Security Advisory



SMS Phishing Scam

24 August 2018
Threat: Phishing alert
Severity: High


Recently, fraudsters have been sending SMSes and emails that appear to originate from OCBC, informing you to check out a new investment program.

It claims that OCBC has announced new software that will make you a millionaire, while others tell you some miraculous software will let you “quit your job in 30 days”.

These are NOT sent by OCBC Bank.

If you know of friends and loved ones who have been tempted to click on the links provided in these SMSes and emails, please tell them not to. While we work hard to help our customers succeed, we certainly don’t believe in “Get rich quick” approaches.

SMS Samples





Sample of website after clicking the link:



We would like to advise the public that under no circumstances will OCBC Bank make unsolicited requests through e-mail, SMSes, and phone calls that request for the following:

  • Personal details
  • Financial details
  • Bank account details
  • Credit/debit details
  • Logging into your Internet banking account
  • Verifying your account validity
  • PIN/Password


How to protect yourself:

  • Be on the alert for suspicious emails / SMSes and websites or mobile messages, purporting to be from the Bank aking for your OCBC Online Banking login credentials such as PIN/OTP etc. You should report these immediately by contacting us.
  • Stay vigilant before clicking on any links embedded in the SMS or emails.
  • Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
  • Always type the URL of the website directly into the address bar of the browser.
  • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
  • Update us immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.
  • Do not transfer funds to any unknown parties.




What you should do :

Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

  • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
  • You received an SMS or email alert for transactions which you did not perform; or
  • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.


Learn more about Phishing, Malware and Online Banking security.


SMS Phishing Alert: Beware of SMS that may direct you to phishing webpages asking for your credentials.
6 August 2018
Threat: Phishing alert
Severity: Medium


Fraudsters have been sending SMS containing hyperlinks targeting OCBC customers. Upon clicking on the hyperlink, you will be directed to a page requesting for your Online Banking Access Code, PIN, credit or debit card numbers, expiration date and 3-digit CVV number on the back of your card. The websites are intended to trick you to revealing your personal information and use it for unauthorised transactions on your accounts or credit cards.

Fraudsters may spoof SMS or emails to give the appearance that they originate from OCBC. All mobile device will list the spoofed SMS in the same thread with those sent under the bank.



Please stay vigilant and take the necessary precautions.

How to protect yourself:

  • Always type the URL of the website directly into the address bar of the browser.
  • OCBC Bank will not make unsolicited requests for your personal or banking details (e.g., credit/ debit card information or login credentials) through channels such as emails or SMS. Inform the Bank immediately if such requests are received
  • Do not reveal any personal or banking details (e.g., ATM/ Credit/ Debit Card numbers, login credentials, OTP) into suspicious websites or mobile apps.
  • Always read SMS alerts for your transaction details carefully.
  • Inform the Bank whenever contact details or mailing address get updated.


What customers should do :

Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

  • You are aware of any suspected fraud or transactions not performed by you;
  • If any of your credit or atm cards, banking login credentials or security devices have been lost or compromised;
  • You received an SMS or email alert for transactions which you did not perform; or
  • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.


Learn more about Phishing, Malware and Online Banking security.


Beware of unsolicited calls, emails or SMS asking for your personal or banking information or credentials.
23 July 2018
Threat: Phishing alert
Severity: Medium


Last week, SingHealth reported a data breach where patients’ data such as names, NRIC numbers, addresses and date of birth were stolen. The stolen information may be used by syndicates to conduct social engineering and phishing scams. They may use the stolen information to trick victims to believe these scams are real.

Please be reminded to stay vigilant when you receive calls, emails and SMS from unfamiliar or unsolicited sources asking for your personal particulars, banking information and credentials.

Please stay vigilant and take the necessary precautions.

