Empowering you to bank safely and securely, our No.1 priority
Be ready to ACT Against Scams!
20 March 2023
Safeguard your financial security and well-being
Last year saw a spike in the number of scams reported in Singapore. Millions of dollars have been lost to scams, with younger adults particularly affected by job and e-commerce scams, and seniors increasingly targeted by fake friend calls, investment, and phishing scams.
So how can you avoid falling prey to scams?
Join us and the National Crime Prevention Council (NCPC) to ACT against scams. By remembering just 3 simple steps – Add, Check, Tell, we will be better equipped to protect ourselves and our loved ones.
WHAT IS ACT?
Organised by the NCPC, the ACT Against Scams campaign aims to educate the public on how to prevent, spot and stop scams.

ADD
Install security tools (e.g. antivirus software) on your devices and adopt security features (e.g. biometric authentication) that enhance your online protection.

CHECK
Be vigilant and on the lookout for scam signs. Always check and verify information you receive, or are asked to share, with trusted sources.

TELL
Inform the authorities, bank and your friends, family, and community about scam encounters promptly.
Learn more about ACT on the NCPC website.
Read about how we can all “ACT Against Scams” in the Scaminar 2023 keynote address by the Ministry of Home Affairs.
COMMON THREATS
Be better prepared to ACT by learning more about the following threats:
Phishing scams

Phishing scammers may approach via email, SMS or social media pretending to be from a legitimate organisation and often offer something that is not real (like a reward) or use fear tactics (like demanding immediate action to resolve a fictitious issue) to trick victims into disclosing confidential information (e.g. their NRIC number, card details, online banking or Singpass credentials). Learn more about Phishing Scams.
Malware

Malware is a type of malicious software that cybercriminals use to infect their target's computers and mobile devices to perform criminal activities, such as stealing confidential data, gaining remote control over the compromised device and data, and spying on a person’s online activities. Learn more about Malware.
Impersonation scams

Impersonators will contact their targets claiming to be a member of a legitimate business, bank, or government official, and use fear tactics to try and convince them to reveal personal details which they then use to commit fraud. Learn more about Impersonation Scams.
Learn about the above and other common threats.
‘ADD’ WITH OCBC
Adopt the following security measures by OCBC to safeguard your banking experience:

Transaction Alerts
Set up e-alerts to receive timely notifications related to your account(s) and banking activities.

Transaction Limits
Customise your daily transaction limits according to your needs to better secure your funds.

E-Statements
Opt for e-Statements to closely keep track of all your transactions via Internet Banking or the OCBC Digital app.
For an extra layer of protection, download the ScamShield app by the NCPC to block scam calls and detect scam SMSes.
Learn how to make use of these features and explore other solutions OCBC has designed to safeguard your banking experience at: How to bank safely and securely.
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
Protect yourself against malware
Look out – especially if you have an Android device.
New variants of Android malware (‘malicious software’) allow scammers to control your device remotely or steal sensitive information like login credentials or card details. This means that scammers can log in to your account and make fraudulent transactions or transfers without your knowledge.
Android malware may be found in apps available in the Google Play Store. They could also be disguised as ‘helpful apps’ in Android Package Kit (APK) files that you may be tricked into downloading. By downloading them or giving access to certain functions, you may unwittingly allow scammers to take control of your device.
The Police and the Cyber Security Agency of Singapore have released an advisory on malware. Read more.
Here is how you can protect yourself against malware:
- Only download apps from the App Store (for iOS) or Google Play Store (for Android).
- Do not download apps (e.g. email attachments, pop-up advertisements or links coming from unsolicited emails, messages or social media posts) without verifying the authenticity and source.
- When installing apps, review the permissions that are requested. Make sure they are genuinely necessary. Asked to download additional apps? Be very wary.
- Install anti-virus software and malware removal tools on phones, computers and devices with Internet access.
- Always get the latest versions of your devices’ operating systems and applications – the latest security patches will address security vulnerabilities. Enable automatic updates so your devices are protected.
- Check transaction details carefully and read the notifications we send you. Notify us immediately if you receive alerts for transactions you did not make.
If you believe you have fallen prey to a scam, please visit any OCBC Bank branch or call our Personal Banking hotline at 6363 3333 (or +65 6363 3333 if you are overseas) and press 9 to report fraud. To temporarily freeze all your accounts, you can activate the emergency kill switch via the OCBC Digital app, selected OCBC ATMs or our hotline (press 8).
As scams constantly evolve, please stay vigilant at all times.
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
Be wary of scammers this festive season
19 December 2022
’Tis the season to be vigilant
The festive season will see a surge in scams. Let our new Safety and Security information hub be your one-stop guide to banking safely online. Learn about the safeguards we have that protect you when you bank online.
PROTECT YOURSELF FROM SCAMMERS
Do you know which types of scams are most prevalent in Singapore? So you can better protect yourself, familiarize yourself with scam tactics – and what to do when you encounter a scam – on the Safety and Security information hub.
e-Commerce scams

Stay safe online. Read our response to the top questions about e-Commerce scams:
- What e-Commerce scams are and how such scammers operate
- How to avoid becoming a victim
- What to do if you have been scammed
Job scams

Got a lucrative job opportunity that requires no job experience? Learn the tactics scammers use to prey on your aspirations.
Impersonation scams

Learn how to spot impersonators who may approach you by claiming to be from a legitimate business or the local government.
Spot the scams
Stay safe this festive season by learning more about these and other prevalent scams in Singapore (e.g. phishing scams, loan scams and love scams).
BANK SAFELY AND SECURELY
Explore the Safety and Security information hub to discover the measures that we have in place to help you bank safety. Learn how to get help to resolve your concerns and read about:

How to get started with online banking
Take the first steps towards a safe and secure online banking experience. Learn how to set up the OCBC OneToken, activate the biometric login feature and set limits for your transactions.

How we protect you
Explore the security features and measures that we have designed to safeguard your account(s), such as the OCBC Kill Switch which you can use to temporarily freeze your accounts and cards to stop fraudsters.

Security advisories
Stay on top of evolving fraud and cyber threats. Learn how to better protect yourself and read more about the latest measures we have implemented for your protection on this page.
Always remember. Never reveal your card details, online banking login credentials or One-Time Passwords (OTPs) to anyone. Learn to bank safely and securely.
Got a call from someone claiming to be from OCBC? Beware
09 November 2022
Several customers have reported receiving calls from scammers claiming to be from OCBC.
Be on your guard. Calls that are not from us have these tell-tale signs:
- The caller might ask you to reveal your Online Banking login credentials, card details, PIN and/or your One-Time Password (OTP) on the pretext of helping you solve ‘issues’ with your account or card. This is a trap: They will use these details to take over your account.
- The caller might also transfer the call to another scammer impersonating a government official or police officer, who will then request that you transfer money to them – supposedly to ‘resolve the issues’ with your account or card, or to ‘solve a crime’.
Beware of such calls. They are NOT from us.
How to protect yourself:
- Be wary of calls with the ‘+’ prefix, especially when you are not expecting an international call. Always verify the identity of the person(s) and the organisation(s) by calling their hotline numbers.
- Do not provide your Access Code, PIN, card details or OTP to anyone. OCBC employees will never ask you to reveal your PIN/OTP or transfer funds to personal accounts.
- Do not call any numbers or click on any links in SMSes. We will never send you SMSes or emails with clickable URLs.
- Read the notifications we send you carefully and alert us if any transaction was not made by you.
- Never authorise a transaction or login unless you know its purpose.
If you believe you have fallen prey to a scam, please visit any OCBC Bank branch or call our Personal Banking hotline at 6363 3333 (or +65 6363 3333 if you are overseas) and press 9 to report fraud. To temporarily freeze all your accounts, you can activate the emergency kill switch via the OCBC Digital app, selected OCBC ATMs or our hotline (press 8).
As scams constantly evolve, please stay vigilant at all times.
Visit ScamAlert.sg to learn how to spot scams and test how alert you are by taking the National Crime Prevention Council’s (NCPC) Scam Buster Quiz.
By visiting the above URL, you will be redirected to the NCPC website.
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
When deals sound too good to be true
08 November 2022
Tempted by an online offer or advertisement shouting a fantastic deal or product that is way below market price? Did the e-commerce merchant or social media seller insist on your making a bank transfer instead of using the online platform’s secure payment option?
Beware of e-commerce and social media advertisement scams as you browse online marketplaces and social media accounts. Some advertisements may even claim that they are offering deals from the Bank. They are not.
The Singapore Police Force reported that 2,707 people fell victim to e-commerce scams in 2021. Do not be the next victim.
Read on for tell-tale signs of e-commerce scams and how to protect yourself.
E-commerce or social media advertisement scams prey on your fear of losing out on a fantastic deal
Here is how they may prey on you:
- What they will steal: Your money, digital banking login credentials and card details.
- Where:Through online marketplaces or social media accounts.
-
How: Scammers may tempt you with deals or products that are way below the market price or disguised as limited time-only or flash deals. They will ask you to make bank transfers instead of using the platform’s payment options.
In some cases, after clicking on a social media advertisement, you will be brought to a website and asked to key in your contact details so a ‘representative’ can contact you. In other cases, you may be asked by a ‘representative’ from a postal or delivery company to click on a URL and provide your card details to resolve issues with your parcel.
How to protect yourself
- Beware of deals that sound too good to be true. Always check the credibility of online sellers by reading reviews of their services. As far as possible, purchase only from reputable merchants.
- Avoid making payments or deposits in advance. If an advance payment is required, use the shopping platform’s secured payment option or arrangement that releases payment to the seller only when you receive the item.
- Do not provide your Access Code, PIN, card details or One-Time Password to anyone. Do not key such information into unverified webpages.
- Never authorise a transaction or login unless you know its purpose.
- Always read your bank notifications carefully and notify us immediately if the transactions are not performed by you.
If you believe you have fallen prey to a scam, please visit any OCBC Bank branch or call our Personal Banking hotline at 6363 3333 (or +65 6363 3333 if you are overseas) and press 9 to report fraud. To temporarily freeze all your accounts, you can activate the emergency kill switch via the OCBC Digital app, selected OCBC ATMs or our hotline (press 8).
Be vigilant. Protect yourself from scams.
Visit ScamAlert.sg to learn how to spot scams and test how alert you are by taking the National Crime Prevention Council’s (NCPC) Scam Buster Quiz.
By visiting the above URL, you will be redirected to the NCPC website.
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
Phishing scams involving banks are on the rise again
19 October 2022
The police have observed another surge of phishing scams involving scammers who impersonate banks and target victims through SMS.
Beware of SMSes that ask you to call a hotline or click on a URL to resolve an issue involving your bank account or credit card.
- If you call the hotline, you will be asked to provide your personal and banking details (supposedly to verify your identity), followed by your One-Time Password (OTP).
- If you click on the URL, you will be taken to a website controlled by the scammers and asked to provide your online banking login credentials, card details or OTPs.
Here are samples of such phishing SMSes:



Read the police advisory on the resurgence of bank phishing scams here.
How to protect yourself:
- Do not call any numbers or click on any links in SMSes. We will never send an SMS to inform you about login issues, account closures or your being locked out of your account.
- Do not provide your Access Code, PIN, card details or OTP to anyone. OCBC employees will never ask you to reveal your PIN/OTP or transfer funds to personal accounts.
- Do not key such information into unverified webpages. We will never send you any SMSes or emails with clickable URLs.
- Use only the official OCBC Digital mobile banking app or OCBC Pay Anyone™ app, or go to the OCBC website > Login > Personal Banking.
- If you believe you have fallen prey to a scam, please visit any OCBC Bank branch or call our Personal Banking hotline at 6363 3333 (or +65 6363 3333 if you are overseas) and press 9 to report fraud. To temporarily freeze all your accounts, you can activate the emergency kill switch via the OCBC Digital app, selected OCBC ATMs or our hotline (press 8).
As scams constantly evolve, we must keep ourselves updated on the latest trends and be alert to the signs to look out for.
Visit ScamAlert.sg to learn how to spot scams and test how alert you are by taking the National Crime Prevention Council’s (NCPC) Scam Buster Quiz.
By visiting the above URL, you will be redirected to the NCPC website.
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
Protect your Singpass login credentials
7 October 2022
Scammers are now sending phishing SMSes to obtain your Singpass login credentials.
If you click on the links in such SMSes, you will be taken to a spoofed Singpass login page and asked to key in your Singpass ID and password.
Thereafter, you will be directed to a spoofed bank login page and prompted to enter your Online Banking credentials and One-Time Password (OTP). The scammers will then use these to fraudulently apply for credit cards or open bank accounts.
Please take heed when asked for your Singpass login credentials. Do not let your guard down.



