Security Advisory

Beware of online offers that may lead you to fall victim to online scams

As consumers, we are constantly on the lookout for attractive discounts when we attempt to make purchases through various online websites. If you happen to come across something that is being sold for a price that seems “too good to be true”, it probably is.

Very often, the victims of online purchase scams are drawn by deals that appear too good to be true for items such as gadgets and luxury goods. These “retailers” will urge their customers to transfer the money to an account, with a promise to deliver the item afterward. In some instances, they may also request for additional deposits or payments disguised as “duties” or delivery charges. Ultimately, the buyer does not receive the item.

WHAT TO LOOK OUT FOR:

  • Be wary of people selling items at prices that appear too good to be true.
  • Make sure the seller is physically located where they claim to be. Always establish a physical address and telephone contact details.
  • Be wary of sellers who are not upfront and transparent about their business or terms and conditions.
  • If an online retailer is unfamiliar to you, be sure to check if the business is legitimate and has a positive track record from past customers.

HOW TO PROTECT YOURSELF:

  • Understand how the online retailer safeguards your interest by reading their privacy and returns policy before making any purchases.
  • Never reveal more information than necessary for the purchase and do not provide your personal and banking account credentials / information to anyone or online.
  • Always request for cash on delivery where possible when responding to online advertisements.
  • For general online safety, we recommend that you always have an updated antivirus/antispyware and firewall running on your system / devices.
  • Before entering your account or card details on a website, ensure that the website is secured (see below):
  • There should be a padlock symbol just beside the address bar on your web browser, which will appear when you attempt to log in or register. Be sure that the padlock is not located on the website itself as this is likely to be a scam attempt.
  • The web address should begin with”https://” (‘s’ stands for ‘secure) instead of just “http://”.
  • Use secure payment systems such as Paypal to facilitate your online purchases instead of transferring funds directly to the retailer’s bank account.
  • Ensure that you log out of websites that you have made any payment transactions. Clear the web browser’s cache and Password auto fill settings, especially when you are using a public computer.
  • Always check your credit card and bank statements carefully after carrying out online purchases to ensure that you have been charged the correct amount.
  • If you notice any unusual/unauthorised transactions, such as receiving funds you did not expect, SMS transaction alerts or email notifications for transactions you did not initiate, please call us immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas).
To safeguard your banking accounts and personal information at all times, continue to be mindful of emails which may appear in the form of purchase or delivery confirmations.

Do not open suspicious emails regarding online transactions if you have not purchased anything online. Cyber-criminals often use various methods such as phishing emails and fake websites to attract and exploit online shoppers to gain access to their banking credentials, account details and personal information.

When in doubt, you may either make reference to the website from the National Crime Prevention Council https://scamalert.sg/types-of-scams/online-purchase-scam or call the Anti- Scam Helpline at 1800-722-6688.

Learn more about Phishing, Malware and Online Banking security.


Phishing Alert: Beware of emails offering additional security services
16 February 2017 (updated on 03 March 2017)
Threat: Phishing Alert
Severity: Medium


What it does

We have detected phishing emails which contain hyperlink(s) directing customers to phishing websites that resembles OCBC Bank’s login page. Please refer to the sample provided below.

The hyperlink in the email will redirect you to a phishing website which then prompts you to enter your login credentials such as your Personal Identification Number (PIN) or One Time Password (OTP). Upon which, fraudulent transfers may be effected from your account(s).

To avoid any unauthorised access to your bank account(s), please be mindful to never enter such information on to links to websites sent via emails. We advise you to stay vigilant and take the necessary precautions to protect yourself.



This is an example. Note: This is not sent by OCBC Bank.

How to protect yourself

  • Be mindful of websites and/or web links asking for your OCBC Online Banking login credentials such as PIN/OTP etc.
  • Never reveal or key in your personal or banking details such as ATM/Credit/Debit Card numbers, their PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
  • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
  • Call the bank immediately if you detect any suspicious alerts or transactions not performed by you.
  • Update us immediately when there is a change in your contact details such as mobile number or email address.


What you should do

If you notice any unusual/unauthorised transactions such as receiving funds you did not expect, SMS transaction alerts or email notifications for transactions you did not initiate, please call us immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas).

Learn more about Phishing, Malware and Online Banking security.


Phishing Scam Alert: Beware of emails offering additional SMS security
4 January 2017
Threat: Phishing Scams
Severity: High


What it does

There has been an increase in scams targeting individuals via emails offering customers additional security for OCBC online banking activities via SMS alerts.

The hyperlink in the email will redirect you to a phishing website which then prompts you to enter your login credentials such as your Personal Identification Number (PIN) or One Time Password (OTP). Upon which, fraudulent transfers may be effected from your account(s).

To avoid any unauthorised access to your bank account(s), please be mindful to never enter such information on to links to websites sent via emails. We advise you to stay vigilant and take the necessary precautions to protect yourself. Please see below for a sample of such phishing emails.



This is an example. Note: This is not sent by OCBC Bank.