How to protect yourself:

  • Be on the alert for suspicious emails / SMS and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. You should report these immediately by contacting us.
  • OCBC Bank will not make unsolicited requests for your personal, financial, bank account or credit/debit card information, or unsolicited requests that you log in and verify account validity, through e-mail, mobile messages or on phone unless you have initiated the contact. Under no circumstances will the Bank ask you to reveal your PIN/Password.
  • Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
  • Stay vigilant before clicking on any links embedded in the SMSes or emails.
  • Always type the URL of the website directly into the address bar of the browser.
  • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
  • Update us immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.


What you should do

Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

  • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
  • You received an SMS or email alert for transactions which you did not perform; or
  • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.


Learn more about Phishing, Malware and Online Banking security.


SMS Phishing Alert: Beware of SMS linking to phishing websites asking for your credentials.
13 June 2018
Threat: Phishing alert
Severity: Medium


The SMS may contain hyperlinks which redirect you to a webpage requesting for your Online Banking Access Code, PIN, ATM or credit card numbers, expiration date and even the 3-digit CVV number on the back of your card.

The websites are intended to steal your information and use it for unauthorised transactions on your accounts or credit cards.



Please stay vigilant and take the necessary precautions.

How to protect yourself:

  • Always type the URL of the website directly into the address bar of the browser.
  • Stay vigilant before clicking on any links embedded in the SMSes or emails.
  • Be on the alert for suspicious emails / SMS and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. You should report these immediately by contacting us.
  • OCBC Bank will not make unsolicited requests for your personal, financial, bank account or credit/debit card information, or unsolicited requests that you log in and verify account validity, through e-mail, mobile messages or on phone unless you have initiated the contact. Under no circumstances will the Bank ask you to reveal your PIN/Password.
  • Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
  • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
  • Update us immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.


What you should do

Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

  • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
  • You received an SMS or email alert for transactions which you did not perform; or
  • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.


Learn more about Phishing, Malware and Online Banking security.


Phishing Alert: Beware of emails linking to websites asking for your personal information.
7 May 2018
Threat: Phishing alert
Severity: Medium

There has been an increase in phishing emails received by our customers on their accounts being placed on hold and were requested to confirm their card details.

These emails may contain hyperlink(s) directing customers to a phishing website which will require customers to provide their personal / banking / card details. For example, full name, NRIC/ passport numbers, Bank account numbers, card numbers, expiry date, CVV number, Personal Identification Number (PIN), One Time Password (OTP) and even in some instances to provide the OTP generated from their hardware token. Once this is done, fraudulent transactions may be effected from your accounts.

Example of phishing email

To avoid any unauthorised access to your bank account(s) or transactions on your cards, please be mindful to never enter such information on to links to websites sent via emails. We advise you to stay vigilant and take the necessary precautions to protect yourself.

How to protect yourself:

  • Be on the alert for suspicious emails and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. You should report these immediately by contacting us.
  • OCBC Bank will not make unsolicited requests for your personal, financial, bank account or credit/debit card information, or unsolicited requests that you log in and verify account validity, through e-mail, mobile messages or on phone unless you have initiated the contact. Under no circumstances will the Bank ask you to reveal your PIN/Password.
  • Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
  • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
  • Update us immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.


What you should do

Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

  • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
  • You received a SMS or an e-mail alert for transactions which you did not perform; or
  • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.


Learn more about Phishing, Malware and Online Banking security.


Phishing Alert: Beware of emails or SMS linking to websites asking for your personal information.
17 January 2018
Threat: Phishing alert
Severity: Medium

Reports on phishing attacks had increased over the last few weeks.. Generally, phishing attacks use emails or SMS (purportedly from a trusted organisation such as OCBC) with links to fictitious websites or to download apps. Such emails or SMS typically use fear tactics and may threaten to disable an account or delay services until you update certain information.