Read the police advisory on phishing scams that target your Singpass login credentials here
To protect yourself, keep these tips in mind:
- Singpass is your digital identity. Treat it with care as your Singpass login credentials can be used to access thousands of services, including applying for credit cards or opening bank accounts.
- Do only scan the Singpass QR code on the website of the digital service that you wish to access or tap the Singpass QR code on the app of the digital service.
- DO NOT key any personal information into unverified webpages.
- If you believe you have fallen prey to a scam, please visit any OCBC Bank branch or call our Personal Banking hotline at 6363 3333 (or +65 6363 3333 if you are overseas) and press 9 to report fraud. To temporarily freeze all your accounts, you can activate the emergency kill switch via the OCBC Digital app, selected OCBC ATMs or our hotline (press 8).
Logging in to OCBC Internet Banking by scanning a Singpass QR code?
![]() |
Always check and ensure that the OCBC URL shown in your Singpass app matches the URL on your browser. |
OCBC URL: internet.ocbc.com | |
![]() |
Ensure that the login or transaction request was initiated by you before tapping the ‘Log In’ button on your Singpass app. |
As scams constantly evolve, we must keep ourselves updated on the latest trends and be alert to the signs to look out for.
Visit ScamAlert.sg to learn how to spot scams and test how alert you are by taking the National Crime Prevention Council’s (NCPC) Scam Buster Quiz.
By visiting the above URL, you will be redirected to the NCPC website.
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
Do your part in keeping scammers away
23 September 2022
We have robust controls in place – two-factor authentication and One-Time Passwords – to safeguard your accounts and transactions. But these measures alone are not enough as scammers are continually devising ways to trick you into giving away your Online Banking login credentials and card details.
These can range from email spoofing and phishing to posing as merchants or companies asking you to open accounts with them.
Always review your transaction details and notify us immediately if you see any suspicious activity in your account(s).
Read on for the ways to protect yourself from scams.
How to protect yourself from scams
-
Update your mobile number and email address with us to receive e-Alerts and One-Time Passwords (OTPs)
e-Alerts notify you of transactions made using your account so you can inform us quickly if they were not made by you.
OTPs are sent via email or SMS as an extra layer of protection before you can perform certain ‘high-risk’ transactions.
Hence, it is crucial for you to ensure your contact details are updated with us.
Here is how you can update them:
-
OCBC Internet Banking
Log in > Customer service > Change personal details
-
OCBC Digital app
Log in > Menu > Profile & Settings > Update phone number/email
Remember, we will never send you SMSes to inform you about login issues, account closures or your being locked out of your account. Received SMSes or emails with clickable URLs? They are not from us.
-
-
Read your letters and statements
Do not ignore documents – e.g. letters and statements – that we send you. Read them carefully and inform us if you see any unfamiliar transactions.
Here is how you can view your documents:
-
OCBC Internet Banking
Log in > Your accounts > Documents
-
OCBC Digital app
Log in > Tap on the left menu bar > Documents
To protect your account details, you will be asked – before you can access the documents – to enter an 11-character alphanumeric password (case-sensitive) in the following format:
-
-
Get in touch immediately if needed
If you believe you have fallen prey to a scam, call our Personal Banking hotline hotline at 6363 3333 or (+65 6363 3333 if you are overseas) for assistance. Press 9 to report fraud or 8 to temporarily freeze all your accounts and cards.
Visit ScamAlert.sg to learn how to spot scams and test how alert you are by taking the National Crime Prevention Council’s (NCPC) Scam Buster Quiz.
By visiting the above URL, you will be redirected to the NCPC website.
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
Time to update the software version for your device/browser
Apple Inc. released an important security update for iOS devices recently. This update will fix a security flaw that allows hackers to take control of iOS devices and access data stored within.
Google has also advised users to download the latest update for their Chrome browser to fix a security flaw, where a feature in the browser allows applications and web services to be launched directly from a webpage.
Read more on Apple’s software update here and Google’s Chrome browser security update here.
We urge you to update your devices and Chrome browser with the latest software as soon as possible. Subsequently, do update your software regularly for better security.
How to update the software
iOS device
Visit Apple’s website for details or take the following steps:
|
|
|
Android device
Visit Android’s website for details or take the following steps:
|
|
|
Google’s Chrome browser
Check if the latest version has already been updated automatically by taking the following steps:
- Click on the three dots at the top right corner of the browser
- Select ‘Help'
- Select ‘About Chrome’
- Click on ‘Update Google Chrome’ button if the browser has not been updated with the latest patch
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
Protect your Singpass details
17 August 2022
Do be extra alert if asked for your Singpass details. Scammers are now trying to obtain Singpass details through phishing SMSes claiming to be from government agencies such as IRAS.
Upon clicking on the link in such SMSes, victims will be directed to a spoofed Singpass login page and asked to key in their Singpass ID and password.
Thereafter, victims are redirected to a spoofed bank login page where they are prompted to enter their Online Banking credentials and One-Time Password (OTP). These will be used to apply for credit cards or open bank accounts.
Here are samples of such phishing SMSes:



Read the police advisory on phishing scams involving IRAS and Singpass here.
How to protect yourself:
- Singpass is your digital identity. Treat it with care as your Singpass login credentials can be used to access thousands of services, including applying for credit cards or opening bank accounts.
- Do only scan the Singpass QR code on the website of the digital service that you wish to access or tap the Singpass QR code on the app of the digital service.
- DO NOT key any personal information into unverified webpages.
- If you suspect that you have been scammed, call our hotline at 1800 363 3333 and press ‘9’ to report a case or ‘8’ to activate the ‘kill switch’ feature, which will temporarily suspend all your accounts.
Want to log in to OCBC Internet Banking by scanning a Singpass QR code?
![]() |
Always check and ensure that the OCBC URL shown in your Singpass app matches the URL on your browser. |
OCBC URL: internet.ocbc.com | |
![]() |
Ensure that the login or transaction request was initiated by you before tapping the ‘Log In’ button on your Singpass app. |
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
Ensure your contact details are up to date to protect your account(s)
19 July 2022
Protecting your account(s) and banking activities is of utmost importance to us. This is why we have continually rolled out measures to keep you safe.
Our latest effort, which will be launched in August, will require an extra layer of authentication for certain ‘high risk’ digital banking transactions. This means that you will be required to enter a One-Time Password (OTP) sent via SMS or email before the transaction can proceed.
As such, we will need you to ensure that we have your latest contact details. Please choose one of the following:
- OCBC Online Banking
Log in > Customer Service > Change personal details > Edit - OCBC Digital app
Log in > Tap on the left menu bar > Profile & Settings > Update phone number/email
Emergency Kill Switch On OCBC Digital App
For your convenience, we have also availed our emergency kill switch feature on the OCBC Digital app. Previously available only at OCBC ATMs and via our hotline (press 8), you can now – if you suspect that your bank details have been compromised – temporarily freeze all your current/savings accounts (including joint accounts) and debit/credit cards, as well as access to ATMs and the OCBC Digital and Pay Anyone apps immediately. Once you trigger the kill switch, a customer service executive will contact you to verify your instructions.
Remember, the kill switch should only be used in emergencies. If you need help with services like the following, here is what you can do:
Services | What you can do |
1. Suspend a card |
Use the “Report lost card” or “Lock card” function via your OCBC Digital app. |
2. Report a lost card |
Call our Personal Banking hotline (OCBC website > Contact us) if you have lost your card and need a replacement. Alternatively, use the “Report lost card” function via the OCBC Digital app. |
3. Dispute an unauthorised transaction for your card |
Call our Personal Banking hotline (OCBC website > Contact us) or log in to the OCBC Digital app/Online Banking. |
If you wish to report fraud or a scam, you may visit any OCBC Bank branch or call our Personal Banking hotline (OCBC website > Contact us) and press 9.
Do continue to stay alert as scams are constantly evolving. You should never provide your Access Code, PIN, card details or OTPs to anyone.
Scammers will impersonate anyone
6 July 2022
In 2021, the largest amount lost in a single impersonation scam was $6.2 million. Do not be the next victim.
Here are some tell-tale signs that scammers are on the prowl:
Received a phone call from an unknown number with the “+” prefix, supposedly from a government agency or the police, claiming that you are under investigation for a crime?
Got an SMS asking you to call a hotline or click on a URL to resolve an issue involving your bank account or credit card?
Take a step back and think before you act.
Read on and protect yourself. Impersonation scams prey on your fears
Impersonation scams evolve. Scammers today claim to be the police, bank staff and local or overseas government officials.
Here is how they may prey on you:
- What they will steal: Digital banking login credentials and card details.
- Where: Through phone calls usually with the “+” prefix, social messaging apps, automated voice messages, SMSes and emails.
- How: Scammers typically play on your fears, giving you a variety of reasons and asking you to act quickly. Here are 2 common methods:
- In the first method, you may receive phone calls, usually with the “+” prefix, from scammers who claim to be government officials. The scammers will tell you that you are under investigation for crimes.
- In the second method, you may receive an SMS claiming that your bank accounts have been frozen and you must either click on a URL link or call a number stated in the SMS.
Under the pretext of resolving the issue, the scammers may ask you to take one or more of the following actions:
- Provide your Online Banking login credentials, credit/debit card details and/or One-Time Passwords (OTPs) – this will allow them to make fraudulent transactions and/or set up GIRO arrangements electronically and make unauthorised transactions.
- Apply for Internet Banking service or reveal your login credentials to some foreign ‘police’ or ‘government official’ who is investigating offences in Singapore or overseas.
- Scan a Singpass QR code on a phishing site (on the pretext that it is part of the verification process).
How to protect yourself
- Do not call any numbers or click on any links in SMSes. We will never send an SMS to inform you about login issues, account closures or your being locked out of your account.
- Do not key such information into unverified webpages. We will never send you any SMSes or emails with clickable URLs.
- Be wary of calls with the “+” prefix, especially when you are not expecting an international call. Always verify the identity of the person(s) and the organisation(s) by calling their hotline numbers.
- Do not provide your Access Code, PIN, card details or OTP to anyone. OCBC employees will never ask you to reveal your PIN/OTP or transfer funds to personal accounts.
- Always read your bank notifications carefully and notify us immediately if the transactions are not performed by you.
- Never authorise a transaction or login unless you know its purpose.
If you believe you have fallen prey to such scams, please call our Personal Banking hotline at 6363 3333 (or +65 6363 3333 if you are overseas) for assistance. Press 9 to report fraud or 8 to temporarily freeze all your accounts and cards.
Be vigilant. Protect yourself from scams.
Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to them.
Read the police media release on Impersonation Scam here.
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
BEWARE of SMS phishing scams offering a free online investment training course
24 June 2022
Scammers have been sending SMSes claiming that OCBC is offering a free online investment training course. Recipients are invited to join a WhatsApp group by adding the mobile number provided in the SMS.
This is a scam – such SMSes are not sent by OCBC Bank. DO NOT respond to the SMSes or click on any links. NEVER add unknown numbers to your WhatsApp contact list.
Sample of SMS:
If in doubt, call our Personal Banking hotline at 6363 3333 (or +65 6363 3333 if you are overseas) for assistance. Press 9 to report fraud or 8 to temporarily freeze all your accounts and cards.
Tips to protect yourself against such scams
-
DO NOT call any numbers or click on any links in SMSes. We will never send an SMS to inform you about login issues, account closures or your being locked out of your account
-
DO NOT provide your Access Code, PIN, card details or One-Time Password (OTP) to anyone. OCBC employees will never ask you to reveal your PIN/OTP or transfer funds to personal accounts.
-
DO NOT key such information into unverified webpages. We will never send you any SMSes or emails with clickable URLs.
-
Use only the official OCBC Digital mobile banking app or OCBC Pay Anyone™ app, or go to the OCBC website > Login > Personal Banking.
-
DO NOT transfer money to strangers.
-
Always read the transaction notification alerts sent by the Bank via SMS, email or push notification – they are our first line of defence. Read them carefully and inform us immediately if the transactions are unauthorised.
Be vigilant. Protect yourself from scams.
Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to them.
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
Beware of SMS scams that direct you to call a hotline or click on a URL
24 May 2022 (Updated on 8 June 2022)
Beware of SMS scams that direct you to call a hotline or click on a URL to resolve an issue involving your bank account or credit card.
Scammers will send an SMS claiming that there are issues with your bank account, credit or debit cards. To resolve these issues, you are urged to call the number in the SMS or click on a URL.
- If you put a call through, a scammer will answer and confirm that there are issues with your card(s), then ask for your credit or debit card details, login credentials and One-Time Passwords (OTPs) under the pretext of assisting you.
- If you click on the URL, you will be taken to a website controlled by the scammers and asked to provide your online banking login credentials, card details or OTPs.
Sample of phishing SMSes:



