Security Advisory

Phishing Alert: Beware of emails offering additional security services
16 February 2017 (updated on 03 March 2017)
Threat: Phishing Alert
Severity: Medium


What it does

We have detected phishing emails which contain hyperlink(s) directing customers to phishing websites that resembles OCBC Bank’s login page. Please refer to the sample provided below.

The hyperlink in the email will redirect you to a phishing website which then prompts you to enter your login credentials such as your Personal Identification Number (PIN) or One Time Password (OTP). Upon which, fraudulent transfers may be effected from your account(s).

To avoid any unauthorised access to your bank account(s), please be mindful to never enter such information on to links to websites sent via emails. We advise you to stay vigilant and take the necessary precautions to protect yourself.



This is an example. Note: This is not sent by OCBC Bank.

How to protect yourself

  • Be mindful of websites and/or web links asking for your OCBC Online Banking login credentials such as PIN/OTP etc.
  • Never reveal or key in your personal or banking details such as ATM/Credit/Debit Card numbers, their PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
  • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
  • Call the bank immediately if you detect any suspicious alerts or transactions not performed by you.
  • Update us immediately when there is a change in your contact details such as mobile number or email address.


What you should do

If you notice any unusual/unauthorised transactions such as receiving funds you did not expect, SMS transaction alerts or email notifications for transactions you did not initiate, please call us immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas).

Learn more about Phishing, Malware and Online Banking security.


Phishing Scam Alert: Beware of emails offering additional SMS security
4 January 2017
Threat: Phishing Scams
Severity: High


What it does

There has been an increase in scams targeting individuals via emails offering customers additional security for OCBC online banking activities via SMS alerts.

The hyperlink in the email will redirect you to a phishing website which then prompts you to enter your login credentials such as your Personal Identification Number (PIN) or One Time Password (OTP). Upon which, fraudulent transfers may be effected from your account(s).

To avoid any unauthorised access to your bank account(s), please be mindful to never enter such information on to links to websites sent via emails. We advise you to stay vigilant and take the necessary precautions to protect yourself. Please see below for a sample of such phishing emails.



This is an example. Note: This is not sent by OCBC Bank.

How to protect yourself

  • Be mindful of websites and/or web links asking for your OCBC Online Banking login credentials such as PIN/OTP etc.
  • Never reveal or key in your personal or banking details such as ATM/Credit/Debit Card numbers, their PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
  • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
  • Call the bank immediately if you detect any suspicious alerts or transactions not performed by you.
  • Update us immediately when there is a change in your contact details such as mobile number or email address.
  • For more information on such scams, please visit: https://scamalert.sg/types-of-scams/phishing-scam


What you should do

If you notice any unusual/unauthorised transactions such as receiving funds you did not expect, SMS transaction alerts or email notifications for transactions you did not initiate, please call us immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas).

Learn more about Phishing, Malware and Online Banking security.


Phone Scam Alert : Beware of automated voice phone calls that require an interactive response and subsequently lead to the caller asking for your personal or banking information
15 October 2016
Threat: Phone scam
Severity: Medium


What it does

There has been an increase in scams targeting individuals via automated voice messages or phone calls. The latest variation of the scam involves Mandarin speaking callers pretending to be police officers or government officials.

The callers may inform you that you are involved in money laundering / criminal activities and instruct you to key in your banking details via a link to a fake website which may look like a law enforcement website such as the Singapore Police Force website.

The callers will also ask you to provide your banking details to avoid being prosecuted by the law.

Banking details include:
  1. ATM, credit cards, debit cards and Personal Identification Number (PIN).
  2. Online Banking Access Code, PIN and One-Time Password (OTP).

To avoid any unauthorised access to your bank accounts, please be mindful to never reveal such information to unknown callers. We advise you to stay vigilant and take the necessary precaution to protect yourself.


How to protect yourself

  • Be wary of unsolicited Mandarin speaking callers claiming to be police officers or government officials.
  • Never reveal or key in your personal banking details such as ATM, Credit/Debit Card numbers, their PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
  • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
  • Be wary of callers asking you to generate the OTP from your hardware token and revealing the OTP to them over the phone.
  • Be mindful of calls from police officers, government officials or anyone else asking for your OCBC Online Banking login credentials.
  • Do note that OCBC Bank staff will never ask you for your OCBC Online Banking PIN or OTP over the phone.
  • Call the bank immediately if you detect any suspicious alerts or transactions not performed by you.
  • Ignore calls from unsolicited callers. Scammers may use Caller ID spoofing technology to mask their actual phone numbers and display a different number.
  • Update us immediately when there is a change in your contact details such as mobile number or email address.
  • If you suspect that you have received illegal funds, do not use it. Please inform us and lodge a police report immediately.
For more information on such scams, please visit: www.scamalert.sg/types-of-scams/impersonation-scam


What you should do

If you notice any unusual/unauthorised transactions such as receiving funds you did not expect, SMS transaction alerts or email notifications for transactions you did not initiate, please call us immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas).

Learn more about Phishing, Malware and Online Banking security.

The above is for general information only and provided solely as a convenience to you. No representation or warranty (whether on adequacy or usefulness or otherwise) is given by OCBC. You confirm that you are responsible for the security of your computer and mobile devices and OCBC assumes no responsibility to you in relation thereto. We refer you to our online banking safe security practices at Safeguarding Your Online Banking Access. Your usage of our OCBC Online Banking Service is subject at all times to the Electronic Banking Terms & Conditions and the Terms & Conditions Governing Deposit Accounts.



Malware Alert: Stealing your card details and intercepting your SMS One Time Password (OTP)
15 November 2016
Threat: SVPENG
Severity: Medium


What it does

The SVPENG banking Trojan is a malware that targets Android devices. The malware may be downloaded without your knowledge or approval when you visit a legitimate site displaying an infected advertisement distributed by the Google AdSense network. This can happen as soon as you access a page with an infected advertisement via your mobile device.

This malware can even hide itself after installation and cannot be traced in your list of downloaded apps despite launching itself in your mobile device. Also, it can gain access to administrator rights, which make it difficult for any antivirus software to remove it.

Once your mobile device is infected, the malware will comb through your device to collect various information and attempt to steal online banking credentials and cards information via phishing windows. It may also intercept SMS messages including One Time Passwords (OTP) that you may receive through your mobile device.


How to protect yourself

  • Ensure that your mobile device’s software / browser are kept up to date.
  • Refrain from downloading apps from unofficial app stores. Only install apps from official or trusted sources (i.e. Google Play Store);
  • Do not enable “unknown sources” setting (this can be found in your mobile phone under Settings > Security) in your Android device as this may allow installation of apps from sources other than the Google Play Store.
  • Always pay close attention to the permissions requested by apps. Do not grant unnecessary or excessive permissions to a mobile app.
  • Always install and maintain the latest anti-virus software on your mobile devices where possible.
  • In the event your device is being compromised, please use another non-infected phone to inform OCBC Bank immediately and call us at 1800 363 3333.

Learn more about Phishing, Malware and Online Banking security.

The above is for general information only and provided solely as a convenience to you. No representation or warranty (whether on adequacy or usefulness or otherwise) is given by OCBC. You confirm that you are responsible for the security of your computer and mobile devices and OCBC assumes no responsibility to you in relation thereto. We refer you to our online banking safe security practices at Safeguarding Your Online Banking Access. Your usage of our OCBC Online Banking Service is subject at all times to the Electronic Banking Terms & Conditions and the Terms & Conditions Governing Deposit Accounts.