Example of phishing email and sms

The links will direct you to a website or app that looks legit, as below. The intent is to gain unauthorised access to your bank accounts once you provide the information they request for such as:

  • Personal information - NRIC/ passport number, mailing address, email address
  • Banking credentials - bank account numbers, card numbers, expiry date, CVV number, Personal Identification Number (PIN), One Time Password (OTP) and in some instances to provide the OTP generated from your hardware token.
Example of how a phishing website or app login may look like

How to protect yourself:

  • Know that OCBC Bank will not make unsolicited requests for your personal, financial, bank account or credit/debit card information, or unsolicited requests that you log in and verify account validity, through e-mail, mobile messages or on phone unless you have initiated the contact. Under no circumstances will the Bank ask you to reveal your PIN/Password.
  • Do not use links in an email or instant message to connect to the Bank's website unless you are certain they are authentic. If you need to get to the Bank’s webpage, open your browser and type the URL directly into the address bar.
  • Do not respond to emails asking for confidential information, e.g: your financial or personal information. Phishers like to use fear tactics and may threaten to disable an account or delay services until you update certain information.
  • Never reveal to anyone or key in your personal banking details such as ATM, Credit Card Numbers, their PINs, Online Banking Access codes, PIN and OTP into websites or mobile apps.
  • Beware of anyone who may request that you install software on your device.
  • Always ensure that you download information or apps from official source only.
  • Protect your computer with firewall, spam filters, anti-virus and anti-spyware software. Ensure you are getting the most up-to-date software and update them regularly to ensure that you are protected against new viruses and spyware.
  • Always keep your contact information with the bank updated so that we may send you:
    • Instant alerts on transactions performed on your bank accounts.
    • Instant notifications on account activities such as adding a beneficiary or change of contact particulars
  • Always read the SMS alerts sent to your mobile phone for your transactions carefully.


What you should do

Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

  • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
  • You received a SMS or an e-mail alert for transactions which you did not perform; or
  • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.


Learn more about Phishing, Malware and Online Banking security.


Phishing Alert: Beware of emails requesting for your banking or credit details to unlock your banking or card accounts.
21 December 2017
Threat: Phishing alert
Severity: Medium

There has been an increase in phishing emails received by our customers on their accounts being placed on hold and were requested to confirm their card details.

These emails may contain hyperlink(s) directing customers to phishing website which will require customers to provide their personal / banking / card details. For example, full name, NRIC/ passport numbers, Bank account numbers, card numbers, expiry date, CVV number, Personal Identification Number (PIN), One Time Password (OTP) and even in some instances to provide the OTP generated from their hardware token. Once this is done, fraudulent transactions may be effected from your accounts.

Example of phishing email

For the recent cases, customers were asked to enter their credit card number, expiry date, CVV number, and email address to reactivate their credit card account. The phishing site bears the OCBC bank logo. A sample of the site is as below.

Example of phishing email

To avoid any unauthorised access to your bank account(s) or transactions on your cards, please be mindful to never enter such information on to links to websites sent via emails. We advise you to stay vigilant and take the necessary precautions to protect yourself.

HOW TO PROTECT YOURSELF:

  • Be on the alert for suspicious emails and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. You should report these immediately by contacting us.
  • OCBC Bank will not make unsolicited requests for your personal, financial, bank account or credit/debit card information, or unsolicited requests that you log in and verify account validity, through e-mail, mobile messages or on phone unless you have initiated the contact. Under no circumstances will the Bank ask you to reveal your PIN/Password.
  • Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
  • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
  • Update us immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.


What you should do

Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

  • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
  • You receive SMS or e-mail alerts for transactions which you did not perform; or
  • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.


Learn more about Phishing, Malware and Online Banking security.


Impersonation Scam Alert : Beware of unsolicited phone calls asking you to withdraw funds from your account or provide personal or banking information
24 August 2017
Threat: Impersonation Scam
Severity: Medium

There has been a resurgence in scams involving Mandarin-speaking callers pretending to be police officers informing you that you are involved in criminal activities.

To avoid being prosecuted by the law, they may instruct you to:
  • provide your banking details such as ATM card, credit card, debit card and Personal Identification Number (PIN), Online Banking Access Code, PIN and One-Time Password (OTP)
  • apply for Internet banking services and a hardware token
  • and from time to time provide them the OTP generated from the token to update them on your whereabouts or location.