How to protect yourself:
- Do not call any numbers or click on any links in SMSes. We will never send an SMS to inform you about login issues, account closures or your being locked out of your account.
- Do not provide your Access Code, PIN, card details or OTP to anyone. OCBC employees will never ask you to reveal your PIN/OTP or transfer funds to personal accounts.
- Do not key such information into unverified webpages. We will never send you any SMSes or emails with clickable URLs.
- Use only the official OCBC Digital mobile banking app or OCBC Pay Anyone™ app, or go to the OCBC website > Login > Personal Banking.
- If in doubt, call our Personal Banking hotline at 6363 3333 (or +65 6363 3333 if you are overseas) for assistance. Press 9 to report fraud or 8 to temporarily freeze all your accounts and cards.
Be vigilant. Protect yourself from scams.
Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to them.
Read the police media release on bank-related phishing scams here: https://www.police.gov.sg/media-room/news/20220522_police_advisory_on_banking-related_phishing_scams.
Spot the signs, stop the crimes. Stay vigilant at all times.
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
Watch out for tech support scams
17 May 2022
Tech support scams are back.
Scammers will approach victims under the pretext of assisting them to resolve computer or Wi-Fi network issues. Since January 2022, the police have reported that at least 154 victims have lost at least $7.1 million in such scams. Do not be the next victim.
Got a pop-up alert on your Internet browser claiming that your computer has been compromised so that you should call a number for help?
Received an unsolicited call, supposedly from your Internet Service Provider, claiming that your Wi-Fi network has been compromised by hackers?
Do not act. These are 2 common methods used by scammers to gain access to your banking accounts.
Read on – spot the tell-tale signs. Protect yourself.
Tech support scams prey on your fears
Be on your guard. Tech support and impersonation scams are on the rise and scammers can impersonate helpdesk support staff from telecommunication companies, IT firms, police, local or overseas government officials.
Here is how they may prey on you:
- What they will steal: Card details or digital banking login credentials.
- Where: Through pop-up alerts on your internet browser, unsolicited phone calls, automated voice messages or video calls.
- How: Scammers will continue to evolve their scam tactics, they will typically play on your fears, giving you a variety of reasons and asking you to act quickly. Here are 2 common methods:
- In the first method, victims will receive a pop-up alert while using the Internet on their computers. The alert states that their computer has been compromised and they must call the software provider for assistance. The number usually begins with +65, leading the victims to believe it is a valid local helpdesk number and that they will eventually speak to ‘tech support staff’.
- In the second method, the victims will receive unsolicited calls from scammers who claim to be working for Internet Service Providers. The scammers will tell the victims that their Wi-Fi network has issues or has been compromised by hackers. The scammers claim they are able to ‘help’ rectify this problem.
In some instances, the scammers may also claim that the victim has committed a criminal offence and that they are investigating the issue.
Under the pretext of resolving the issue, the scammers may ask the victims to do one or more of the following actions:
- Download remote access software, such as TeamViewer, UltraViewer or AnyDesk, which gave the scammers control of the victims' devices.
- Provide their Online Banking login credentials, credit/debit card details and/or One-Time Passwords (OTPs), which allow them to make fraudulent transactions.
- Open accounts or apply for Internet Banking services, which allow them to take control of the victims’ bank accounts.
- Scan a Singpass QR code on a phishing site (on the pretext that it is part of the verification process). This may lead to cryptocurrency wallets being unknowingly created in the name of the victims and used to facilitate illicit flows of funds.
- Transfer money to people they do not know.
How to protect yourself
- Spot the tell-tale signs: Beware of unsolicited calls or unusual pop-up alerts on your device.
- Ignore calls with the +65 sign prefix as these are international calls pretending to be domestic calls.
- Always verify the identity of the person(s) and the organisation(s) by calling their official hotline number(s).
- Do not answer unsolicited calls. If you do accidentally answer, do not install software in or type commands on your computer.
- Never reveal your login credentials, card details or personal information to anyone.
- Never authorise a transaction or login unless you know its purpose.
Should you believe you have fallen prey to such scams, you are advised to take these immediate steps:
- Log off and turn off your computer to limit any further activities that the scammers can execute; and
- Call our Personal Banking hotline at 6363 3333 (or +65 6363 3333, if you are overseas) for assistance. Press option 9 to report fraud or 8 to temporarily freeze all your accounts and cards.
Be vigilant. Protect yourself from scams.
Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to them.
Read the police media release on Tech Support Scam here: https://www.police.gov.sg/Media-Room/News/20220426_joint_advisory_on_tech_support_scam
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
Latest scams sent from ‘OCBC’-looking SMS headers
29 April 2022
We have received reports from customers who have received SMSes that appear to originate from “OCBC” under similar-looking SMS headers like “OC ALERT” and "OC ONLINE". Beware - they are not sent by the Bank.
- We will never send an SMS to inform you about about login issues, account closures or your being locked out of your account.
- We will never send you any SMSes or emails with clickable URLs.
- Use only the official OCBC Digital mobile banking app or OCBC Pay Anyone™ app, or go to the OCBC website > Login > Personal Banking.
- Do not provide your Access Code, PIN, card details or OTP (One-Time Password) to anyone.
- Do not key such information into unverified webpages.
- Beware of SMS scams which direct you to call a fake hotline. If in doubt, call our hotline directly at 6363 3333 (or +65 6363 3333, if you are overseas).
Sample of phishing SMSes NOT sent by us:


We have availed a dedicated option for customers calling our hotline – 6363 3333 – to report possible fraud (just press 9).
Spot the signs, stop the crimes. Be alert, not a victim.
Beware of police impersonation scams. Do NOT reveal your login credentials or card details to anyone.
13 April 2022
Be on your guard. Impersonation scams are on the rise and scammers can impersonate anyone, including the police, local and overseas government officials.
Here is how they may prey on you:
- What they will steal: Digital banking login credentials or card details.
- How they will get in touch: Through unsolicited phone calls, automated voice messages or even video calls showing a Singapore Police Force logo in the background (the caller will pretend to be a police officer).
- What they might say: They will play on your fears, asking you to help ‘the police’ resolve some issue. They might also claim that you are under investigation for being a money mule or a financial crime/money laundering offence.
To resolve these issues, the scammers will ask you to:
- Apply for Internet Banking service or provide your online banking login credentials to the police or government officials so they can investigate offences in Singapore or other countries. Gaining access to them will allow them to make fraudulent funds transfers or set up unauthorised recurring funds transfers to certain organisations or payment wallets via eGIRO.
- Provide your credit card details and/or One-Time Passwords (OTPs), which allow them to make transactions using your cards.
- Open account that they will subsequently take control of.
- Transfer money to someone you do not know.
How to protect yourself:
- Spot the tell-tale signs: Impersonation scams will usually start from unsolicited calls or requests.
- Verify the identity of the person(s). Speak to a family member/trusted friend for help.
- Do not be in a hurry to act. Stay vigilant. Never give out your login credentials, card details or personal information to anyone.
- Never transfer money to people/accounts that you do not know.
- Read our security advisory at the OCBC Internet Banking or OCBC Digital app home page.
- Visit the National Crime Prevention Council’s ScamAlert SG website to learn – and take a short quiz – about scams and how to avoid being a victim.
Be vigilant. Protect yourself from scams.
Please call our Customer Service hotline at 6363 3333 (or +65 6363 3333, if you are overseas) for assistance. To report possible fraud, please press 9.
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
Stay vigilant and guard against imminent scams
06 April 2022
As the nation tackles sharp spike in the number of reported cases on scams in 2021, we would like to bring your attention to the prevailing types of scams which preyed on human's emotions and greed.
Impersonation Scams, preying on your fears
Be on your guard. Impersonation scams are on the rise and scammers can impersonate anyone, including bank staff, your family and friends, the police, local or overseas government officials and technical support staff.
Here is how they may prey on you:
- What they will steal: Card details or digital banking login credentials.
- Where: Through social media, chat apps, phone calls, automated voice messages, or even via a video call to you with a bank logo in the background, pretending to be calling from the bank.
- How: They will play on your fears, giving you reasons like the following and asking you to act quickly:
- Your account/card is frozen or login attempts were made using your account.
- Your Internet connection needs to be fixed.
- You must help ‘the police’ resolve some issues or you are under investigation for being a money mule, or a financial crime/money laundering offence.
- You are asked to apply for Internet Banking service or reveal your login credentials to some China ‘police’ or ‘government officials’ to investigate on offences in Singapore or China.
- You are given an attractive offer from the bank or a company.
To resolve these issues or to take up the offer, the scammers will ask you to:
- Download remote access software, which allow them to gain access to your computers or mobile devices.
- Provide your credit card details and/or One-Time Passwords (OTPs), which allow them to make transactions using your cards.
- Provide your online banking login credentials, which allow them to make funds transfers or payments.
- Open account or apply for Internet banking services which allow them to take control of your bank accounts.
- Transfer money to someone you do not know.
Impersonation scam poster from Scamalert.sg:
Jobs Scams, preying on greed through quick lucrative returns
Ever come across online advertisements or phone messages offering easy jobs with lucrative returns?
If it seems too good to be true, it probably is – such advertisements and messages are job scams. Do NOT respond to them or allow your bank accounts to be used by these scammers.
Common tactics adopted by scammers:
- Receiving unsolicited messages, via social media or messaging apps, and given details of an attractive, commission-based job offer.
- You are added into a group chat with others supposedly doing the same job. These other ‘job seekers’ (fraud actors) will talk about how easy the job is and how quickly money can be made.
- You are asked to take these steps: Add certain items to your shopping cart on an e-commerce site, take a screenshot of the shopping cart page, then transfer funds to a bank account.
- You are told that this will help improve sales and are promised a full refund – with an attractive commission to boot.
- In order to perform more job tasks and earn the commission, you may also be directed to recruit more members to upgrade your membership status.
- After receiving the initial commissions, you will realise you will NOT be able to get back the sums of money you have transferred to the scammers.
Job scam poster from Scamalert.sg:
How to protect yourself:
- Spot the tell-tale signs: Both types of scams will usually start from unsolicited calls or requests.
- Verify the identity of the person(s). Speak to a family member/trusted friend for help.
- Do not be in a hurry to act. Stay vigilant. Never give out your login credentials, card details or personal information to anyone.
- Never transfer monies to people/ accounts whom you do not know.
- Read our security advisory at the OCBC Internet Banking or OCBC Digital app login page.
- Guard against the different types of scams and take a short quiz by the National Crime Prevention Council via the Scamalert SG website.
Be vigilant. Protect yourself from scams.
Read the Police Advisory alert on: China officials Impersonation Scams.
Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to scams.
Please call our Customer Service Hotline at 6363 3333 (or +65 6363 3333, if you are overseas) for assistance. To report possible fraud, please press 9.
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
Do not be the next victim of Job Scams!
24 March 2022
Ever come across online advertisements or receive messages from strangers online, offering easy-to-do tasks for attractive commission?
Scammers would offer fake online jobs which requires the victims to complete easy tasks such as making online purchases or doing surveys.
If it seems too good to be true, it usually is – such advertisements and messages are job scams. Do NOT respond to them or allow your bank accounts to be used by these scammers.
Look out for these red flags if you receive unsolicited job offers:
- Easy jobs that offer lucrative commissions that are simply too good to be true;
- Unsolicited messages advertising job offers from unknown numbers or unknown foreign numbers;
- Requests to transfer funds to bank accounts belonging to individuals they had not met in person; and
- Requests to open and hand over bank accounts to anyone.
The following is a common tactic that scammers use in job scams:
- You will receive unsolicited WhatsApp messages, Facebook or Telegram posts on advertisements promoting highly paid work-from-home jobs.
- You are added into a group chat with others supposedly doing the same job. These other ‘job seekers’ will talk about how easy the job is and how quickly money can be made.
- You are asked to complete easy tasks such as making online purchases.
- You are told that this will help improve sales and are promised a full refund – with an attractive commission to boot.
- You will be given refunds – with commission – as promised, for the first few purchases. However, you will be asked to pay for increasingly expensive items.
- In order to perform more job tasks and earn the commission, you may also be directed to recruit more members to upgrade your membership status.
- You will NOT get your money back after transferring a large sum of money.
Screenshots of the job scam websites:
Victims will realise that they had been scammed when they did not receive further commissions or were unable to make withdrawals from their member accounts. These job scammers are believed to be running Ponzi-like schemes where the new job seekers’ money was used to pay the promised commissions to existing job holders.
How to protect yourself against job scams:
- Do not accept dubious or unsolicited job offers that offer lucrative returns for little effort.
- Do not transfer money to people you do not know.
- Do not disclose your card details, online banking login credentials or One-Time-Passwords (OTPs) to anyone.
- Ensure that we have your latest contact details.
- Have us notify you via SMS, email or push notification (e-Alerts) about transactions that took place in your account. Set your e-Alert threshold limits or change your settings via Internet Banking > Customer service > Manage e-Alerts.
- Always read the e-Alerts carefully and call us immediately if you notice something amiss.
- If you have an iOS device, consider downloading the ScamShield app – it blocks unsolicited messages and calls. Visit www.scamshield.org.sg to find out more.
Be vigilant. Protect yourself from scams.
Read the Police Advisory alert regarding Job Scams: Another 14 Investigated For Their Suspected Involvement In Ponzi-Like Job Scams Involving E-Commerce Affiliate Business (EAB) (police.gov.sg)
Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to scams.
Please call our Customer Service Hotline at 6363 3333 (or +65 6363 3333, if you are overseas) for assistance. To report possible fraud, please press 9.
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
Beware: Latest SMS scam directs you to a fake URL
08 March 2022
We have received reports from customers who have received SMSes that appear to originate from “OCBC”, but they are not. Please take note of the following:
- We will never send an SMS to inform you about account closures or being locked out of your account.
- We will never send you any SMSes or emails with clickable URLs.
- Use only the official OCBC Digital mobile banking app or OCBC Pay Anyone™ app, or go to the OCBC website > Login > Personal Banking.
- Do not provide your Access Code, PIN, card details or OTP (One-Time Password) to anyone. Do not key such information into unverified webpages.
- Beware of SMS scams which direct you to call a fake hotline. If you're ever in doubt, call our hotline directly at 6363 3333 (or +65 6363 3333, if you are overseas). Do not call any numbers provided in the SMS.
Sample of Phishing SMS that is NOT sent from OCBC Bank:
Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to them.
Spot the signs, stop the crimes. Be alert, not a victim.
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
Beware: Latest scams target the use of Singpass
24 February 2022 (last updated 02 March 2022)
The police have issued a media advisory alerting the public to a new type of scam: Getting you to scan Singpass QR codes so the fraudsters can access digital services and take certain actions in your name.
These scams involve fake surveys, purportedly conducted on behalf of reputable companies or organisations in Singapore, with participants recruited via online forums, e-commerce sites and other such channels.
Upon completing the survey, the victim is asked to scan a Singpass QR code with his or her Singpass app – supposedly part of a verification process to retrieve the survey result so a monetary reward can be gained. The police warned that these Singpass QR codes were actually screenshots of legitimate websites and that scanning the codes and authorising transactions without further checks will grant the scammers access to certain online services.
Scammers have misused the access to register businesses, subscribe for new mobile lines or open new bank accounts in the victim’s name. Victims only realised something was amiss when notified of these transactions by their telco or bank, or after receiving notifications in their Singpass Inbox that their personal details had been retrieved.
To learn more, please read the full police advisory.
Singpass Mobile can be used to log in to bank accounts, so do keep your Singpass access secure.
Protect yourself against scams
- Never scan any Singpass QR codes sent to you by others. OCBC will not send you Singpass QR codes or links to Singpass QR codes via SMS, email or a messaging app.
- Only scan the Singpass QR code on the official website of the digital service that you want to access or tap on the Singpass QR code on the official app of the digital service.
- Always use only the official OCBC Digital mobile banking app or OCBC Pay AnyoneTM app. Alternatively, go to the OCBC website > Login > Personal Banking.
If you log in to OCBC Internet Banking by scanning a Singpass QR code:Always check and ensure that the OCBC URL displayed on your Singpass app matches the URL on your browser. OCBC URL: internet.ocbc.com Ensure that the login or transaction request was initiated by you before you hit the ‘Log In’ button on your Singpass app. - Never provide your Access Code, PIN, card details or OTP (One-Time Password) to anyone. Do not key such information into unverified webpages.
- If you are using OCBC OneToken, carefully read the authorisation message sent to you via push notification. Do not provide OCBC OneToken authorisation without knowing the purpose of the transaction or login.
- Notify us immediately if you receive notification alerts for transactions that you did not initiate.
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
Beware of latest SMS scams which direct you to call a fake hotline
31 January 2022
Beware of latest SMS scams which direct you to call a fake hotline to resolve an issue with your bank account or credit card.
Do NOT call any numbers within SMSes or click on any links in SMSes.
If in doubt, call our official hotline at 6363 3333 (or +65 6363 3333 if you're calling from overseas). Do not call any other numbers or click on any links in SMSes.
Sample of a scam SMS as follows:

