Secure Your Devices From Malware | OCBC Malaysia

#BeAProAgainstCons with OCBC's security measures and anti-scam tips

Back

Malware threats

Learn to safeguard your financial data against malware attacks

请阅读本文的中文版本

WHAT IS MALWARE?

Malware is a type of malicious software that cybercriminals use to infect their target's computers and mobile devices to perform criminal activities.

Once the device is infected, a cybercriminal may steal confidential data such as login credentials (including online banking access code, PIN and One-Time-Password (OTP) or Organisation ID, User ID, and Password) and use these details to conduct fraudulent money transfers from their victim's account. Others may gain remote control over the compromised device and data, spy on a person’s online activities, and/or perform other criminal acts like monetary transactions and fraud without their victim's knowledge or consent.

TYPES OF MALWARE

Understanding the different types of malware and how they work can help to protect your devices from threats.

HOW IS MALWARE SPREAD?
Phishing emails

Phishing emails

A common method is to send emails with attachments that may appear to originate from trusted sources or people you may know. If you open the attachments, you may end up installing malware on your computer.
Suspicious websites

Suspicious websites

Visiting malicious websites may result in harmful software being installed onto your device without your permission. These spoofed sites often appear to resemble credible websites from established companies, but exist solely to inject malware and steal data.
Infected downloads

Infected downloads

Malware can be spread by downloading infected files, which are delivered through messaging services such as SMS, WhatsApp and Telegram. It can also be easily spread through fake software and mobile app downloads from non-official sources, or via removable drives once they are connected to a computer.
Malicious ads

Malicious ads

Cybercriminals can spread malware by injecting corrupted code into online ads, which are then distributed through legitimate advertising networks and displayed on various trusted websites. You don’t even need to click on the ad – malware is automatically installed once you visit the host site.
LATEST SCAMS TO WATCH OUT FOR

From deceptive bargains to bogus QR codes, here are some malware-related scams to take note of.

HOW TO DETECT MALWARE?

If you believe your computer or mobile device may be infected with malware, watch out for these warning signs:

  • On your device
    • Look out for unfamiliar apps and icons that appear on your device which you did not install, an unusual change in the look-and-feel of your device's screen, or suspicious screen pop-ups that prompt you to install unknown apps or grant special permission to specific apps.
    • Performance issues including applications, files and websites taking a long time to load, abnormal battery drainage, and problems shutting down or starting up your device due to malware running in the background.
    • Device shutting down abruptly or getting locked up with the screen displaying the message 'System update in progress' even after it has force-restarted.
    • Dropped calls or strange disruptions during a conversation which could likely be due to interference of mobile malware.
    • Unusual phone/data bills as a result of malware sending SMS text messages to premium-rated numbers.
  • In your browser
    • A redirection to a third-party website showing a fake overlay page resembling OCBC Bank’s login page, which may prompt you to enter your login credentials, OTP from your security token, or your ATM, debit or credit card details. The website may also feature a fake hotline number (a number that does not match the contact numbers on the Bank's official website).
    • The URL shown on the fake website’s login page is different from OCBC’s official pages.
    • You are prompted repeatedly for your login credentials despite entering them correctly, or get a delayed pop-up screen that says the system is not available and repeatedly asks you to enter OTP or use your security token to generate an OTP.
    • You receive SMS text messages on OTPs you did not generate, or are prompted to authorise transactions that you have not initiated.
HOW TO PROTECT YOURSELF AGAINST MALWARE

To ensure that your online security and account information are not compromised via your devices, please adopt the following OCBC Online Banking security measures:

Secure your devices

Secure your devices

Keep your devices secure and up to date with trusted security solutions.

  • Install antivirus programmes, keep them up-to-date and run regular scans to help detect unauthorised software
  • Ensure that your operating system is updated to the latest version
  • Do not use jailbroken or rooted phones to access OCBC Mobile Banking services
  • Secure your device with biometrics, a strong password or other relevant mechanism
  • Check your devices for unknown apps that may appear at random
  • Inform OCBC immediately in event of loss/theft of your mobile device, and/or if you suspect there is unauthorised access to your account
  • Never leave your devices unattended in public places

Keep your devices secure and up to date with trusted security solutions.