In some instances, you may find unexplained sum of money in your account. The caller will instruct you to withdraw these monies and hand them to a third party (purported to be a police officer) who will meet you at a selected location.

To avoid unauthorised access to your account or falling victim to such scams, please stay vigilant and take the necessary precaution to protect yourself.

HOW TO PROTECT YOURSELF:

  • Be wary or ignore callers claiming to be police officers or government officials.
  • If there are unexplained money in your account, do not attempt to withdraw the money for your own use or pass it to anyone. You should inform us and lodge a police report immediately.
  • Never reveal to anyone, or key in your personal banking details such as ATM/credit/debit card numbers, their PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
  • Never generate the OTP from your hardware token and reveal the OTP to anyone.
  • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
  • OCBC Bank staff will never ask you for your OCBC Online Banking PIN or OTP over the phone.
  • Call us immediately if you detect any suspicious alerts or transactions not performed by you.
  • Ignore calls from unsolicited callers. Scammers may use Caller ID spoofing technology to mask their actual phone numbers and display a different number.
  • Update us immediately when there is a change in your contact details such as mobile number or email address.
For more information on such scams, please visit: www.scamalert.sg/types-of-scams/impersonation-scam

What you should do

If you notice any unusual/unauthorised transactions such as receiving funds you did not expect, SMS transaction alerts or email notifications for transactions you did not initiate, please call us immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas).

Learn more about Phishing, Malware and Online Banking security.


Beware of online offers that may lead you to fall victim to online scams
21 June 2017

As consumers, we are constantly on the lookout for attractive discounts when we attempt to make purchases through various online websites. If you happen to come across something that is being sold for a price that seems “too good to be true”, it probably is.

Very often, the victims of online purchase scams are drawn by deals that appear too good to be true for items such as gadgets and luxury goods. These “retailers” will urge their customers to transfer the money to an account, with a promise to deliver the item afterward. In some instances, they may also request for additional deposits or payments disguised as “duties” or delivery charges. Ultimately, the buyer does not receive the item.

WHAT TO LOOK OUT FOR:

  • Be wary of people selling items at prices that appear too good to be true.
  • Make sure the seller is physically located where they claim to be. Always establish a physical address and telephone contact details.
  • Be wary of sellers who are not upfront and transparent about their business or terms and conditions.
  • If an online retailer is unfamiliar to you, be sure to check if the business is legitimate and has a positive track record from past customers.

HOW TO PROTECT YOURSELF:

  • Understand how the online retailer safeguards your interest by reading their privacy and returns policy before making any purchases.
  • Never reveal more information than necessary for the purchase and do not provide your personal and banking account credentials / information to anyone or online.
  • Always request for cash on delivery where possible when responding to online advertisements.
  • For general online safety, we recommend that you always have an updated antivirus or antispyware and firewall running on your system / devices.
  • Before entering your account or card details on a website, ensure that the website is secured (see below):
  • There should be a padlock symbol just beside the address bar on your web browser, which will appear when you attempt to log in or register. Be sure that the padlock is not located on the website itself as this is likely to be a scam attempt.
  • The web address should begin with "https://" ('s' stands for secure) instead of just "http://".
  • Use secure payment systems such as Paypal to facilitate your online purchases instead of transferring funds directly to the retailer’s bank account.
  • Ensure that you log out of websites that you have made any payment transactions. Clear the web browser’s cache and Password auto fill settings, especially when you are using a public computer.
  • Always check your credit card and bank statements carefully after carrying out online purchases to ensure that you have been charged the correct amount.
  • If you notice any unusual/unauthorised transactions, such as receiving funds you did not expect, SMS transaction alerts or email notifications for transactions you did not initiate, please call us immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas).
To safeguard your banking accounts and personal information at all times, continue to be mindful of emails which may appear in the form of purchase or delivery confirmations.