Always remember:
- Never provide your Access Code, PIN, card details or OTP (One-Time Password) to anyone or key such information into unverified webpages;
- To log in, always use OCBC’s official mobile banking apps or go to the OCBC website > Login > Personal Banking (type the URL directly into your browser);
- OCBC employees will never ask you to reveal your PIN/OTP or transfer funds to personal accounts; and
- Never click on links in SMSes or emails that claim to be from OCBC
We have availed a dedicated option for customers calling our hotline – 6363 3333 – to report possible fraud (just press 9).
Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to them.
Spot the signs, stop the crimes. Stay vigilant at all times.
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
Beware of FAKE OCBC WEBSITES. Do not click on SMS links for login.
30 December 2021
Scammers may create SMSes that look like they are from “OCBC”, BUT:
- We will never send an SMS to inform you about account closures or being locked out of your account.
- We will never send an SMS with a link to reactivate your account.
- Don't click on links in SMSes. Use OCBC’s official mobile banking app or type www.ocbc.com directly in your browser.
- Don't provide your log-in ID, password or OTPs (One-Time Passwords received via SMS) to anyone, or key these into unverified webpages.
- If you're ever in doubt, call our hotline directly at 1800 363 3333 (or +65 6363 3333, if you are overseas). Do not call any numbers provided in the SMS.


Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to them.
Spot the signs, stop the crimes. Be alert, not a victim.
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
Protect yourself from scams this festive season
27 December 2021
With the year-end festivities in full swing, we urge you to remain alert as you browse the online marketplaces and stores for great deals and holiday offers. Do not fall prey to scammers out in full force and armed seemingly with attractive e-commerce deals and impersonation scams.
Six questions to protect yourself:
- Are the deals too good to be true – priced way below market rates and/or disguised as limited-time-only offers?
- Did you chance upon these unsolicited offers on unverified third-party sites, or receive them from unfamiliar email addresses or mobile numbers?
- Do you feel pressured to make bank transfers to strangers, e.g. as advance fees in return for a benefit?
- Has the person claimed to be from a reputable company or government agency; claimed that there are issues with your accounts or payments; or asked for your banking credentials?
- Did the seller request to take the conversations off the online shopping platform?
- Is there a lack of information on the products with unstated terms and conditions?
If the answer to any of the above questions is yes, beware. It is likely a scam. Always verify the authenticity of the offers. NEVER reveal your Online Banking login credentials or card details to anyone.
Read e-Alerts as soon as you receive them; alert us IMMEDIATELY if you spot any suspicious transactions. Manage your e-Alert threshold settings to get notified of transactions: Log in to Internet Banking > Customer service > Manage e-Alerts.
Identify suspicious transactions:
1. SMS One-Time Passwords (OTPs) for logging in to OCBC Online Banking

- Your SMS OTP is like your house key. DO NOT share it with anyone.
- No employee from banks, government agencies or any other legitimate company should ask you to reveal your OTP.
- If you did not request to log in to Online Banking, yet receive such an SMS, alert us at once.
- Your SMS OTP is like your house key. DO NOT share it with anyone.
- No employee from banks, government agencies or any other legitimate company should ask you to reveal your OTP.
- If you did not request to log in to Online Banking, yet receive such an SMS, alert us at once.
2. Authorisation messages via OCBC OneToken

- Do not authorise logins or transactions unless YOU are making them.
- OCBC OneToken allows you to authorise your logins or transactions via the OCBC Digital app on your mobile device.
- If you are not making such a request, tap the ‘Reject’ button and alert us immediately.
- Do not authorise logins or transactions unless YOU are making them.
- OCBC OneToken allows you to authorise your logins or transactions via the OCBC Digital app on your mobile device.
- If you are not making such a request, tap the ‘Reject’ button and alert us immediately.
3. SMS OTPs to authenticate online payments at 3D Secure (3DS) merchants

- Only authorise transactions where the details are correct – take note of the time, amount and merchant name/payee.
- When you shop online and pay with a card, you may receive SMSes asking you to authorise payment.
- If you receive such SMSes but are not making the transactions, alert us at once. A fraudster may have stolen your credentials.
- Only authorise transactions where the details are correct – take note of the time, amount and merchant name/payee.
- When you shop online and pay with a card, you may receive SMSes asking you to authorise payment.
- If you receive such SMSes but are not making the transactions, alert us at once. A fraudster may have stolen your credentials.
Other Tips
- Before you make transactions or enter personal information online, check the link to make sure you are on a legitimate website and not a lookalike.
- Verify information with official websites and sources before parting with your personal details and money.
- When making online purchases, insist on cash-on-delivery or use platform’s secure payment options.
- Always choose to purchase from reputable online platforms and sellers for high-value items.
Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to them.
Please call our Customer Service Hotline at 1800 363 3333 (or +65 6363 3333, if you are overseas) for assistance.
Spot the signs, stop the crimes. Be alert, not a victim.
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
Stay vigilant against SMS Phishing Scams
16 December 2021
Scammers are constantly trying to steal your money using different methods.
One method they commonly use is to send you a phishing SMS while impersonating OCBC. They will claim that there are issues with your account/card or that you are eligible for some free gifts. You will then be asked to click on a URL link in the SMS. Thereafter, you will be directed to a fake website, where you will be asked to provide your online banking login details, card details or One-Time Passwords (OTPs).
Having obtained your banking credentials through the fake website, the scammers will start to make unauthorised transactions on your accounts or credit cards.
Sample of Fake SMSes




Tips to protect yourself against such scams
- DO NOT click on such phishing SMS links. The URL will lead you to a fake website controlled by the scammers. Always type URLs directly into the address bar of the browser.
- Always read the transaction notification alerts sent by the Bank via SMS, email or push notification – they are our first line of defence. Read them carefully and inform us immediately if the transactions are unauthorised.
- Always verify any requests that ask for your personal or banking details. DO NOT give your card details or banking credentials to anyone.
Be vigilant. Protect yourself from scams.
Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to them.
Please call our Customer Service Hotline at 1800 363 3333 (or +65 6363 3333, if you are overseas) for assistance.
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
BEWARE of SMS phishing scams offering fixed deposit placement
03 December 2021
Scammers have been sending SMSes purporting to be sent by OCBC regarding fixed deposit promotions offered by us.
These SMSes claim that OCBC is offering attractive fixed deposit rates, and will invite the SMS recipient to dial the mobile number provided in the SMS. Once the call is placed, the scammer, claiming to be from OCBC Bank, will ask the recipient to make a funds transfer to another OCBC account on the pretext that it is for the fixed deposit placement.
NEVER fall for such scams.
These SMSes or WhatsApp messages are NOT sent by OCBC Bank.
Sample of SMS:
When in doubt, you should always call our Customer Service Hotline at 1800 363 3333 (or +65 6363 3333, if you are overseas) to verify or report suspicious messages.
Tips to protect yourself against such scams
-
DO NOT click on any phishing SMS links. The URL will lead you to a fake website controlled by the scammers. Always type URLs directly into the address bar of the browser.
-
DO NOT transfer money to strangers.
-
DO NOT reveal your Online Banking PIN, One-Time Passwords (OTPs) or Card PIN over the phone or via other means to anyone. OCBC Bank employees will not request you to reveal your PIN and/or OTP.
-
Always read the transaction notification alerts sent by the Bank via SMS, email or push notification – they are our first line of defence. Read them carefully and inform us immediately if the transactions are unauthorised.
Be vigilant. Protect yourself from scams.
Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to them.
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
Stay vigilant against SMS Phishing Scams
10 November 2021
Scammers are constantly trying to steal your money using different methods.
One method they commonly use is to send you a phishing SMS while impersonating OCBC. They will claim that there are issues with your account/card or that you are eligible for some free gifts. You will then be asked to click on a URL link in the SMS. Thereafter, you will be directed to a fake website, where you will be asked to provide your online banking login details, card details or One-Time Passwords (OTPs).
Having obtained your banking credentials through the fake website, the scammers will start to make unauthorised transactions on your accounts or credit cards.
Sample of Fake SMS and Login Page


