Security Advisory
  • Spot the signs. Stop the scams.
    30 September 2020

    "I don’t think I will ever be a victim of scams." This is what many people think.

    This false sense of security is dangerous and not helpful in the fight against scams. Online scams are on the rise and it can happen anywhere, anytime to anybody. This makes constant vigilance even more important now as scammers have developed various creative ways to scam their victims. The best way to protect yourself is knowing how to identify scams.

    Learn how to spot these tell-tale signs of scams – the first step towards protecting yourself:

    • Automated calls or unsolicited phone calls claiming to be from banks, police, government agencies or reputable companies, such as telecommunications companies. Scammers disguise themselves as employees or officials on the pretext of checking your computers/mobile devices, internet connection or even pretending to be government officials, such as contact tracers from Ministry of Health. They will ask you for your bank account number, bank PIN and password. Do not give it to them. If you receive such a call, please hang up. If you are still not sure if it is real, call the official hotline number of the company or government agency.

    • Unsolicited messages offering quick loans promising fast access to cash loans and may require you to first send over some money to the person/company before they grant you the loan. Ignore and do not reply to such loan offers. DO NOT give out your banking credentials. DO NOT send over funds to unknown parties.

    • An attractive person you befriended online asking you for financial help or to join an investment website. Always verify the source and validate the legitimacy of the request.

    • Online deals with attractive prices that are too good to be true, especially during online sales spree periods such as the Oct 10.10 sales, Nov 11.11 sales and year-end sales. Always exercise caution when making online purchases, especially if you are making online transfers or payments.  Scammers may also try to steal your credit/debit card number, CVV, PIN or One-Time Password. Do not reveal such card details to anyone or key them into unverified websites.    

    • Dubious investment schemes offering quick, get-rich investment plans with high returns that are too good to be true. Scammers may take advantage of the current economic situation to entice you to first transfer money over to them in order to participate in quick get-rich programmes. Do not fall for them.

    • Impersonation - A private message from a “friend” or “family member” received via Facebook or Instagram asking for your credit card, internet banking details and One-Time Password (OTP) to participate in a lucky draw or asking you to transfer money due to an emergency. You should always verify the source and legitimacy of such requests.


    Scam Alert - Beware of online charmers  Scam Alert - Beware of Hot Deals


    Ways to protect yourself
     

    • DO NOT give out your OTPs to anyone!
      They are like the keys to your house.
    • Always read the transaction notification alerts sent by the Bank via SMS, emails or push notifications. They are like a ringing alarm. Read them carefully and inform us quickly if the transactions are unauthorised. Set up your e-Alerts by logging into Digital Banking > Customer Service > Manage your e-Alerts.
    • Always verify any requests that asked for your personal or banking details.
      DO NOT give your card details or banking credentials to anyone.
    • Do not transfer funds or remit money to unknown parties.
      Scammers will always try to create a false sense of urgency. Do not be pressurised into making FAST transfers, PayNow transfers or telegraphic transfers to unknown parties. Always verify the source and legitimacy of such requests. When in doubt, always check with the Bank. 


    Look out for the above tell-tale signs. When you know how to spot scams, you know how to protect yourself.

    Call our customer hotline at +65 6363 3333 if you need help.

    Learn more about online scams at www.scamalert.sg.

  • Stay vigilant against new COVID-19 scams
    20 April 2020

    Impersonation Scams
    Scammers are pretending to be government officials from Ministry of Health. They disguise themselves as contact tracers and will ask you for your bank account number, bank PIN and password. Do not give it to them. Bank information is NOT needed for contact tracing. If you receive such a call, please hang up. If you are still not sure if it is real, call the official government agency hotline number (MOH hotline at 1800-333-9999).  

    Phishing emails or SMSes
    Cybercriminals are sending out phishing emails under the names of trusted organisations like Apple and SIA. The subject headers are hot topics about COVID-19. Do not open the attachments or links in the emails. Once you do that, a malware will be planted in your computer. Even if there are no attachments, the emails will direct you to websites to trick you to disclose sensitive information like your bank account number, bank PIN and password.