Do not open suspicious emails regarding online transactions if you have not purchased anything online. Cyber-criminals often use various methods such as phishing emails and fake websites to attract and exploit online shoppers to gain access to their banking credentials, account details and personal information.

When in doubt, you may either make reference to the website from the National Crime Prevention Council or call the Anti- Scam Helpline at 1800-722-6688.

Learn more about Phishing, Malware and Online Banking security.


Phishing Alert: Beware of emails offering additional security services
16 February 2017 (updated on 03 March 2017)
Threat: Phishing Alert
Severity: Medium


What it does

We have detected phishing emails which contain hyperlink(s) directing customers to phishing websites that resembles OCBC Bank’s login page. Please refer to the sample provided below.

The hyperlink in the email will redirect you to a phishing website which then prompts you to enter your login credentials such as your Personal Identification Number (PIN) or One Time Password (OTP). Upon which, fraudulent transfers may be effected from your account(s).

To avoid any unauthorised access to your bank account(s), please be mindful to never enter such information on to links to websites sent via emails. We advise you to stay vigilant and take the necessary precautions to protect yourself.



This is an example. Note: This is not sent by OCBC Bank.

How to protect yourself

  • Be mindful of websites and/or web links asking for your OCBC Online Banking login credentials such as PIN/OTP etc.
  • Never reveal or key in your personal or banking details such as ATM/Credit/Debit Card numbers, their PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
  • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
  • Call the bank immediately if you detect any suspicious alerts or transactions not performed by you.
  • Update us immediately when there is a change in your contact details such as mobile number or email address.


What you should do

If you notice any unusual/unauthorised transactions such as receiving funds you did not expect, SMS transaction alerts or email notifications for transactions you did not initiate, please call us immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas).

Learn more about Phishing, Malware and Online Banking security.


Phishing Scam Alert: Beware of emails offering additional SMS security
4 January 2017
Threat: Phishing Scams
Severity: High


What it does

There has been an increase in scams targeting individuals via emails offering customers additional security for OCBC online banking activities via SMS alerts.

The hyperlink in the email will redirect you to a phishing website which then prompts you to enter your login credentials such as your Personal Identification Number (PIN) or One Time Password (OTP). Upon which, fraudulent transfers may be effected from your account(s).

To avoid any unauthorised access to your bank account(s), please be mindful to never enter such information on to links to websites sent via emails. We advise you to stay vigilant and take the necessary precautions to protect yourself. Please see below for a sample of such phishing emails.



This is an example. Note: This is not sent by OCBC Bank.

How to protect yourself

  • Be mindful of websites and/or web links asking for your OCBC Online Banking login credentials such as PIN/OTP etc.
  • Never reveal or key in your personal or banking details such as ATM/Credit/Debit Card numbers, their PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
  • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
  • Call the bank immediately if you detect any suspicious alerts or transactions not performed by you.
  • Update us immediately when there is a change in your contact details such as mobile number or email address.
  • For more information on such scams, please visit: https://scamalert.sg/types-of-scams/phishing-scam


What you should do

If you notice any unusual/unauthorised transactions such as receiving funds you did not expect, SMS transaction alerts or email notifications for transactions you did not initiate, please call us immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas).

Learn more about Phishing, Malware and Online Banking security.


Phone Scam Alert : Beware of automated voice phone calls that require an interactive response and subsequently lead to the caller asking for your personal or banking information
15 October 2016
Threat: Phone scam
Severity: Medium


What it does

There has been an increase in scams targeting individuals via automated voice messages or phone calls. The latest variation of the scam involves Mandarin speaking callers pretending to be police officers or government officials.

The callers may inform you that you are involved in money laundering / criminal activities and instruct you to key in your banking details via a link to a fake website which may look like a law enforcement website such as the Singapore Police Force website.

The callers will also ask you to provide your banking details to avoid being prosecuted by the law.

Banking details include:
  1. ATM, credit cards, debit cards and Personal Identification Number (PIN).
  2. Online Banking Access Code, PIN and One-Time Password (OTP).