Tips to protect yourself against such scams
- DO NOT click on such phishing SMS links. The URL will lead you to a fake website controlled by the scammers. Always type URLs directly into the address bar of the browser.
- Always read the transaction notification alerts sent by the Bank via SMS, email or push notification – they are our first line of defence. Read them carefully and inform us immediately if the transactions are unauthorised.
- Always verify any requests that ask for your personal or banking details. DO NOT give your card details or banking credentials to anyone.
Be vigilant. Protect yourself from scams.
Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to them.
Please call our Customer Service Hotline at 1800 363 3333 (or +65 6363 3333, if you are overseas) for assistance.
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
Beware of job scams
1 September 2021
Ever come across online advertisements or phone messages offering part-time jobs with lucrative returns?
If it seems too good to be true, it usually is – such advertisements and messages are job scams. Do NOT respond to them or allow your bank accounts to be used by these scammers.
The following is a common tactic that scammers use in job scams:
- You are contacted, via social media or messaging apps, and given details of an attractive, commission-based job offer.
- You are added into a group chat with others supposedly doing the same job. These other ‘job seekers’ will talk about how easy the job is and how quickly money can be made.
- You are asked to take these steps: Add certain items to your shopping cart on an e-commerce site, take a screenshot of the shopping cart page, then transfer funds to a bank account.
- You are told that this will help improve sales and are promised a full refund – with an attractive commission to boot.
- You will be given refunds – with commission – as promised, for the first few purchases. However, you will be asked to pay for increasingly expensive items.
- You will NOT get your money back after transferring a large sum of money.


How to protect yourself against job scams
- Do not accept dubious or unsolicited job offers that offer lucrative returns for little effort.
- Do not transfer money to people you do not know.
- Do not disclose your card details, online banking login credentials or One-Time-Passwords (OTPs) to anyone.
- Ensure that we have your latest contact details.
- Have us notify you via SMS, email or push notification (e-Alerts) about transactions that took place in your account. Set your e-Alert threshold limits or change your settings via Internet Banking > Customer service > Manage e-Alerts.
- Always read the e-Alerts carefully and call us immediately if you notice something amiss.
- If you have an iOS device, consider downloading the ScamShield app – it blocks unsolicited messages and calls. Visit https://www.scamshield.org.sg/ to find out more.
Be vigilant. Protect yourself from scams.
Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to scams.
Please call our Customer Service Hotline at 1800 363 3333 (or +65 6363 3333, if you are overseas) for assistance.
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
Beware of SMS Phishing Scams
12 July 2021
There were recent reports of phishing cases where scammers will send you fake SMSes impersonating as OCBC, claiming issues with your account and asking you to click on an URL link.
- DO NOT click on such phishing SMS link. The URL will lead you to a fake website which is controlled by the scammers. It will trick you to provide your online banking login details, card details or one-time passwords (“OTPs”).
- Be vigilant against such phishing threats which may come in other forms such as emails or voice calls.
Phishing is a way of obtaining confidential information such as one’s banking account details, PIN, OTPs, credit card numbers, user ID or passwords through the Internet, in order to perform unauthorised banking transactions.
How are Phishing scams conducted?
-
Email and SMS
- Scammers typically send emails or SMSes impersonating reputable companies, banks or government agencies to victims.
- These emails and text messages include fake bank notifications, offers, lucky draws, investment schemes or COVID-19 related campaigns to lure recipients into clicking on an URL link.
- Upon clicking on the URL link, the victim will be redirected to fraudulent or spoofed websites where they are tricked into providing their credit/debit card details, banking credentials, or OTP.
Samples of Phishing SMSes that are NOT sent from OCBC Bank:
-
Voice-based Phishing (“Vishing”)
- Scammers also contact victims and impersonate as government officials, bank officers or technical support staff to trick victims into providing their banking credentials and OTP.
- These calls could be automated through robocalls, requiring the victims to follow instructions in pressing the number before the scammer picks up the call in-person.
- Scammers impersonating as technical support staff may request victim to download a remote access software for them to gain control of their computers/laptops/mobile devices.
- The victims will be directed to provide their banking credentials and OTP and fraudulent transactions will take place.
Tips to protect yourself against such scams
- DO NOT click on URL links provided in suspicious emails and text messages. Always type the URL of the website directly into the address bar of the browser.
- Hang up the call if you receive unsolicited calls which are suspicious. When in doubt, please call the official hotline number of the company or government agency.
- DO NOT divulge confidential information, such as account/login credentials or OTPs over the phone or via other means to anyone. OCBC Bank employees will not request you to reveal your PIN and/or OTP.
- DO NOT transfer or send money to people you do not know. When in doubt, get advice from a family member or friend.
- Download the Scam Shield App (only available on iOS devices) which is a mobile app that blocks unsolicited messages and calls. Find out more at https://www.scamshield.org.sg/.
Be vigilant. Protect yourself from scams.
Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to scams.
Please call our Customer Service Hotline at 1800 363 3333 (or +65 6363 3333, if you are overseas) for assistance.
Beware of job scams on e-commerce platforms
24 June 2021
Job scams are on the rise in Singapore — stay vigilant of strangers contacting you with attractive, commission-based job offers on social media or messaging apps.
Take note of these steps that the scammers may use in job scams:
Step 1 – Victims are contacted with attractive, commission-based job offers on social media or messaging apps.
Step 2 – The scammers will urge you to add something from an online shop listed on e-commerce platforms to your cart, take a screenshot and perform a funds transfer to a bank account.
Step 3 – You would then get the cost of the item back + 10% commission.
Step 4 – The items will start to be more expensive and you will not get your money back after transferring large amounts to their bank accounts.
Screenshots of recruitment message (samples)

Source: Police Advisory On Fake Job Advertisements For E-Commerce Platforms
Screenshots of messages exchanged between scammer and victim (samples)


Source: Police Advisory On Fake Job Advertisements For E-Commerce Platforms
How to protect yourself
- If it is too good to be true, it probably is. DO NOT accept dubious job offers that offer lucrative returns for minimal effort.
- Always complete your purchase on the e-commerce platform itself. Avoid making advance payments or direct bank transfers to the seller as this method does not offer you any protection.
- Do not disclose your card details, online banking login details or OTP to anyone.
Be vigilant. Protect yourself from scams.
How likely are you to fall for a scam?
3 May 2021
Scammers prey on our lack of vigilance to get us to part with our hard-earned money. When you know how to spot scams, you know how to protect yourself. To find out how savvy are you at spotting the signs of scams, take this quiz by the National Crime Prevention Council.
According to a recent survey conducted by the Ministry of Home Affairs, victims of scams have these characteristics in common which you should avoid:
![]() |
They do not believe that they would fall for scams. |
![]() |
They think it is alright to share OTPs or password with others. |
![]() |
They are less likely to seek help and support from family and friends after being scammed. |
![]() |
They act impulsively on seeing a bargain and give in when pressured by others. |
![]() |
They click on pop-up ads, emails, and links from unknown sources. |
How to protect yourself
- DO NOT disclose your card details or online banking login details such as access code, PIN, and OTPs to anyone. OCBC Bank employees will not request you to reveal your PIN and/or OTP.
- Always verify any requests that asked for your personal or banking details.
- DO NOT ignore any notifications from the bank. Call us immediately if you did not make a certain transaction or suspect your bank accounts have been compromised.
- DO NOT transfer funds or send money to people you do not know. Scammers will always try to create a false sense of urgency. Talk to a family member or friend for advice and support when in doubt.
Beware of unsolicited messages via SMS and phone calls impersonating as bank employees requesting for your banking details