    Malicious Websites and Applications
    Cybercriminals are sending out links to websites that claim to be COVID-19 related. They offer to provide situation maps, facilitate self-health checks, or with services for online communications for telecommuting. These sites are dangerous and can spread malware. Visitors to the malicious sites may be asked to download software that claims to help monitor the COVID-19 situation, but is in fact a Trojan, ransomware or spyware.

    Cyber Threats Targeting Technology for Remote Working Arrangements
    Video-teleconferencing (VTC) platforms have been hijacked to steal user credentials, or to gain access to your microphone and webcam. Do ensure robust controls are in place for your work from home access, or else your systems and networks can be compromised. Stay protected by using strong passwords and Wi-Fi Protected Access (WPA). Do not click on phishing emails and malicious websites.

    Loans Scams impersonating OCBC
    Scammers have sent SMS and WhatsApp messages impersonating OCBC to offer loans packages. These SMSes appear to come from "OCBCPROMO". Do not reply to these messages or call the number in the text. OCBC does not send SMSes to ‘sell’ loans. If you need financing, call us. This is an impersonation account from an unlicensed money lender and has been reported to the police. Scammers may use caller ID spoofing technology to display the bank’s number or logo, especially on Viber and WhatsApp. Always call our official hotline at 1800 363 3333 if you need help.
  • Stay vigilant against scams that use COVID-19 as bait
    18 March 2020
    Threat: Covid-19 Scams
    Severity: Medium 


    In light of the heightened situation around coronavirus (COVID-19), scammers will be looking to take advantage by stealing your money. As you take steps to protect yourself from COVID-19, it is also important to remain vigilant against scams such as:

    Impersonation scams: Scammers may impersonate as government officials (e.g. the Ministry of Health) or police officers to request for your personal and financial information on the pretext of contact tracing

    Phishing emails or SMSes: Scammers may send phishing emails or SMSes claiming to contain important COVID-19 updates. Their aim is to trick you into opening attachments containing malware or to click on a weblink to provide your online banking information.

    Ecommerce Scams: Scammers may prey on people who are looking online to buy medical supplies (e.g. surgical masks, hand sanitisers), and attempt to defraud them while they are at their most susceptible.

    How to protect yourself

    Rule number one: Do NOT reveal your One-Time Password (OTP) to anyone, or provide OneToken authorisation without knowing the intended purpose.

    It is also essential that you:
    • Remain calm if you receive calls from the government agencies or police. You can call the government agency hotline number (e.g. Ministry of Health General Hotline at 6325 9220) to verify the authenticity of the phone call.
    • Do not click on links or open attachments found in suspicious looking emails or SMSes. Always type our URL: https://www.ocbc.com/login into the browser’s address bar or download the OCBC Mobile Banking app via the App Store or Google Play.
    • Always check the credibility of the sellers by reading reviews of their services. If advance payments are required, use shopping platforms that provide arrangements to release payment to the seller only upon receipt of the item. When in doubt, purchase only from reputable sellers.
    What you should do:

    Please call us immediately at 1800 363 3333 (or +65 6363 3333 when calling from overseas) if you notice or receive:
    • SMS transaction alerts or email notifications for transactions you did not initiate or perform.
    • Any compromise or loss of your security device or security details.
    • Alerts on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.
    For more information on scams, please visit www.scamalert.sg.
  • Beware of unsolicited phone calls asking you to download or install any apps or programs on your desktop or mobile phone
    13 November 2019
    Threat: Impersonation Scam
    Severity: High

    There has been an increase in scams impersonating helpdesk support staff from telecommunication companies, IT firms or law enforcement agencies. The callers will claim that the victim’s PC or mobile device is in need of a software upgrade as it are vulnerable to online security risks. The callers will also claim that the victim has a criminal offense and they required access to their PC or mobile device to assist in supposedly ‘confidential’ investigations.