  • Install antivirus programmes, keep them up-to-date and run regular scans to help detect unauthorised software
  • Ensure that your operating system is updated to the latest version
  • Do not use jailbroken or rooted phones to access OCBC Mobile Banking services
  • Secure your device with biometrics, a strong password or other relevant mechanism
  • Check your devices for unknown apps that may appear at random
  • Inform OCBC immediately in event of loss/theft of your mobile device, and/or if you suspect there is unauthorised access to your account
  • Never leave your devices unattended in public places

Safeguard your online browsing experience

Safeguard your online browsing experience

Practice safe browsing habits to limit your device’s vulnerability to malware.

  • Personally enter the domain name in your browser to log in to OCBC Online Banking
  • Ensure that the website you are visiting belongs to OCBC Personal Banking or Business Banking
  • Do not allow your web browser or devices to store your login credentials
  • Log off once session is finished and lock your computer screen when not in use
  • Do not use public devices or connect to unsecured/publicly available Wi-Fi to access Online Banking
  • Remove file and printer sharing in computers
  • Never click on links in pop-ups when browsing the internet

Practice safe browsing habits to limit your device’s vulnerability to malware.

  • Personally enter the domain name in your browser to log in to OCBC Online Banking
  • Ensure that the website you are visiting belongs to OCBC Personal Banking or Business Banking
  • Do not allow your web browser or devices to store your login credentials
  • Log off once session is finished and lock your computer screen when not in use
  • Do not use public devices or connect to unsecured/publicly available Wi-Fi to access Online Banking
  • Remove file and printer sharing in computers
  • Never click on links in pop-ups when browsing the internet

Beware of downloads

Beware of downloads

Always be cautious when downloading any files or attachments from unknown sources.

  • Do not install software or run programmes of unknown origin
  • Only download mobile apps (including the OCBC app and OCBC Business apps) from official app stores (Apple App Store, Google Play Store or Huawei AppGallery)
  • Do not open, run or install any attachments or click on any links in suspicious or unsolicited emails and messages

Always be cautious when downloading any files or attachments from unknown sources.

  • Do not install software or run programmes of unknown origin
  • Only download mobile apps (including the OCBC app and OCBC Business apps) from official app stores (Apple App Store, Google Play Store or Huawei AppGallery)
  • Do not open, run or install any attachments or click on any links in suspicious or unsolicited emails and messages

Review app permissions

Review app permissions

Be aware of what your apps can access on your devices.

  • Read and understand the permissions an app requires before you install it
  • Consider whether the requested permissions are necessary for the app’s intended functionalities
  • Avoid granting dangerous permissions that may compromise your privacy, especially apps that request access to your camera, microphone, location, contacts and similar sensitive information

Be aware of what your apps can access on your devices.

  • Read and understand the permissions an app requires before you install it
  • Consider whether the requested permissions are necessary for the app’s intended functionalities
  • Avoid granting dangerous permissions that may compromise your privacy, especially apps that request access to your camera, microphone, location, contacts and similar sensitive information

Detect and address malware

Detect and address malware

These are some suggested steps to take if you suspect your device has been infected with malware:

  • Turn on ‘flight mode’ to prevent data from being transmitted into or out of your device
  • Check that Wi-Fi is switched off and do not switch it on
  • Look for and uninstall any suspicious apps found in your device immediately
  • Run a scan on your phone using a reputable anti-virus or anti-malware software
  • Use another device to check your bank/Singpass/CPF accounts etc. for any unauthorised transaction(s)
  • Report any unauthorised transaction(s) to the Bank, the relevant authorities, and lodge a Police report
  • If, after completing the above steps, you believe your device is not infected with malware, you may continue using it. As a further precaution, consider doing a “factory reset” of your phone and changing important passwords

These are some suggested steps to take if you suspect your device has been infected with malware:

  • Turn on ‘flight mode’ to prevent data from being transmitted into or out of your device
  • Check that Wi-Fi is switched off and do not switch it on
  • Look for and uninstall any suspicious apps found in your device immediately
  • Run a scan on your phone using a reputable anti-virus or anti-malware software
  • Use another device to check your bank/Singpass/CPF accounts etc. for any unauthorised transaction(s)
  • Report any unauthorised transaction(s) to the Bank, the relevant authorities, and lodge a Police report
  • If, after completing the above steps, you believe your device is not infected with malware, you may continue using it. As a further precaution, consider doing a “factory reset” of your phone and changing important passwords