- Never disclose your online banking login details such as access code, PIN, and OTPs to anyone. OCBC Bank employees will not request you to reveal your PIN and/or OTP.
- Do not respond to or authorise any authentication requests (through your OneToken or hardware token) if you did not initiate any online banking transaction.
- If you receive a suspicious message or call purporting to be from OCBC Bank, do not call the number provided in the SMS. Please call our Customer Service hotline at 1800 363 3333 to verify the authenticity of the request.
Beware of scams. DO NOT give your OTP to anyone.
16 December 2020
“Is he who he claims to be?” – Always pause and ask yourself, before you act.
In this growing digitalised world, countless number of imposters and scammers are going on various types of platforms with more sophisticated scam methods, making it harder for consumers to know what and who is real and what and who is not. Scammers have devised many ways to lure their victims – these can happen anytime, anywhere.
The best way to protect yourself? Follow this golden rule:
DO NOT give your One-Time Password (OTP) to anyone or provide OneToken authorisation without knowing what the transaction is being used for. |
These are some of the common methods that the imposters and scammers have been using:
- Are you receiving any messages from your ‘friends’ via social media, asking for your credit card or bank details, or any urgent money transfer? Be mindful, as these messages may not be from your actual friends. Online scammers and hackers may hack into your friends’ social media accounts and use their social media accounts to lure you into their traps. You should always verify with your friends or family members.
- Automated calls claiming to be from government agencies, reputable companies, police or banks may not be from who you think he/she is from. Imposters may claim to be government officials such as personnel from the Customs or even from Ministry of Health for contact tracing matters for COVID-19. DO NOT give any personal banking information to the imposters. To check if the calls are legitimate, please call the official hotline number of the authorities or the companies.
- Tech support calls, emails or SMSes claiming to be from Telcos or government agencies, alleging that your computers/mobile devices are having technical or internet issues and hence, requesting you to download certain applications or providing them with remote access to your computers/devices to resolve the issue. This will result in your banking details being stolen. DO NOT fall for this trick.
- Investment schemes, where scammers offer quick, get-rich investment plans with unbelievably high returns, are usually dubious. They may take advantage of current unstable economic situations to lure the public that are looking for ways to grow their money.
- Unsolicited messages that offer rapid approval of cash loans may require you to send your bank details prior to lending of the cash. The scammers may even request for a transfer of money before approving and granting you the loans. This could be a way to get your money and your account number for their further fraudulent activities.
- New friend that you have met online? He/she may not be who you think he/she is. They may portray themselves with attractive photos and friendly personalities. Once they have gained your trust, they will start to ask you to transfer money to them using various excuses such as in financial difficulties or emergency situations. Be aware that they may be imposters and scammers.
- Online deals that are too good to be true should be dealt with care. Year-end season is here now, and scammers may be approaching the public with attractive deals that are too good to be true, in celebration of Christmas, New Year, and Chinese New Year. Scammers may be attempting to steal your card details, and even your Internet Banking Access Code, PIN and OTP. DO NOT give your OTP to anyone or provide OneToken authorisation without knowing what the transaction is being used for.
Do not be the next victim. Always remember:
- Your OTP is like your house key. DO NOT give it out to anyone.
- Transaction notifications sent by us are like an alarm that has been triggered. Read them carefully and inform us at once if the transactions are unauthorised.
- Verify any requests that ask for your personal or banking details.
- DO NOT transfer funds or send money to people you do not know.
Be vigilant. Protect yourself from scams.
Please call our customer service hotline at 1800 363 3333 (or +65 6363 3333 if overseas) if you need help.
Learn more about online scams at www.scamalert.sg.
Spot the signs. Stop the scams.
"I don’t think I will ever be a victim of scams." This is what many people think.
This false sense of security is dangerous and not helpful in the fight against scams. Online scams are on the rise and it can happen anywhere, anytime to anybody. This makes constant vigilance even more important now as scammers have developed various creative ways to scam their victims. The best way to protect yourself is knowing how to identify scams.
Learn how to spot these tell-tale signs of scams – the first step towards protecting yourself:
- Automated calls or unsolicited phone calls claiming to be from banks, police, government agencies or reputable companies, such as telecommunications companies. Scammers disguise themselves as employees or officials on the pretext of checking your computers/mobile devices, internet connection or even pretending to be government officials, such as contact tracers from Ministry of Health. They will ask you for your bank account number, bank PIN and password. Do not give it to them. If you receive such a call, please hang up. If you are still not sure if it is real, call the official hotline number of the company or government agency.
- Unsolicited messages offering quick loans promising fast access to cash loans and may require you to first send over some money to the person/company before they grant you the loan. Ignore and do not reply to such loan offers. DO NOT give out your banking credentials. DO NOT send over funds to unknown parties.
- An attractive person you befriended online asking you for financial help or to join an investment website. Always verify the source and validate the legitimacy of the request.
- Online deals with attractive prices that are too good to be true, especially during online sales spree periods such as the Oct 10.10 sales, Nov 11.11 sales and year-end sales. Always exercise caution when making online purchases, especially if you are making online transfers or payments. Scammers may also try to steal your credit/debit card number, CVV, PIN or One-Time Password. Do not reveal such card details to anyone or key them into unverified websites.
- Dubious investment schemes offering quick, get-rich investment plans with high returns that are too good to be true. Scammers may take advantage of the current economic situation to entice you to first transfer money over to them in order to participate in quick get-rich programmes. Do not fall for them.
- Impersonation - A private message from a “friend” or “family member” received via Facebook or Instagram asking for your credit card, internet banking details and One-Time Password (OTP) to participate in a lucky draw or asking you to transfer money due to an emergency. You should always verify the source and legitimacy of such requests.
Ways to protect yourself
- DO NOT give out your OTPs to anyone!
They are like the keys to your house. - Always read the transaction notification alerts sent by the Bank via SMS, emails or push notifications. They are like a ringing alarm. Read them carefully and inform us quickly if the transactions are unauthorised. Set up your e-Alerts by logging into Digital Banking > Customer Service > Manage your e-Alerts.
- Always verify any requests that asked for your personal or banking details.
DO NOT give your card details or banking credentials to anyone. - Do not transfer funds or remit money to unknown parties.
Scammers will always try to create a false sense of urgency. Do not be pressurised into making FAST transfers, PayNow transfers or telegraphic transfers to unknown parties. Always verify the source and legitimacy of such requests. When in doubt, always check with the Bank.
Look out for the above tell-tale signs. When you know how to spot scams, you know how to protect yourself.
Call our customer hotline at +65 6363 3333 if you need help.
Learn more about online scams at www.scamalert.sg.
Stay vigilant against new COVID-19 scams
Impersonation Scams
Scammers are pretending to be government officials from Ministry of Health. They disguise themselves as contact tracers and will ask you for your bank account number, bank PIN and password. Do not give it to them. Bank information is NOT needed for contact tracing. If you receive such a call, please hang up. If you are still not sure if it is real, call the official government agency hotline number (MOH hotline at 1800-333-9999).
Phishing emails or SMSes
Cybercriminals are sending out phishing emails under the names of trusted organisations like Apple and SIA. The subject headers are hot topics about COVID-19. Do not open the attachments or links in the emails. Once you do that, a malware will be planted in your computer. Even if there are no attachments, the emails will direct you to websites to trick you to disclose sensitive information like your bank account number, bank PIN and password.
Malicious Websites and Applications
Cybercriminals are sending out links to websites that claim to be COVID-19 related. They offer to provide situation maps, facilitate self-health checks, or with services for online communications for telecommuting. These sites are dangerous and can spread malware. Visitors to the malicious sites may be asked to download software that claims to help monitor the COVID-19 situation, but is in fact a Trojan, ransomware or spyware.
Cyber Threats Targeting Technology for Remote Working Arrangements
Video-teleconferencing (VTC) platforms have been hijacked to steal user credentials, or to gain access to your microphone and webcam. Do ensure robust controls are in place for your work from home access, or else your systems and networks can be compromised. Stay protected by using strong passwords and Wi-Fi Protected Access (WPA). Do not click on phishing emails and malicious websites.
Loans Scams impersonating OCBC
Scammers have sent SMS and WhatsApp messages impersonating OCBC to offer loans packages. These SMSes appear to come from "OCBCPROMO". Do not reply to these messages or call the number in the text. OCBC does not send SMSes to ‘sell’ loans. If you need financing, call us. This is an impersonation account from an unlicensed money lender and has been reported to the police. Scammers may use caller ID spoofing technology to display the bank’s number or logo, especially on Viber and WhatsApp. Always call our official hotline at 1800 363 3333 if you need help.
Stay vigilant against scams that use COVID-19 as bait
Threat: Covid-19 Scams
Severity: Medium
In light of the heightened situation around coronavirus (COVID-19), scammers will be looking to take advantage by stealing your money. As you take steps to protect yourself from COVID-19, it is also important to remain vigilant against scams such as:
Phishing emails or SMSes: Scammers may send phishing emails or SMSes claiming to contain important COVID-19 updates. Their aim is to trick you into opening attachments containing malware or to click on a weblink to provide your online banking information.
Ecommerce Scams: Scammers may prey on people who are looking online to buy medical supplies (e.g. surgical masks, hand sanitisers), and attempt to defraud them while they are at their most susceptible.
How to protect yourself
Rule number one: Do NOT reveal your One-Time Password (OTP) to anyone, or provide OneToken authorisation without knowing the intended purpose.
It is also essential that you:
- Remain calm if you receive calls from the government agencies or police. You can call the government agency hotline number (e.g. Ministry of Health General Hotline at 6325 9220) to verify the authenticity of the phone call.
- Do not click on links or open attachments found in suspicious looking emails or SMSes. Always type our URL: https://www.ocbc.com/login into the browser’s address bar or download the OCBC Mobile Banking app via the App Store or Google Play.
- Always check the credibility of the sellers by reading reviews of their services. If advance payments are required, use shopping platforms that provide arrangements to release payment to the seller only upon receipt of the item. When in doubt, purchase only from reputable sellers.
Please call us immediately at 1800 363 3333 (or +65 6363 3333 when calling from overseas) if you notice or receive:
- SMS transaction alerts or email notifications for transactions you did not initiate or perform.
- Any compromise or loss of your security device or security details.
- Alerts on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.
Beware of unsolicited phone calls asking you to download or install any apps or programs on your desktop or mobile phone
Threat: Impersonation Scam
Severity: High
There has been an increase in scams impersonating helpdesk support staff from telecommunication companies, IT firms or law enforcement agencies. The callers will claim that the victim’s PC or mobile device is in need of a software upgrade as it are vulnerable to online security risks. The callers will also claim that the victim has a criminal offense and they required access to their PC or mobile device to assist in supposedly ‘confidential’ investigations.
Victims may be asked to download a program or to input several commands onto their PC or mobile device. Once this is done, the victims’ PC or mobile device will be taken control by the fraudster. Subsequently, the victims’ will be directed to provide their login credentials or credit card information. Fraudulent transactions will then take place.
To avoid unauthorised access to your account or falling victim to such scams, please stay vigilant and take the necessary precaution to protect yourself.
How to protect yourself:
- Ignore calls from unsolicited callers. Scammers may use Caller ID spoofing technology to mask their actual phone numbers and display a different number.
- Never follow the caller's instructions to install software or type commands onto your computer.
- Be wary of any unsolicited phone call or pop-up message on your device. Security pop-up warnings from real tech companies will never ask you to call a phone number.
- Never disclose to anyone, or key in your personal banking details such as ATM/credit/debit card numbers, their PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
- Be wary and read the instructions on the push notifications before confirming the transactions if you are using the OneToken.
- Never reveal the OTP from SMS, hardware or OneToken to anyone.
- Do not transfer funds to any unknown parties.
For more information on such scams, please visit www.scamalert.sg/scam-details/software-update-scam
What you should do
Please call us immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if you notice/receive:
- any unusual/unauthorised transactions such as receiving funds you did not expect, SMS transaction alerts or email notifications for transactions you did not initiate,
- any compromise or loss of your security device or security details.
- SMS messages or emails for transactions which you did not perform.
- alerts on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform
Learn more about Phishing, Malware and Online Banking security.
Beware of unsolicited phone calls asking you to withdraw funds from your account or provide personal or banking information
Threat: Impersonation Scam
Severity: Medium
Updated as of 23 December 2019
There has been a resurgence in scams involving Mandarin-speaking callers pretending to be police officers informing you that you are involved in criminal activities.
To avoid being prosecuted by the law, they may instruct you to:
- provide your banking details such as ATM card, credit card, debit card and Personal Identification Number (PIN), Online Banking Access Code, PIN and One-Time Password (OTP)
- apply for Internet banking services and a hardware token
- and from time to time provide them the OTP generated from the token to update them on your whereabouts or location.
In some instances, you may find unexplained sum of money in your account. The caller will instruct you to withdraw these monies and hand them to a third party (purported to be a police officer) who will meet you at a selected location.
To avoid unauthorised access to your account or falling victim to such scams, please stay vigilant and take the necessary precaution to protect yourself.
How to protect yourself:
- Be wary or ignore callers claiming to be police officers or government officials.
- If there are unexplained money in your account, do not attempt to withdraw the money for your own use or pass it to anyone. You should inform us and lodge a police report immediately.
- Never reveal to anyone, or key in your personal banking details such as ATM/credit/debit card numbers, their PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
- Never generate the OTP from your hardware token and reveal the OTP to anyone.
- Always read the SMS alerts sent to your mobile phone for your transactions carefully.
- OCBC Bank staff will never ask you for your OCBC Online Banking PIN or OTP over the phone.
- Call us immediately if you detect any suspicious alerts or transactions not performed by you.
- Ignore calls from unsolicited callers. Scammers may use Caller ID spoofing technology to mask their actual phone numbers and display a different number.
- Update us immediately when there is a change in your contact details such as mobile number or email address.
For more information on such scams, please visit: www.scamalert.sg/types-of-scams/impersonation-scam
What you should do
If you notice any unusual/unauthorised transactions such as receiving funds you did not expect, SMS transaction alerts or email notifications for transactions you did not initiate, please call us immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas).
Learn more about Phishing, Malware and Online Banking security.
Customers using Samsung Galaxy S10/10+, Note 10/10+ 5G devices are advised to temporarily disable fingerprint authentication due to an issue found with Samsung’s fingerprint sensor
Threat: Data security
Severity: Medium
Updated as of 25 October 2019
Customers of affected mobile phones will receive a system notification message to update the fingerprint software. Please restart the phone once the update is complete. For more information about the update from Samsung, please click here.
Original security advisory:
Customers utilising Samsung's fingerprint authentication are advised to use alternative methods such as passwords or Pin until a fix has been issued to prevent unauthorised access to their OCBC Digital app and Pay Anyone™ app.
Owners of the affected models are advised to disable fingerprint authentication until a fix is released by Samsung.
To disable fingerprint login:
- Log in to OCBC Digital app > Open the side menu > Select Settings > Deactivate OCBC OneTouch™ > Confirm
- Log in to OCBC Pay Anyone™ app > Open the side menu > Select Settings > toggle off the Login with OCBC OneTouch™
Reference:
https://news.samsung.com/global/statement-on-fingerprint-recognition-issue
How to protect yourself:
- Verify the transaction details in the SMS message, ensure that it is for the transaction that you are authorising before using the associated OTP. Inform the Bank immediately if the transaction is suspicious.
- Ensure the OTP is keyed in the correct bank’s mobile application or website. Do not reveal the OTP to anyone.
- The Bank will not make unsolicited requests for your banking details. Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, Online Banking Access Code, PIN/OTP into mobile applications or websites that you are not sure of.
- Be on the alert for suspicious emails/SMS messages and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. Inform the Bank immediately if the transaction is suspicious.
- Stay vigilant before clicking on any links embedded in the SMS messages or emails.
- Always type the URL of the website directly into the address bar of the browser.
- Inform the Bank immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.
- Do not transfer funds to any unknown parties.
What you should do
Please call the Bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:
- You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details.
- You received a SMS message or email for transactions which you did not perform.
- You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.
Learn more about Phishing, Malware and Online Banking security.
Beware of emails that may direct you to phishing webpages asking for your online banking credentials
Threat: Phishing alert
Severity: Medium
There has been an increase in phishing emails received by our customers claiming to be from OCBC, such as a recent one requesting customers to register for a new authentication login for online banking.
These emails contain a hyperlink directing you to a phishing website, which will require you to provide your personal or banking details. For example, full name, NRIC/ passport numbers, Bank account numbers, card numbers, expiry date, CVV number, Personal Identification Number (PIN), One Time Password (OTP) and even in some instances to provide the OTP generated from their hardware token. Once this is done, fraudulent transactions may be effected from your accounts.
We advise you to stay vigilant and take the necessary precautions to protect yourself.
Sample of a phishing email