    Victims may be asked to download a program or to input several commands onto their PC or mobile device. Once this is done, the victims’ PC or mobile device will be taken control by the fraudster. Subsequently, the victims’ will be directed to provide their login credentials or credit card information. Fraudulent transactions will then take place.

    To avoid unauthorised access to your account or falling victim to such scams, please stay vigilant and take the necessary precaution to protect yourself.

    How to protect yourself:

    • Ignore calls from unsolicited callers. Scammers may use Caller ID spoofing technology to mask their actual phone numbers and display a different number.
    • Never follow the caller's instructions to install software or type commands onto your computer.
    • Be wary of any unsolicited phone call or pop-up message on your device. Security pop-up warnings from real tech companies will never ask you to call a phone number.
    • Never disclose to anyone, or key in your personal banking details such as ATM/credit/debit card numbers, their PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
    • Be wary and read the instructions on the push notifications before confirming the transactions if you are using the OneToken.
    • Never reveal the OTP from SMS, hardware or OneToken to anyone.
    • Do not transfer funds to any unknown parties.

    For more information on such scams, please visit www.scamalert.sg/scam-details/software-update-scam

    What you should do

    Please call us immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if you notice/receive:

    • any unusual/unauthorised transactions such as receiving funds you did not expect, SMS transaction alerts or email notifications for transactions you did not initiate,
    • any compromise or loss of your security device or security details.
    • SMS messages or emails for transactions which you did not perform.
    • alerts on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of unsolicited phone calls asking you to withdraw funds from your account or provide personal or banking information
    23 December 2019
    Threat: Impersonation Scam
    Severity: Medium

    Updated as of 23 December 2019

    There has been a resurgence in scams involving Mandarin-speaking callers pretending to be police officers informing you that you are involved in criminal activities.

    To avoid being prosecuted by the law, they may instruct you to:

    • provide your banking details such as ATM card, credit card, debit card and Personal Identification Number (PIN), Online Banking Access Code, PIN and One-Time Password (OTP)
    • apply for Internet banking services and a hardware token
    • and from time to time provide them the OTP generated from the token to update them on your whereabouts or location.

    In some instances, you may find unexplained sum of money in your account. The caller will instruct you to withdraw these monies and hand them to a third party (purported to be a police officer) who will meet you at a selected location.

    To avoid unauthorised access to your account or falling victim to such scams, please stay vigilant and take the necessary precaution to protect yourself.

    How to protect yourself:

    • Be wary or ignore callers claiming to be police officers or government officials.
    • If there are unexplained money in your account, do not attempt to withdraw the money for your own use or pass it to anyone. You should inform us and lodge a police report immediately.
    • Never reveal to anyone, or key in your personal banking details such as ATM/credit/debit card numbers, their PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
    • Never generate the OTP from your hardware token and reveal the OTP to anyone.
    • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
    • OCBC Bank staff will never ask you for your OCBC Online Banking PIN or OTP over the phone.
    • Call us immediately if you detect any suspicious alerts or transactions not performed by you.
    • Ignore calls from unsolicited callers. Scammers may use Caller ID spoofing technology to mask their actual phone numbers and display a different number.
    • Update us immediately when there is a change in your contact details such as mobile number or email address.

    For more information on such scams, please visit: www.scamalert.sg/types-of-scams/impersonation-scam

    What you should do

    If you notice any unusual/unauthorised transactions such as receiving funds you did not expect, SMS transaction alerts or email notifications for transactions you did not initiate, please call us immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas).

    Learn more about Phishing, Malware and Online Banking security.

  • Customers using Samsung Galaxy S10/10+, Note 10/10+ 5G devices are advised to temporarily disable fingerprint authentication due to an issue found with Samsung’s fingerprint sensor
    19 October 2019
    Threat: Data security
    Severity: Medium

    Updated as of 25 October 2019

    Customers of affected mobile phones will receive a system notification message to update the fingerprint software. Please restart the phone once the update is complete. For more information about the update from Samsung, please click here.

