#BeAProAgainstCons with OCBC's security measures and anti-scam tips

Back

Malware threats

Learn to safeguard your financial data against malware attacks

请阅读本文的中文版本

WHAT IS MALWARE?

Malware is a type of malicious software that cybercriminals use to infect their target's computers and mobile devices to perform criminal activities.

Once the device is infected, a cybercriminal may steal confidential data such as login credentials (including online banking access code, PIN and One-Time-Password (OTP) or Organisation ID, User ID, and Password) and use these details to conduct fraudulent money transfers from their victim's account. Others may gain remote control over the compromised device and data, spy on a person’s online activities, and/or perform other criminal acts like monetary transactions and fraud without their victim's knowledge or consent.

TYPES OF MALWARE

Understanding the different types of malware and how they work can help to protect your devices from threats.

Virus
Ransomware
Scareware
Adware/Malvertising
Trojan
Spyware
Virus

Virus

Capable of infecting a computer system or network, a computer virus can spread by replicating itself throughout a network – just like biological viruses. It attaches to existing programmes, which can then infect other programmes and files when a user executes it. Viruses are able to steal sensitive information, delete or modify files, and even launch attacks on other systems.

Ransomware

Ransomware

Ransomware is a type of malware used to encrypt personal files on a device or its operational system, locking the user out of their files or device. This results in the victim losing access to important and often confidential data or disruption to their business operations. Attackers will then threaten to publish their victim's data or permanently block their access unless a ransom is paid off (often in cryptocurrency) to restore access.

Scareware

Scareware

Scareware, often disseminated via pop-up ads, is designed to trick users into believing that their device has been infected with malware and then duped to download or purchase malicious (but useless) software to fix the supposed issue.

In some cases, victims will be asked to enter their credit card details or other sensitive information when downloading the fake software, which criminals will then use for fraudulent purposes. Other times, the fake software is simply a way for criminals to install other types of malware into a victim's device.

Adware/Malvertising

Adware/Malvertising

Adwares are designed to display advertisements on a user's device, typically in the form of pop-up ads, banners, etc. It can track a user's browsing behaviour and collect personal data about their online activities for targeted advertising purposes.

On the other hand, malvertising refers to the distribution of malware through online advertising platforms. They are often designed to look like legitimate ads, and can be used to direct users to phishing sites or other malicious websites.

Trojan

Trojan

Short for Trojan horse, a Trojan is a type of malware that is often disguised as a legitimate programme or file, and may be distributed through phishing emails or software downloads. Once it’s downloaded, it can perform a variety of malicious activities, such as stealing financial information or installing additional malware.

Spyware

Spyware

Designed to collect information from a device without the user's knowledge or consent, spyware can be used to monitor a person’s online activities and steal sensitive information such as your login credentials and credit card information.

It can be installed on a device through various methods, such as clicking on a malicious link or email attachment, installing infected software or visiting a compromised website.

HOW IS MALWARE SPREAD?
Phishing emails

Phishing emails

A common method is to send emails with attachments that may appear to originate from trusted sources or people you may know. If you open the attachments, you may end up installing malware on your computer.
Suspicious websites

Suspicious websites

Visiting malicious websites may result in harmful software being installed onto your device without your permission. These spoofed sites often appear to resemble credible websites from established companies, but exist solely to inject malware and steal data.
Infected downloads

Infected downloads

Malware can be spread by downloading infected files, which are delivered through messaging services such as SMS, WhatsApp and Telegram. It can also be easily spread through fake software and mobile app downloads from non-official sources, or via removable drives once they are connected to a computer.
Malicious ads

Malicious ads

Cybercriminals can spread malware by injecting corrupted code into online ads, which are then distributed through legitimate advertising networks and displayed on various trusted websites. You don’t even need to click on the ad – malware is automatically installed once you visit the host site.
LATEST SCAMS TO WATCH OUT FOR

From deceptive bargains to bogus QR codes, here are some malware-related scams to take note of.

Suspicious downloads on Android

Suspicious downloads on Android

Victims may come across favourable deals and be lured into contacting these fradulent businesses through their social media or messaging platforms (e.g., WhatsApp). Subsequently, they will be sent a URL to download an Android Package Kit (APK) file which contains malware, potentially allowing scammers to access their devices remotely and steal their personal information and banking credentials.