How to protect yourself:
- OCBC will not request for your confidential information (e.g. PIN or OTP) through email, SMS or voice conversation.
- Do not respond to unsolicited emails or SMS messages requesting for personal/banking credentials (e.g. NRIC/ passport numbers, address, emails, access code, PIN or OTP) or credit/debit/ATM cards details (e.g. card number, expiration date, CVV number, PIN).
- Stay vigilant before clicking on any links embedded in the SMS messages or emails. Always type the URL of the website directly into the address bar of the browser.
- Do not transfer funds to any unknown parties.
- Always read the entire SMS alerts sent to your mobile phone for your transactions carefully. Inform the Bank immediately if you find the transaction suspicious.
- Inform the Bank immediately when there is a change in your contact details such as mobile number or email address.
What you should do:
Please call the Bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:
- You notice any suspected fraud or transactions which are suspicious or not performed by you.
- There is any compromise or loss of your security device or security details.
- You received a SMS message or email for transactions which you did not perform.
- You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.
Learn more about Phishing, Malware and Online Banking security.
Beware of emails that may direct you to phishing webpages asking for your credentials
Threat: Phishing alert
Severity: Medium
Avoid getting an unwanted surprise this holiday season. There has been an increase in phishing emails purporting to be from OCBC. These emails may contain hyperlinks directing you to a non-OCBC website that requires you to provide your credit/debit/ATM cards details such as card number, expiration date, CVV number or Personal Identification Number (PIN), or online banking login credentials such as Access Code, PIN or One Time Password (OTP). This may result in unauthorised access to your bank accounts. Exercise vigilance during the holiday season and be mindful not to respond to such unsolicited requests.
Sample of a phishing email

Sample of a phishing webpage

How to protect yourself:
- OCBC will not request for your PIN or OTP through voice conversation, SMS or email.
- Do not respond to unsolicited SMS or emails requesting for credit/debit/ATM cards details (e.g. card number, expiration date, CVV number, PIN), or online banking credentials.
- Stay vigilant before clicking on any links embedded in the SMS messages or emails. Always type the URL of the website directly into the address bar of the browser.
- Do not transfer funds to any unknown parties.
- Always read the SMS alerts sent to your mobile phone for your transactions carefully. Inform the Bank immediately if the transaction is suspicious.
- Inform the Bank immediately when there is a change in your contact details such as mobile number or email address.
What you should do:
Please call the Bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:
- You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details.
- You received a SMS message or email for transactions which you did not perform.
- You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.
Learn more about Phishing, Malware and Online Banking security.
For iOS version 12 users - How to safely use the Security Code Autofill suggestion for One-Time Password (OTP)
Threat: Autofill input of OTP resulting in unauthorised transaction
Severity: Medium
Apple has introduced a new feature, Security Code Autofill, in iOS version 12. As shown in the diagrams below, this feature enables mobile devices to scan incoming Short Message Server (SMS) messages for One-Time-Password (OTP) and automatically display it as an AutoFill suggestion in the Quick Type bar above the virtual keyboard. You will only need to tap on the OTP to input it in the OTP field of an application or website instead of keying it manually.

While this new feature may enhance user experience, please continue to stay vigilant and adopt the following safe practices when you perform online banking transactions:
- Verify the transaction details in the SMS message, ensure that it is for the transaction that you are authorising before using the associated OTP. Inform the Bank immediately if the transaction is suspicious.
- Ensure the OTP is keyed in the correct bank’s mobile application or website. Do not reveal the OTP to anyone.
- The Bank will not make unsolicited requests for your banking details. Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, Online Banking Access Code, PIN/OTP into mobile applications or websites that you are not sure of.
- Be on the alert for suspicious emails/SMS messages and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. Inform the Bank immediately if the transaction is suspicious.
- Stay vigilant before clicking on any links embedded in the SMS messages or emails.
- Always type the URL of the website directly into the address bar of the browser.
- Inform the Bank immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.
- Do not transfer funds to any unknown parties.
What you should do:
Please call the Bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:
- You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details.
- You received a SMS message or email for transactions which you did not perform.
- You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.
Learn more about Phishing, Malware and Online Banking security.
SMS Phishing Scam
Threat: Phishing alert
Severity: High
Recently, fraudsters have been sending SMSes and emails that appear to originate from OCBC, informing you to check out a new investment program.
It claims that OCBC has announced new software that will make you a millionaire, while others tell you some miraculous software will let you “quit your job in 30 days”.
These are NOT sent by OCBC Bank.
If you know of friends and loved ones who have been tempted to click on the links provided in these SMSes and emails, please tell them not to. While we work hard to help our customers succeed, we certainly don’t believe in “Get rich quick” approaches.
SMS Samples


Sample of website after clicking the link:

We would like to advise the public that under no circumstances will OCBC Bank make unsolicited requests through e-mail, SMSes, and phone calls that request for the following:
- Personal details
- Financial details
- Bank account details
- Credit/debit details
- Logging into your Internet banking account
- Verifying your account validity
- PIN/Password
How to protect yourself:
- Be on the alert for suspicious emails / SMSes and websites or mobile messages, purporting to be from the Bank aking for your OCBC Online Banking login credentials such as PIN/OTP etc. You should report these immediately by contacting us.
- Stay vigilant before clicking on any links embedded in the SMS or emails.
- Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
- Always type the URL of the website directly into the address bar of the browser.
- Always read the SMS alerts sent to your mobile phone for your transactions carefully.
- Update us immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.
- Do not transfer funds to any unknown parties.
What you should do:
Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:
- You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
- You received an SMS or email alert for transactions which you did not perform; or
- You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.
Learn more about Phishing, Malware and Online Banking security.
Beware of SMS that may direct you to phishing webpages asking for your credentials
Threat: Phishing alert
Severity: Medium
Fraudsters have been sending SMS containing hyperlinks targeting OCBC customers. Upon clicking on the hyperlink, you will be directed to a page requesting for your Online Banking Access Code, PIN, credit or debit card numbers, expiration date and 3-digit CVV number on the back of your card. The websites are intended to trick you to revealing your personal information and use it for unauthorised transactions on your accounts or credit cards.
Fraudsters may spoof SMS or emails to give the appearance that they originate from OCBC. All mobile device will list the spoofed SMS in the same thread with those sent under the bank.

Please stay vigilant and take the necessary precautions.
How to protect yourself:
- Always type the URL of the website directly into the address bar of the browser.
- OCBC Bank will not make unsolicited requests for your personal or banking details (e.g., credit/ debit card information or login credentials) through channels such as emails or SMS. Inform the Bank immediately if such requests are received
- Do not reveal any personal or banking details (e.g., ATM/ Credit/ Debit Card numbers, login credentials, OTP) into suspicious websites or mobile apps.
- Always read SMS alerts for your transaction details carefully.
- Inform the Bank whenever contact details or mailing address get updated.
What you should do :
Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:
- You are aware of any suspected fraud or transactions not performed by you;
- If any of your credit or atm cards, banking login credentials or security devices have been lost or compromised;
- You received an SMS or email alert for transactions which you did not perform; or
- You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.
Learn more about Phishing, Malware and Online Banking security.
Beware of unsolicited calls, emails or SMS asking for your personal or banking information or credentials
Threat: Phishing alert
Severity: Medium
Last week, SingHealth reported a data breach where patients’ data such as names, NRIC numbers, addresses and date of birth were stolen. The stolen information may be used by syndicates to conduct social engineering and phishing scams. They may use the stolen information to trick victims to believe these scams are real.
Please be reminded to stay vigilant when you receive calls, emails and SMS from unfamiliar or unsolicited sources asking for your personal particulars, banking information and credentials.
Please stay vigilant and take the necessary precautions.
How to protect yourself:
- Be on the alert for suspicious emails / SMS and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. You should report these immediately by contacting us.
- OCBC Bank will not make unsolicited requests for your personal, financial, bank account or credit/debit card information, or unsolicited requests that you log in and verify account validity, through e-mail, mobile messages or on phone unless you have initiated the contact. Under no circumstances will the Bank ask you to reveal your PIN/Password.
- Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
- Stay vigilant before clicking on any links embedded in the SMSes or emails.
- Always type the URL of the website directly into the address bar of the browser.
- Always read the SMS alerts sent to your mobile phone for your transactions carefully.
- Update us immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.
What you should do
Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:
- You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
- You received an SMS or email alert for transactions which you did not perform; or
- You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.
Learn more about Phishing, Malware and Online Banking security.
Beware of SMS linking to phishing websites asking for your credentials
Threat: Phishing alert
Severity: Medium
The SMS may contain hyperlinks which redirect you to a webpage requesting for your Online Banking Access Code, PIN, ATM or credit card numbers, expiration date and even the 3-digit CVV number on the back of your card.
The websites are intended to steal your information and use it for unauthorised transactions on your accounts or credit cards.

Please stay vigilant and take the necessary precautions.
How to protect yourself:
- Always type the URL of the website directly into the address bar of the browser.
- Stay vigilant before clicking on any links embedded in the SMSes or emails.
- Be on the alert for suspicious emails / SMS and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. You should report these immediately by contacting us.
- OCBC Bank will not make unsolicited requests for your personal, financial, bank account or credit/debit card information, or unsolicited requests that you log in and verify account validity, through e-mail, mobile messages or on phone unless you have initiated the contact. Under no circumstances will the Bank ask you to reveal your PIN/Password.
- Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
- Always read the SMS alerts sent to your mobile phone for your transactions carefully.
- Update us immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.
What you should do
Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:
- You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
- You received an SMS or email alert for transactions which you did not perform; or
- You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.
Learn more about Phishing, Malware and Online Banking security.
Beware of emails linking to websites asking for your personal information
Threat: Phishing alert
Severity: Medium
There has been an increase in phishing emails received by our customers on their accounts being placed on hold and were requested to confirm their card details.
These emails may contain hyperlink(s) directing customers to a phishing website which will require customers to provide their personal / banking / card details. For example, full name, NRIC/ passport numbers, Bank account numbers, card numbers, expiry date, CVV number, Personal Identification Number (PIN), One Time Password (OTP) and even in some instances to provide the OTP generated from their hardware token. Once this is done, fraudulent transactions may be effected from your accounts.

To avoid any unauthorised access to your bank account(s) or transactions on your cards, please be mindful to never enter such information on to links to websites sent via emails. We advise you to stay vigilant and take the necessary precautions to protect yourself.
How to protect yourself:
- Be on the alert for suspicious emails and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. You should report these immediately by contacting us.
- OCBC Bank will not make unsolicited requests for your personal, financial, bank account or credit/debit card information, or unsolicited requests that you log in and verify account validity, through e-mail, mobile messages or on phone unless you have initiated the contact. Under no circumstances will the Bank ask you to reveal your PIN/Password.
- Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
- Always read the SMS alerts sent to your mobile phone for your transactions carefully.
- Update us immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.
What you should do
Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:
- You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
- You received a SMS or an e-mail alert for transactions which you did not perform; or
- You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.
Learn more about Phishing, Malware and Online Banking security.
Beware of emails or SMS linking to websites asking for your personal information
Threat: Phishing alert
Severity: Medium
Reports on phishing attacks had increased over the last few weeks. Generally, phishing attacks use emails or SMS (purportedly from a trusted organisation such as OCBC) with links to fictitious websites or to download apps. Such emails or SMS typically use fear tactics and may threaten to disable an account or delay services until you update certain information.