To avoid any unauthorised access to your bank accounts, please be mindful to never reveal such information to unknown callers. We advise you to stay vigilant and take the necessary precaution to protect yourself.


How to protect yourself

  • Be wary of unsolicited Mandarin speaking callers claiming to be police officers or government officials.
  • Never reveal or key in your personal banking details such as ATM, Credit/Debit Card numbers, their PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
  • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
  • Be wary of callers asking you to generate the OTP from your hardware token and revealing the OTP to them over the phone.
  • Be mindful of calls from police officers, government officials or anyone else asking for your OCBC Online Banking login credentials.
  • Do note that OCBC Bank staff will never ask you for your OCBC Online Banking PIN or OTP over the phone.
  • Call the bank immediately if you detect any suspicious alerts or transactions not performed by you.
  • Ignore calls from unsolicited callers. Scammers may use Caller ID spoofing technology to mask their actual phone numbers and display a different number.
  • Update us immediately when there is a change in your contact details such as mobile number or email address.
  • If you suspect that you have received illegal funds, do not use it. Please inform us and lodge a police report immediately.
For more information on such scams, please visit: www.scamalert.sg/types-of-scams/impersonation-scam


What you should do

If you notice any unusual/unauthorised transactions such as receiving funds you did not expect, SMS transaction alerts or email notifications for transactions you did not initiate, please call us immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas).

Learn more about Phishing, Malware and Online Banking security.

The above is for general information only and provided solely as a convenience to you. No representation or warranty (whether on adequacy or usefulness or otherwise) is given by OCBC. You confirm that you are responsible for the security of your computer and mobile devices and OCBC assumes no responsibility to you in relation thereto. We refer you to our online banking safe security practices at Safeguarding Your Online Banking Access. Your usage of our OCBC Online Banking Service is subject at all times to the Electronic Banking Terms & Conditions and the Terms & Conditions Governing Deposit Accounts.



Malware Alert: Stealing your card details and intercepting your SMS One Time Password (OTP)
15 November 2016
Threat: SVPENG
Severity: Medium


What it does

The SVPENG banking Trojan is a malware that targets Android devices. The malware may be downloaded without your knowledge or approval when you visit a legitimate site displaying an infected advertisement distributed by the Google AdSense network. This can happen as soon as you access a page with an infected advertisement via your mobile device.

This malware can even hide itself after installation and cannot be traced in your list of downloaded apps despite launching itself in your mobile device. Also, it can gain access to administrator rights, which make it difficult for any antivirus software to remove it.

Once your mobile device is infected, the malware will comb through your device to collect various information and attempt to steal online banking credentials and cards information via phishing windows. It may also intercept SMS messages including One Time Passwords (OTP) that you may receive through your mobile device.


How to protect yourself

  • Ensure that your mobile device’s software / browser are kept up to date.
  • Refrain from downloading apps from unofficial app stores. Only install apps from official or trusted sources (i.e. Google Play Store);
  • Do not enable “unknown sources” setting (this can be found in your mobile phone under Settings > Security) in your Android device as this may allow installation of apps from sources other than the Google Play Store.
  • Always pay close attention to the permissions requested by apps. Do not grant unnecessary or excessive permissions to a mobile app.
  • Always install and maintain the latest anti-virus software on your mobile devices where possible.
  • In the event your device is being compromised, please use another non-infected phone to inform OCBC Bank immediately and call us at 1800 363 3333.

Learn more about Phishing, Malware and Online Banking security.

The above is for general information only and provided solely as a convenience to you. No representation or warranty (whether on adequacy or usefulness or otherwise) is given by OCBC. You confirm that you are responsible for the security of your computer and mobile devices and OCBC assumes no responsibility to you in relation thereto. We refer you to our online banking safe security practices at Safeguarding Your Online Banking Access. Your usage of our OCBC Online Banking Service is subject at all times to the Electronic Banking Terms & Conditions and the Terms & Conditions Governing Deposit Accounts.