Be skeptical of advertisements with exaggerated claims that seem too good to be true, and avoid downloading any dubious applications on your devices.

Fake friend call scams

Fake friend call scams

Scammers may attempt to contact victims through calls or text messages, pretending to be a friend or acquaintance. Instead of directly asking for money, they may send victims malicious links on the pretext of seeking assistance for various errands, like making a restaurant reservation or purchasing furniture. The malicious links will lead the victims to either download an APK file and/or to phishing sites where they are tricked into entering their banking details. Thereafter, scammers will access the victims’ bank accounts to perform unauthorised transactions.

Stay cautious when receiving unusual phone calls or messages from individuals claiming to be your "friends”. Be sure to verify their identity through alternative means such as meeting them in person or using previously established contact details, before engaging in any significant transactions or divulging sensitive information.

Malicious QR codes

Malicious QR codes

As businesses increasingly adopt the use of QR codes, scammers are finding new ways to exploit the technology by pasting manipulated QR codes near authorised scan-to-pay signs in public spaces, such as shops and restaurants. Victims are then duped into scanning these codes, unknowingly downloading malware-infected apps that steal confidential and sensitive data.

Be especially wary of codes that may appear suspicious or tampered with, and check with the staff of the establishment to make sure it’s legitimate before scanning.

Suspicious downloads on Android
Fake friend call scams
Malicious QR codes
HOW TO DETECT MALWARE?

If you believe your computer or mobile device may be infected with malware, watch out for these warning signs:

  • On your device
    • Look out for unfamiliar apps and icons that appear on your device which you did not install, an unusual change in the look-and-feel of your device's screen, or suspicious screen pop-ups that prompt you to install unknown apps or grant special permission to specific apps.
    • Performance issues including applications, files and websites taking a long time to load, abnormal battery drainage, and problems shutting down or starting up your device due to malware running in the background.
    • Device shutting down abruptly or getting locked up with the screen displaying the message 'System update in progress' even after it has force-restarted.
    • Dropped calls or strange disruptions during a conversation which could likely be due to interference of mobile malware.
    • Unusual phone/data bills as a result of malware sending SMS text messages to premium-rated numbers.
  • In your browser
    • A redirection to a third-party website showing a fake overlay page resembling OCBC Bank’s login page, which may prompt you to enter your login credentials, OTP from your security token, or your ATM, debit or credit card details. The website may also feature a fake hotline number (a number that does not match the contact numbers on the Bank's official website).
    • The URL shown on the fake website’s login page is different from OCBC’s official pages.
    • You are prompted repeatedly for your login credentials despite entering them correctly, or get a delayed pop-up screen that says the system is not available and repeatedly asks you to enter OTP or use your security token to generate an OTP.
    • You receive SMS text messages on OTPs you did not generate, or are prompted to authorise transactions that you have not initiated.
HOW TO PROTECT YOURSELF AGAINST MALWARE

To ensure that your online security and account information are not compromised via your devices, please adopt the following OCBC Online Banking security measures:

Secure your devices

Secure your devices

Keep your devices secure and up to date with trusted security solutions.

  • Install antivirus programmes, keep them up-to-date and run regular scans to help detect unauthorised software
  • Ensure that your operating system is updated to the latest version
  • Do not use jailbroken or rooted phones to access OCBC Mobile Banking services
  • Secure your device with biometrics, a strong password or other relevant mechanism
  • Check your devices for unknown apps that may appear at random
  • Inform OCBC immediately in event of loss/theft of your mobile device, and/or if you suspect there is unauthorised access to your account
  • Never leave your devices unattended in public places

Keep your devices secure and up to date with trusted security solutions.

  • Install antivirus programmes, keep them up-to-date and run regular scans to help detect unauthorised software
  • Ensure that your operating system is updated to the latest version
  • Do not use jailbroken or rooted phones to access OCBC Mobile Banking services
  • Secure your device with biometrics, a strong password or other relevant mechanism
  • Check your devices for unknown apps that may appear at random
  • Inform OCBC immediately in event of loss/theft of your mobile device, and/or if you suspect there is unauthorised access to your account
  • Never leave your devices unattended in public places

Safeguard your online browsing experience

Safeguard your online browsing experience

Practice safe browsing habits to limit your device’s vulnerability to malware.

