banking security practices


Learn more about Phishing, Malware and Online Banking Security

What is a phishing scam? How does it affect my online banking?

Phishing is a form of social engineering that may lead to identity theft. Phishing attacks typically use emails or malicious websites to solicit personal information by posing as legitimate companies or trustworthy organisations.

Phony websites, suspicious emails, or mobile messages (e.g. from SMS, WhatsApp), purporting to be from OCBC Bank, may contain malware, URLs, shortened URLs, or fraudulent requests for sensitive information or action to enter OTP into online banking system.

Phishing emails may contain malicious attachments that have malware embedded. The attachments may purport to be invoices, business accounting documents, user account information or other seemingly work-related attachments. When the attachments are opened, the malware infects your computers or devices to steal personal information, as well as login credentials.

What is a malware? How does it affect my online banking?

Malware targets customers' computers/mobile devices to steal their login credentials. For example: your online banking Access Code, PIN and One-Time Password (OTP), credit/debit card details or other personal information.

Typically, these malware are embedded as attachments or hyperlinks in emails or mobile messages (e.g. from SMS, WhatsApp) received by customers. Once the customer clicks on the attachment/hyperlink or download/update the mobile apps or software, the malware installs itself onto the computer/mobile device.

This may enable the malware to steal the customer's online banking login credentials, credit/debit card details or personal information.
SMS OTP may be intercepted through compromised or infected mobile devices and used for fradulent banking transactions.

The malware also works by redirecting customers to a fake webpage or pop up window that looks similar to the Bank's Online/Mobile banking website. It may request for your login information, including the PIN, One-Time-Password (OTP) which may or may not be masked. It then tries to access your account to create fraudulent transaction for your approval.

In recent instances, it was noted that the malware is even capable of blocking your calls to the Bank’s Contact Centre when you try to report on unauthorised transactions. This gives the fraudster more time to steal from your account.

How do I know if my computer/mobile device is compromised by malware?

Watch out for these warning signs, for examples:

  • If your mobile phone remains locked with screen showing "System update in progress. Please wait." This screen keeps appearing within seconds after your mobile phone is switched on or even after doing a force restart of your phone.
  • The URL showing on the login page is different from the official OCBC Online Banking website which is
  • OCBC Online Banking login screen looks different. The legitimate OCBC login is done in two separate screens - First Screen: Enter Access Code & PIN, Second Screen: Enter One-Time-Password (OTP).
  • Prompted repeatedly for PIN or OTP even though you have entered the login credentials correctly.
  • A delayed pop-up screen that says the system is not available and repeatedly ask you to enter OTP or use your hardware token to generate an OTP.
  • Prompted to authorise transactions which you have not initiated using OTP generated through your hardware token. For example: While trying to login, you are prompted to enter a 6-digit number shown on your computer screen into your hardware token. Then you are asked to press the "Sign" button on the token and key in the OTP generated from the hardware token into the computer screen.
  • Your PIN is visible when you type in the PIN field – it should be masked
  • You receive SMS messages on OTP or transactions which you did not initiate
  • A redirection to a third-party website, which may feature a hotline number or an unsolicited request.
  • You receive a call purportedly from a staff in OCBC asking you to verbally reveal your Online Banking access code, PIN, OTP or hardware token details (Note: OCBC Bank will never ask a customer to reveal his PIN or OTP).

What should I do if I think my mobile device/phone/computer has been compromised?

  • Switch off your mobile phone immediately by removing the battery (if applicable) or do a force shutdown.
  • Remove your SIM card from your infected mobile phone and use it on a spare or a different mobile phone.
  • Do not use the infected mobile phone to perform mobile banking.
  • Take a screenshot or picture of the suspicious screen.
  • Cancel any suspicious-looking transaction, log out the Online Banking session, close the browser.
  • Do not enter your Online Banking access code, PIN or One-Time-Password (OTP) and do not attempt to login again.
  • Use another (non-infected) phone to inform OCBC Bank immediately by calling us at 1800 363 3333.
  • Inform OCBC Bank immediately by calling us at 1800 363 3333.

What can I do to keep my mobile device/computer and my online banking safe from malware?

  • Do not click on hyperlinks provided in mobile messages (e.g. from SMS, WhatsApp), email attachments or hyperlinks from suspicious sources.
  • Do not act on any instructions provided in mobile messages (e.g. from SMS, WhatsApp) or emails from suspicious sources which require you to provide Online Banking login credentials or credit/debit card details.
  • Do not install mobile apps from unknown sources (other than Google Play store or Apple App store).
  • Do not access online banking using jail-broken or “rooted” mobile devices.
  • Be wary when you are asked to grant permissions to a mobile app. Do not add unnecessary or excessive permissions to a mobile app as it may collect sensitive/personal information or access device functionality that it does not require e.g. overtake the SMS relay to intercept SMS messages.
  • Be wary when you see suspicious overlay screens launched over the OCBC Mobile Banking application or OCBC Bank’s website as these may be used to lure you into giving away your banking credentials, credit card numbers, etc.
  • Install and maintain the latest anti-virus software on your mobile devices/computer.
  • Do not key in your Online Banking Access Code, PIN, One-Time-Password (OTP), credit/debit card details or mobile number into suspicious websites or mobile apps.
  • Update us immediately when you change your mobile number for receiving One-time Password (OTP) via SMS.
  • Update us immediately when there is a change in your contact details such as mobile number and e-mail address, for the purposes of receiving SMS alerts or e-mail notifications for online banking transactions and activities.
  • Make sure the OCBC Online Banking login page is
  • Look for the SSL encrypted connection, indicated as https:// or a padlock, as well as to check OCBC Bank's name in its digital certificate.
  • Do not reveal your Online Banking Access Code, PIN, One-Time-Password (OTP) or hardware token details to anyone.
  • Follow the important security practices at Safeguarding Your Online Banking Access.
  • If you receive any suspicious emails, messages or websites purporting to be from OCBC Bank, do not proceed further. Please call us at 1800 363 3333 to validate the authenticity of the email, message or website.
  • If you notice any unusual online banking activities, please log off immediately and call us at 1800 363 3333 at any time or by contacting one of our branches during its opening hours.

Is OCBC Online Banking service secure?

Yes, we would like to assure you that OCBC Online Banking service is secure. All of our banking systems are integrated with the most advanced security technologies available today.

We advise you to stay vigilant and take the necessary precautions. You play a part to protect yourself from online fraud by adopting the recommended security practices.

Your usage of OCBC Online Banking Service is subject at all times to the Electronic Banking Terms & Conditions and the Terms & Conditions Governing Deposit Accounts.

The above is for general information only and provided solely as a convenience to you. No representation or warranty (whether on adequacy or usefulness or otherwise) is given by OCBC. You confirm that you are responsible for the security of your computer and mobile devices and OCBC assumes no responsibility to you in relation thereto. We refer you to our online banking safe security practices at Safeguarding Your Online Banking Access. Your usage of our OCBC Online Banking Service is subject at all times to the Electronic Banking Terms & Conditions and the Terms & Conditions Governing Deposit Accounts.