    Original security advisory:

    Customers utilising Samsung's fingerprint authentication are advised to use alternative methods such as passwords or Pin until a fix has been issued to prevent unauthorised access to their OCBC Mobile Banking / Pay Anyone Applications.

    Owners of the affected models are advised to disable fingerprint authentication until a fix is released by Samsung.

    To disable fingerprint login:

    • Login to the OCBC Mobile Banking app > Open the side menu > Select Settings > Deactivate OCBC OneTouch > Confirm
    • Login to the OCBC Pay Anyone app > Open the side menu > Select Settings> toggle off the Login with OneTouch

    Reference:

    https://news.samsung.com/global/statement-on-fingerprint-recognition-issue

    How to protect yourself:

    • Verify the transaction details in the SMS message, ensure that it is for the transaction that you are authorising before using the associated OTP. Inform the Bank immediately if the transaction is suspicious.
    • Ensure the OTP is keyed in the correct bank’s mobile application or website. Do not reveal the OTP to anyone.
    • The Bank will not make unsolicited requests for your banking details. Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, Online Banking Access Code, PIN/OTP into mobile applications or websites that you are not sure of.
    • Be on the alert for suspicious emails/SMS messages and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. Inform the Bank immediately if the transaction is suspicious.
    • Stay vigilant before clicking on any links embedded in the SMS messages or emails.
    • Always type the URL of the website directly into the address bar of the browser.
    • Inform the Bank immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.
    • Do not transfer funds to any unknown parties.

    What you should do

    Please call the Bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details.
    • You received a SMS message or email for transactions which you did not perform.
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of emails that may direct you to phishing webpages asking for your online banking credentials
    22 February 2019
    Threat: Phishing alert
    Severity: Medium

    There has been an increase in phishing emails received by our customers claiming to be from OCBC, such as a recent one requesting customers to register for a new authentication login for online banking.

    These emails contain a hyperlink directing you to a phishing website, which will require you to provide your personal or banking details. For example, full name, NRIC/ passport numbers, Bank account numbers, card numbers, expiry date, CVV number, Personal Identification Number (PIN), One Time Password (OTP) and even in some instances to provide the OTP generated from their hardware token. Once this is done, fraudulent transactions may be effected from your accounts.

    We advise you to stay vigilant and take the necessary precautions to protect yourself.

    Sample of a phishing email

    How to protect yourself:

    • OCBC will not request for your confidential information (e.g. PIN or OTP) through email, SMS or voice conversation.
    • Do not respond to unsolicited emails or SMS messages requesting for personal/banking credentials (e.g. NRIC/ passport numbers, address, emails, access code, PIN or OTP) or credit/debit/ATM cards details (e.g. card number, expiration date, CVV number, PIN).
    • Stay vigilant before clicking on any links embedded in the SMS messages or emails. Always type the URL of the website directly into the address bar of the browser.
    • Do not transfer funds to any unknown parties.
    • Always read the entire SMS alerts sent to your mobile phone for your transactions carefully. Inform the Bank immediately if you find the transaction suspicious.
    • Inform the Bank immediately when there is a change in your contact details such as mobile number or email address.

    What you should do:

    Please call the Bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You notice any suspected fraud or transactions which are suspicious or not performed by you.
    • There is any compromise or loss of your security device or security details.
    • You received a SMS message or email for transactions which you did not perform.
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of emails that may direct you to phishing webpages asking for your credentials
    19 December 2018
    Threat: Phishing alert
    Severity: Medium

    Avoid getting an unwanted surprise this holiday season. There has been an increase in phishing emails purporting to be from OCBC. These emails may contain hyperlinks directing you to a non-OCBC website that requires you to provide your credit/debit/ATM cards details such as card number, expiration date, CVV number or Personal Identification Number (PIN), or online banking login credentials such as Access Code, PIN or One Time Password (OTP). This may result in unauthorised access to your bank accounts. Exercise vigilance during the holiday season and be mindful not to respond to such unsolicited requests.