  • Personally enter the domain name in your browser to log in to OCBC Online Banking
  • Ensure that the website you are visiting belongs to OCBC Personal Banking or Business Banking
  • Do not allow your web browser or devices to store your login credentials
  • Log off once session is finished and lock your computer screen when not in use
  • Do not use public devices or connect to unsecured/publicly available Wi-Fi to access Online Banking
  • Remove file and printer sharing in computers
  • Never click on links in pop-ups when browsing the internet

Practice safe browsing habits to limit your device’s vulnerability to malware.

  • Personally enter the domain name in your browser to log in to OCBC Online Banking
  • Ensure that the website you are visiting belongs to OCBC Personal Banking or Business Banking
  • Do not allow your web browser or devices to store your login credentials
  • Log off once session is finished and lock your computer screen when not in use
  • Do not use public devices or connect to unsecured/publicly available Wi-Fi to access Online Banking
  • Remove file and printer sharing in computers
  • Never click on links in pop-ups when browsing the internet

Beware of downloads

Beware of downloads

Always be cautious when downloading any files or attachments from unknown sources.

  • Do not install software or run programmes of unknown origin
  • Only download mobile apps (including the OCBC Digital and OCBC Business apps) from official app stores (Apple App Store, Google Play Store or Huawei AppGallery)
  • Do not open, run or install any attachments or click on any links in suspicious or unsolicited emails and messages

Always be cautious when downloading any files or attachments from unknown sources.

  • Do not install software or run programmes of unknown origin
  • Only download mobile apps (including the OCBC Digital and OCBC Business apps) from official app stores (Apple App Store, Google Play Store or Huawei AppGallery)
  • Do not open, run or install any attachments or click on any links in suspicious or unsolicited emails and messages

Review app permissions

Review app permissions

Be aware of what your apps can access on your devices.

  • Read and understand the permissions an app requires before you install it
  • Consider whether the requested permissions are necessary for the app’s intended functionalities
  • Avoid granting dangerous permissions that may compromise your privacy, especially apps that request access to your camera, microphone, location, contacts and similar sensitive information

Be aware of what your apps can access on your devices.

  • Read and understand the permissions an app requires before you install it
  • Consider whether the requested permissions are necessary for the app’s intended functionalities
  • Avoid granting dangerous permissions that may compromise your privacy, especially apps that request access to your camera, microphone, location, contacts and similar sensitive information

Detect and address malware

Detect and address malware

These are some suggested steps to take if you suspect your device has been infected with malware:

  • Turn on ‘flight mode’ to prevent data from being transmitted into or out of your device
  • Check that Wi-Fi is switched off and do not switch it on
  • Look for and uninstall any suspicious apps found in your device immediately
  • Run a scan on your phone using a reputable anti-virus or anti-malware software
  • Use another device to check your bank/Singpass/CPF accounts etc. for any unauthorised transaction(s)
  • Report any unauthorised transaction(s) to the Bank, the relevant authorities, and lodge a Police report
  • If, after completing the above steps, you believe your device is not infected with malware, you may continue using it. As a further precaution, consider doing a “factory reset” of your phone and changing important passwords

These are some suggested steps to take if you suspect your device has been infected with malware:

  • Turn on ‘flight mode’ to prevent data from being transmitted into or out of your device
  • Check that Wi-Fi is switched off and do not switch it on
  • Look for and uninstall any suspicious apps found in your device immediately
  • Run a scan on your phone using a reputable anti-virus or anti-malware software
  • Use another device to check your bank/Singpass/CPF accounts etc. for any unauthorised transaction(s)
  • Report any unauthorised transaction(s) to the Bank, the relevant authorities, and lodge a Police report
  • If, after completing the above steps, you believe your device is not infected with malware, you may continue using it. As a further precaution, consider doing a “factory reset” of your phone and changing important passwords

Are you sure you want to leave our site?

You are leaving the OCBC Bank website and about to enter a third party website that OCBC Bank has no control over and is not responsible for. Before you proceed to use the third party website, please review the terms of use and privacy policy of their website. OCBC Bank’s Conditions of Access and Privacy and Security Policies do not apply at third party websites.
I would like to stayLeave website