The links will direct you to a website or app that looks legit, as below. The intent is to gain unauthorised access to your bank accounts once you provide the information they request for such as:
- Personal information - NRIC/ passport number, mailing address, email address
- Banking credentials - bank account numbers, card numbers, expiry date, CVV number, Personal Identification Number (PIN), One Time Password (OTP) and in some instances to provide the OTP generated from your hardware token.

How to protect yourself:
- Know that OCBC Bank will not make unsolicited requests for your personal, financial, bank account or credit/debit card information, or unsolicited requests that you log in and verify account validity, through e-mail, mobile messages or on phone unless you have initiated the contact. Under no circumstances will the Bank ask you to reveal your PIN/Password.
- Do not use links in an email or instant message to connect to the Bank's website unless you are certain they are authentic. If you need to get to the Bank’s webpage, open your browser and type the URL directly into the address bar.
- Do not respond to emails asking for confidential information, e.g: your financial or personal information. Phishers like to use fear tactics and may threaten to disable an account or delay services until you update certain information.
- Never reveal to anyone or key in your personal banking details such as ATM, Credit Card Numbers, their PINs, Online Banking Access codes, PIN and OTP into websites or mobile apps.
- Beware of anyone who may request that you install software on your device.
- Always ensure that you download information or apps from official source only.
- Protect your computer with firewall, spam filters, anti-virus and anti-spyware software. Ensure you are getting the most up-to-date software and update them regularly to ensure that you are protected against new viruses and spyware.
- Always keep your contact information with the bank updated so that we may send you:
- Instant alerts on transactions performed on your bank accounts.
- Instant notifications on account activities such as adding a beneficiary or change of contact particulars
- Always read the SMS alerts sent to your mobile phone for your transactions carefully.
What you should do
Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:
- You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
- You received a SMS or an e-mail alert for transactions which you did not perform; or
- You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.
Learn more about Phishing, Malware and Online Banking security.
Cooling period for key account changes is 12 hours. Please stay vigilant against scams.
4 January 2023
If you are making key account changes via OCBC Internet Banking or OCBC Digital app, here are some quick updates for you to take note of:
- From 18 March 2022, when you add a new payee, increase a limit or change your mobile number/email address, it will take at least 12 hours for the change to take effect.
- For your security, we will not be able to shorten this cooling period.
- You will receive an SMS or push notification once the change takes effect.
- If you notice any requests that are not made by you or you suspect you could be a victim of scams, please call us at once.
- From 31 December 2022, changing transaction limits may be done via the OCBC Digital app.
- Step 1: Log in to the OCBC Digital app
- Step 2: Tap on the menu icon at top left corner > Transfer & Payment > Manage transaction limits
- Step 3: Review and confirm the new limit
- Step 4: Authorise the change using OCBC OneToken (on your mobile device) or your hardware token
- You may also change your daily transaction limits via OCBC Internet Banking.
- Login to OCBC Internet Banking > Customer service > Manage transaction limits
Protect yourself against scams. We urge our customers to continue to stay vigilant at all times.
To safeguard your accounts, it is important for you to adopt these security practices:
- Never click on links in SMSes or emails. Emails and SMSes sent by us will not contain any clickable URLs.
- Beware of SMS scams which direct you to call a fake hotline. Do not call any numbers given in SMSes.
- Beware of scammers making video calls to you with a bank logo featured in the background and claiming to be working for the bank, leading you to believe the call was from the bank.
- OCBC employees will never ask you to reveal your PIN/OTP or transfer funds to personal accounts.
- Call only the Bank’s Personal or Premier Banking hotline: OCBC website > Contact us. Our hotline number can also be found at the back of your debit/credit/ATM card.
- Never provide your Access Code, PIN, card details or OTP (One-Time Password) to anyone. Do not key such information into unverified webpages.
- Use only the official OCBC Digital mobile banking app or OCBC Pay Anyone™ app, or go to the OCBC website > Login > Personal Banking.
- If you are using OCBC OneToken, carefully read the authorisation message sent to you via push notification. Do not provide OCBC OneToken authorisation without knowing the purpose of the transaction or login.
- Do not transfer money to strangers. When in doubt, get advice from a family member or friend.
- Read the transaction notification alerts sent from the Bank carefully. Notify us immediately if you find any suspicious transactions.
To manage your e-Alerts and threshold limits, log in to OCBC Internet Banking > Customer service > Manage e-Alerts.
Scammers are constantly evolving their scam tactics. To avoid falling prey to scammers, please visit the ScamAlert.sg website to learn more about the tell-tale signs of the different types of scams and the latest scam tactics - such as impersonation scams, investment scams, job scams, love scams, ecommerce scams and identity theft scams.
Please call our Customer Service Hotline at 6363 3333 (or +65 6363 3333, if you are overseas) for assistance. To report possible fraud, please press 9.
Can you outsmart a scammer?
29 August 2022
According to the Singapore Police Force, a whopping 23,931 cases of scams were reported to them in 2021. That works out to 52% more than in 2020.
Do not add to this statistic. Learn how to better protect yourself and spot common scam tactics by taking the Scam Buster Quiz, brought to you by the National Crime Prevention Council (NCPC).
How Prepared Are You?
Here are some questions you might see in the quiz.

Could you spot the signs of a phishing email?

What is the first step you would take if your personal and bank details were compromised?

Are you familiar with the tactics most used by scam callers?

What would you do if you saw this ad on your social media feed?
Spot the Signs. Stop the Crimes.
Take the quiz to see how ready you are to stop scammers.
Protect yourself

Never reveal your card or digital banking login details (including your PIN and One-Time Passwords) to anyone.

Enable transaction alerts via OCBC Internet Banking and read them carefully. Notify us immediately if you see any transactions that you did not authorise.

Beware of unsolicited messages or friend requests from strangers and deals that sound too good to be true. Download the ScamShield app to block unsolicited messages and calls.
We are here for you
If you believe you have fallen prey to a scam, please visit any OCBC Bank branch or call our Personal Banking hotline at 6363 3333 (or +65 6363 3333 if you are overseas) and press 9 to report fraud. To temporarily freeze all your accounts, you can activate the emergency kill switch via the OCBC Digital app, selected OCBC ATMs or our hotline (press 8).
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.
Additional security measures on Digital Banking
03 March 2022
As additional measures to protect you from scams, we have implemented the following changes for online requests made via our Digital Banking channels:
Internet Banking / OCBC Digital app / OCBC Pay Anyone™ app
Online Request | New Measures |
Local and overseas fund transfers / Bill payments (excluding PayNow, NETS QR and PromptPay PayNow payments*) |
Authorisation limit will be changed to SGD 1,000. You will need to use your fully activated OCBC OneToken or hardware token to authorise a transaction when its amount is equal to or above the authorisation limit. |
Change of authorisation limits | No longer available via Internet Banking. You will not be able to change these authorisation limits. |
*The authorisation limit for PayNow, NETS QR and PromptPay PayNow transactions remains at SGD 200.
Internet Banking / OCBC Digital app
Online Request | New Measures |
Add payee (OCBC or other banks) |
A cooling period will apply before such key account changes take effect. Please be guided by the on-screen instructions. |
Update email address or contact number | |
Increase transaction limit** |
**To update your transaction limit, please log in to Internet Banking > Customer service > Update transaction limits.
OCBC Pay Anyone™ app
Online Request | New Measures |
Set up/reactivate biometrics login OR Reinstalling of app by existing biometrics login user |
|
Updating of the app by existing biometrics login user | When you next log in, key in the One-Time Password sent to you via SMS to reactivate biometrics login |
Update email address | No longer available |
Manage daily transfer limit |
Read up on frequently asked questions regarding the measures above.
Protect yourself against scams. We urge our customers to continue to stay vigilant at all times.
To safeguard your accounts, it is important for you to adopt these security practices:
- Never click on links in SMSes or emails. Emails and SMSes sent by us will not contain any clickable URLs.
- Beware of SMS scams which direct you to call a fake hotline. Do not call any numbers given in SMSes.
- Call only the Bank’s Personal or Premier Banking hotline: OCBC website > Contact us. Our hotline number can also be found at the back of your debit/credit/ATM card.
- Use only the official OCBC Digital mobile banking app or OCBC Pay Anyone™ app, or go to the OCBC website > Login > Personal Banking.
- Never provide your Access Code, PIN, card details or OTP (One-Time Password) to anyone. Do not key such information into unverified webpages.
- If you are using OCBC OneToken, carefully read the authorisation message sent to you via push notification. Do not provide OCBC OneToken authorisation without knowing the purpose of the transaction or login.
- Do not transfer money to strangers. When in doubt, get advice from a family member or friend.
- Read the transaction notification alerts sent from the Bank carefully. Notify us immediately if you find any suspicious transactions.
To manage your e-Alerts threshold limit and daily transaction limits, log in to OCBC Internet Banking > Customer service > Manage e-Alerts or Update transaction limits.
For more information, visit the OCBC website > Personal banking > Help and Support > Banking > See more. - If you have an iOS device, consider downloading the ScamShield app – it blocks unsolicited messages and calls. Visit https://www.scamshield.org.sg/ to find out more.
Scammers are constantly evolving their scam tactics. To avoid falling prey to scammers, please visit the ScamAlert.sg website to learn more about the tell-tale signs of the different types of scams and the latest scam tactics - such as impersonation scams, investment scams, job scams, love scams, ecommerce scams, and identity theft scams.
Use e-Alerts to safeguard your account
24 November 2021
With the rapid rise in online transactions amid the pandemic, scammers are devising ways to lure customers to unwittingly give away their online banking login credentials and card details. This has led to more people falling victim to unauthorised banking and card transactions.
While the Bank has robust controls in place such as two-factor authentication using one-time passwords (OTPs) to safeguard your transactions, these measures alone cannot eliminate scams entirely.
We advise you to remain vigilant and take measures to protect yourself.
How to protect yourself
Here is what you can do to ensure you are aware of all transactions taking place in your account:
-
Use our e-Alerts as your first line of defence
Make sure that we have your latest mobile number and email address. This is so that we can send you timely e-Alerts for transactions made using your account.You can give us your latest contact details via Internet Banking or our mobile banking app:
- Via Internet Banking: Customer service > Change personal details
- Via our app: Log in to OCBC Digital > Menu > Profile & Settings > Update phone number/email
-
Set your threshold limit for e-Alerts according to your risk preference
Tell us how you want to receive e-Alerts (push notifications, emails and/or SMSes) by going to Internet Banking > Customer service > Manage e-Alerts.You should also review your threshold limit for e-Alerts to be triggered (the prevailing default threshold limits for card transactions, if you wish to refer to them, can be found at Transaction Alerts page). For instance, if you want us to send you e-Alerts for transactions below S$1,000, you may choose a threshold limit of S$100, S$300 or S$500.
IMPORTANT:
We strongly recommend that you do not raise the threshold limit that we have set as default. As transactions below this limit will not trigger any e-Alerts, you may not notice any unauthorised ones in time and subsequently not be able to recover the money. Setting a higher threshold limit would also affect your liability for losses arising from unauthorised transactions. This is as you may be deemed to have not complied with your duty, as a consumer, to opt to receive notifications for payments made using your account.
To learn how to set threshold limits, please visit our Transaction Alerts page.
-
Always review all e-Alerts
Always read the e-Alerts carefully and notify us immediately if the transactions are not performed by you.
Tip : How to check for push notifications
Open OCBC Digital and look out for the bell icon at the top right corner of the screen. An orange dot beside the bell icon (circled in red in the image) means that we have sent you a notification. This could be a security advisory or an e-Alert.
To receive your e-Alerts in the form of push notifications, go to Internet Banking > Customer service > Manage e-Alerts
Noticed any unauthorised transactions? Inform us immediately.
-
Did you receive e-Alerts for transactions which you did not perform such as OneToken activation or deactivation, change of contact details, increase of limits, adding of a beneficiary or funds transfer?
-
Did you reveal your OTP or card PIN to someone or key it into an unknown website?
Please call our Customer Service Hotline for assistance at 1800 363 3333 (or +65 6363 3333 if you are overseas), or by visiting one of our branches during our opening hours.
Be vigilant. Protect yourself from scams.
Never reveal your Online Banking PIN, OTP or card PIN to anyone.
Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to scams.
This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.