    Sample of a phishing email

    Sample of a phishing webpage

    How to protect yourself:

    • OCBC will not request for your PIN or OTP through voice conversation, SMS or email.
    • Do not respond to unsolicited SMS or emails requesting for credit/debit/ATM cards details (e.g. card number, expiration date, CVV number, PIN), or online banking credentials.
    • Stay vigilant before clicking on any links embedded in the SMS messages or emails. Always type the URL of the website directly into the address bar of the browser.
    • Do not transfer funds to any unknown parties.
    • Always read the SMS alerts sent to your mobile phone for your transactions carefully. Inform the Bank immediately if the transaction is suspicious.
    • Inform the Bank immediately when there is a change in your contact details such as mobile number or email address.

    What you should do:

    Please call the Bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details.
    • You received a SMS message or email for transactions which you did not perform.
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • For iOS version 12 users - How to safely use the Security Code Autofill suggestion for One-Time Password (OTP)
    1 November 2018
    Threat: Autofill input of OTP resulting in unauthorised transaction
    Severity: Medium

    Apple has introduced a new feature, Security Code Autofill, in iOS version 12. As shown in the diagrams below, this feature enables mobile devices to scan incoming Short Message Server (SMS) messages for One-Time-Password (OTP) and automatically display it as an AutoFill suggestion in the Quick Type bar above the virtual keyboard. You will only need to tap on the OTP to input it in the OTP field of an application or website instead of keying it manually.

    While this new feature may enhance user experience, please continue to stay vigilant and adopt the following safe practices when you perform online banking transactions:

    • Verify the transaction details in the SMS message, ensure that it is for the transaction that you are authorising before using the associated OTP. Inform the Bank immediately if the transaction is suspicious.
    • Ensure the OTP is keyed in the correct bank’s mobile application or website. Do not reveal the OTP to anyone.
    • The Bank will not make unsolicited requests for your banking details. Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, Online Banking Access Code, PIN/OTP into mobile applications or websites that you are not sure of.
    • Be on the alert for suspicious emails/SMS messages and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. Inform the Bank immediately if the transaction is suspicious.
    • Stay vigilant before clicking on any links embedded in the SMS messages or emails.
    • Always type the URL of the website directly into the address bar of the browser.
    • Inform the Bank immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.
    • Do not transfer funds to any unknown parties.

    What you should do:

    Please call the Bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details.
    • You received a SMS message or email for transactions which you did not perform.
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • SMS Phishing Scam
    24 August 2018
    Threat: Phishing alert
    Severity: High

    Recently, fraudsters have been sending SMSes and emails that appear to originate from OCBC, informing you to check out a new investment program.

    It claims that OCBC has announced new software that will make you a millionaire, while others tell you some miraculous software will let you “quit your job in 30 days”.

    These are NOT sent by OCBC Bank.

    If you know of friends and loved ones who have been tempted to click on the links provided in these SMSes and emails, please tell them not to. While we work hard to help our customers succeed, we certainly don’t believe in “Get rich quick” approaches.

    SMS Samples

    Sample of website after clicking the link:

    We would like to advise the public that under no circumstances will OCBC Bank make unsolicited requests through e-mail, SMSes, and phone calls that request for the following:

    • Personal details
    • Financial details
    • Bank account details
    • Credit/debit details
    • Logging into your Internet banking account
    • Verifying your account validity
    • PIN/Password

    How to protect yourself:

    • Be on the alert for suspicious emails / SMSes and websites or mobile messages, purporting to be from the Bank aking for your OCBC Online Banking login credentials such as PIN/OTP etc. You should report these immediately by contacting us.
    • Stay vigilant before clicking on any links embedded in the SMS or emails.
    • Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
    • Always type the URL of the website directly into the address bar of the browser.
    • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
    • Update us immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.
    • Do not transfer funds to any unknown parties.