How to protect yourself

  • Be mindful of websites and/or web links asking for your OCBC Online Banking login credentials such as PIN/OTP etc.
  • Never reveal or key in your personal or banking details such as ATM/Credit/Debit Card numbers, their PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
  • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
  • Call the bank immediately if you detect any suspicious alerts or transactions not performed by you.
  • Update us immediately when there is a change in your contact details such as mobile number or email address.
  • For more information on such scams, please visit: https://scamalert.sg/types-of-scams/phishing-scam


What you should do

If you notice any unusual/unauthorised transactions such as receiving funds you did not expect, SMS transaction alerts or email notifications for transactions you did not initiate, please call us immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas).

Learn more about Phishing, Malware and Online Banking security.


Phone Scam Alert : Beware of automated voice phone calls that require an interactive response and subsequently lead to the caller asking for your personal or banking information
15 October 2016
Threat: Phone scam
Severity: Medium


What it does

There has been an increase in scams targeting individuals via automated voice messages or phone calls. The latest variation of the scam involves Mandarin speaking callers pretending to be police officers or government officials.

The callers may inform you that you are involved in money laundering / criminal activities and instruct you to key in your banking details via a link to a fake website which may look like a law enforcement website such as the Singapore Police Force website.

The callers will also ask you to provide your banking details to avoid being prosecuted by the law.

Banking details include:
  1. ATM, credit cards, debit cards and Personal Identification Number (PIN).
  2. Online Banking Access Code, PIN and One-Time Password (OTP).

To avoid any unauthorised access to your bank accounts, please be mindful to never reveal such information to unknown callers. We advise you to stay vigilant and take the necessary precaution to protect yourself.


How to protect yourself

  • Be wary of unsolicited Mandarin speaking callers claiming to be police officers or government officials.
  • Never reveal or key in your personal banking details such as ATM, Credit/Debit Card numbers, their PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
  • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
  • Be wary of callers asking you to generate the OTP from your hardware token and revealing the OTP to them over the phone.
  • Be mindful of calls from police officers, government officials or anyone else asking for your OCBC Online Banking login credentials.
  • Do note that OCBC Bank staff will never ask you for your OCBC Online Banking PIN or OTP over the phone.
  • Call the bank immediately if you detect any suspicious alerts or transactions not performed by you.
  • Ignore calls from unsolicited callers. Scammers may use Caller ID spoofing technology to mask their actual phone numbers and display a different number.
  • Update us immediately when there is a change in your contact details such as mobile number or email address.
  • If you suspect that you have received illegal funds, do not use it. Please inform us and lodge a police report immediately.
For more information on such scams, please visit: www.scamalert.sg/types-of-scams/impersonation-scam


What you should do

If you notice any unusual/unauthorised transactions such as receiving funds you did not expect, SMS transaction alerts or email notifications for transactions you did not initiate, please call us immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas).

Learn more about Phishing, Malware and Online Banking security.

The above is for general information only and provided solely as a convenience to you. No representation or warranty (whether on adequacy or usefulness or otherwise) is given by OCBC. You confirm that you are responsible for the security of your computer and mobile devices and OCBC assumes no responsibility to you in relation thereto. We refer you to our online banking safe security practices at Safeguarding Your Online Banking Access. Your usage of our OCBC Online Banking Service is subject at all times to the Electronic Banking Terms & Conditions and the Terms & Conditions Governing Deposit Accounts.



Malware Alert: Stealing your card details and intercepting your SMS One Time Password (OTP)
15 November 2016
Threat: SVPENG
Severity: Medium


What it does

The SVPENG banking Trojan is a malware that targets Android devices. The malware may be downloaded without your knowledge or approval when you visit a legitimate site displaying an infected advertisement distributed by the Google AdSense network. This can happen as soon as you access a page with an infected advertisement via your mobile device.

This malware can even hide itself after installation and cannot be traced in your list of downloaded apps despite launching itself in your mobile device. Also, it can gain access to administrator rights, which make it difficult for any antivirus software to remove it.

Once your mobile device is infected, the malware will comb through your device to collect various information and attempt to steal online banking credentials and cards information via phishing windows. It may also intercept SMS messages including One Time Passwords (OTP) that you may receive through your mobile device.


How to protect yourself

  • Ensure that your mobile device’s software / browser are kept up to date.
  • Refrain from downloading apps from unofficial app stores. Only install apps from official or trusted sources (i.e. Google Play Store);
  • Do not enable “unknown sources” setting (this can be found in your mobile phone under Settings > Security) in your Android device as this may allow installation of apps from sources other than the Google Play Store.
  • Always pay close attention to the permissions requested by apps. Do not grant unnecessary or excessive permissions to a mobile app.
  • Always install and maintain the latest anti-virus software on your mobile devices where possible.
  • In the event your device is being compromised, please use another non-infected phone to inform OCBC Bank immediately and call us at 1800 363 3333.

Learn more about Phishing, Malware and Online Banking security.

The above is for general information only and provided solely as a convenience to you. No representation or warranty (whether on adequacy or usefulness or otherwise) is given by OCBC. You confirm that you are responsible for the security of your computer and mobile devices and OCBC assumes no responsibility to you in relation thereto. We refer you to our online banking safe security practices at Safeguarding Your Online Banking Access. Your usage of our OCBC Online Banking Service is subject at all times to the Electronic Banking Terms & Conditions and the Terms & Conditions Governing Deposit Accounts.