    What you should do:

    Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
    • You received an SMS or email alert for transactions which you did not perform; or
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of SMS that may direct you to phishing webpages asking for your credentials
    6 August 2018
    Threat: Phishing alert
    Severity: Medium

    Fraudsters have been sending SMS containing hyperlinks targeting OCBC customers. Upon clicking on the hyperlink, you will be directed to a page requesting for your Online Banking Access Code, PIN, credit or debit card numbers, expiration date and 3-digit CVV number on the back of your card. The websites are intended to trick you to revealing your personal information and use it for unauthorised transactions on your accounts or credit cards.

    Fraudsters may spoof SMS or emails to give the appearance that they originate from OCBC. All mobile device will list the spoofed SMS in the same thread with those sent under the bank.

    Please stay vigilant and take the necessary precautions.

    How to protect yourself:

    • Always type the URL of the website directly into the address bar of the browser.
    • OCBC Bank will not make unsolicited requests for your personal or banking details (e.g., credit/ debit card information or login credentials) through channels such as emails or SMS. Inform the Bank immediately if such requests are received
    • Do not reveal any personal or banking details (e.g., ATM/ Credit/ Debit Card numbers, login credentials, OTP) into suspicious websites or mobile apps.
    • Always read SMS alerts for your transaction details carefully.
    • Inform the Bank whenever contact details or mailing address get updated.

    What you should do :

    Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you;
    • If any of your credit or atm cards, banking login credentials or security devices have been lost or compromised;
    • You received an SMS or email alert for transactions which you did not perform; or
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of unsolicited calls, emails or SMS asking for your personal or banking information or credentials
    23 July 2018
    Threat: Phishing alert
    Severity: Medium

    Last week, SingHealth reported a data breach where patients’ data such as names, NRIC numbers, addresses and date of birth were stolen. The stolen information may be used by syndicates to conduct social engineering and phishing scams. They may use the stolen information to trick victims to believe these scams are real.

    Please be reminded to stay vigilant when you receive calls, emails and SMS from unfamiliar or unsolicited sources asking for your personal particulars, banking information and credentials.

    Please stay vigilant and take the necessary precautions.

    How to protect yourself:

    • Be on the alert for suspicious emails / SMS and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. You should report these immediately by contacting us.
    • OCBC Bank will not make unsolicited requests for your personal, financial, bank account or credit/debit card information, or unsolicited requests that you log in and verify account validity, through e-mail, mobile messages or on phone unless you have initiated the contact. Under no circumstances will the Bank ask you to reveal your PIN/Password.
    • Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
    • Stay vigilant before clicking on any links embedded in the SMSes or emails.
    • Always type the URL of the website directly into the address bar of the browser.
    • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
    • Update us immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.

    What you should do

    Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
    • You received an SMS or email alert for transactions which you did not perform; or
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of SMS linking to phishing websites asking for your credentials
    13 June 2018
    Threat: Phishing alert
    Severity: Medium

    The SMS may contain hyperlinks which redirect you to a webpage requesting for your Online Banking Access Code, PIN, ATM or credit card numbers, expiration date and even the 3-digit CVV number on the back of your card.

    The websites are intended to steal your information and use it for unauthorised transactions on your accounts or credit cards.

    Please stay vigilant and take the necessary precautions.

    How to protect yourself:

    • Always type the URL of the website directly into the address bar of the browser.
    • Stay vigilant before clicking on any links embedded in the SMSes or emails.
    • Be on the alert for suspicious emails / SMS and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. You should report these immediately by contacting us.
    • OCBC Bank will not make unsolicited requests for your personal, financial, bank account or credit/debit card information, or unsolicited requests that you log in and verify account validity, through e-mail, mobile messages or on phone unless you have initiated the contact. Under no circumstances will the Bank ask you to reveal your PIN/Password.
    • Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
    • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
    • Update us immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.

    What you should do

    Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
    • You received an SMS or email alert for transactions which you did not perform; or
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of emails linking to websites asking for your personal information
    7 May 2018
    Threat: Phishing alert
    Severity: Medium

    There has been an increase in phishing emails received by our customers on their accounts being placed on hold and were requested to confirm their card details.

    These emails may contain hyperlink(s) directing customers to a phishing website which will require customers to provide their personal / banking / card details. For example, full name, NRIC/ passport numbers, Bank account numbers, card numbers, expiry date, CVV number, Personal Identification Number (PIN), One Time Password (OTP) and even in some instances to provide the OTP generated from their hardware token. Once this is done, fraudulent transactions may be effected from your accounts.

    Example of phishing email

    To avoid any unauthorised access to your bank account(s) or transactions on your cards, please be mindful to never enter such information on to links to websites sent via emails. We advise you to stay vigilant and take the necessary precautions to protect yourself.

    How to protect yourself:

    • Be on the alert for suspicious emails and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. You should report these immediately by contacting us.
    • OCBC Bank will not make unsolicited requests for your personal, financial, bank account or credit/debit card information, or unsolicited requests that you log in and verify account validity, through e-mail, mobile messages or on phone unless you have initiated the contact. Under no circumstances will the Bank ask you to reveal your PIN/Password.
    • Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
    • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
    • Update us immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.

    What you should do

    Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
    • You received a SMS or an e-mail alert for transactions which you did not perform; or
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of emails or SMS linking to websites asking for your personal information
    17 January 2018
    Threat: Phishing alert
    Severity: Medium

    Reports on phishing attacks had increased over the last few weeks. Generally, phishing attacks use emails or SMS (purportedly from a trusted organisation such as OCBC) with links to fictitious websites or to download apps. Such emails or SMS typically use fear tactics and may threaten to disable an account or delay services until you update certain information.

    Example of phishing email and sms

    The links will direct you to a website or app that looks legit, as below. The intent is to gain unauthorised access to your bank accounts once you provide the information they request for such as:

    • Personal information - NRIC/ passport number, mailing address, email address
    • Banking credentials - bank account numbers, card numbers, expiry date, CVV number, Personal Identification Number (PIN), One Time Password (OTP) and in some instances to provide the OTP generated from your hardware token.
    Example of how a phishing website or app login may look like

    How to protect yourself:

    • Know that OCBC Bank will not make unsolicited requests for your personal, financial, bank account or credit/debit card information, or unsolicited requests that you log in and verify account validity, through e-mail, mobile messages or on phone unless you have initiated the contact. Under no circumstances will the Bank ask you to reveal your PIN/Password.
    • Do not use links in an email or instant message to connect to the Bank's website unless you are certain they are authentic. If you need to get to the Bank’s webpage, open your browser and type the URL directly into the address bar.
    • Do not respond to emails asking for confidential information, e.g: your financial or personal information. Phishers like to use fear tactics and may threaten to disable an account or delay services until you update certain information.
    • Never reveal to anyone or key in your personal banking details such as ATM, Credit Card Numbers, their PINs, Online Banking Access codes, PIN and OTP into websites or mobile apps.
    • Beware of anyone who may request that you install software on your device.
    • Always ensure that you download information or apps from official source only.
    • Protect your computer with firewall, spam filters, anti-virus and anti-spyware software. Ensure you are getting the most up-to-date software and update them regularly to ensure that you are protected against new viruses and spyware.
    • Always keep your contact information with the bank updated so that we may send you:
      • Instant alerts on transactions performed on your bank accounts.
      • Instant notifications on account activities such as adding a beneficiary or change of contact particulars
    • Always read the SMS alerts sent to your mobile phone for your transactions carefully.

    What you should do

    Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
    • You received a SMS or an e-mail alert for transactions which you did not perform; or
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

Important notices

The above is for general information only and provided solely as a convenience to you. No representation or warranty (whether on adequacy or usefulness or otherwise) is given by OCBC. You confirm that you are responsible for the security of your computer and mobile devices and OCBC assumes no responsibility to you in relation thereto. We refer you to our online banking safe security practices at Safeguarding Your Online Banking Access. Your usage of our OCBC Online Banking Service is subject at all times to the terms and conditions governing Electronic Banking and the terms and conditions governing Deposit Accounts.