Security Advisory
  • How likely are you to fall for a scam?

    3 May 2021

    Scammers prey on our lack of vigilance to get us to part with our hard-earned money. When you know how to spot scams, you know how to protect yourself. To find out how savvy are you at spotting the signs of scams, take this quiz by the National Crime Prevention Council.


    According to a recent survey conducted by the Ministry of Home Affairs, victims of scams have these characteristics in common which you should avoid:

    Icon - Security - They do not believe they would fall for scams. They do not believe that they would fall for scams.
    Icon - Security - They think it is alright to share OTP or password with others. They think it is alright to share OTPs or password with others.
    Icon - Security - They are less likely to seek help and support from family and friends. They are less likely to seek help and support from family and friends after being scammed.
    Icon - they act impulsively on seeing a bargain and give in when pressured by others. They act impulsively on seeing a bargain and give in when pressured by others.
    They click on pop-up ads, emails, and links from unknown sources.


    How to protect yourself

    1. DO NOT disclose your card details or online banking login details such as access code, PIN, and OTPs to anyone. OCBC Bank employees will not request you to reveal your PIN and/or OTP.
    2. Always verify any requests that asked for your personal or banking details. 
    3. DO NOT ignore any notifications from the bank. Call us immediately if you did not make a certain transaction or suspect your bank accounts have been compromised.
    4. DO NOT transfer funds or send money to people you do not know. Scammers will always try to create a false sense of urgency. Talk to a family member or friend for advice and support when in doubt.

    Be vigilant. Protect yourself from scams.
     
    Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to scams.

    Please call our Customer Service Hotline at 1800 363 3333 (or +65 6363 3333, if you are overseas) for assistance.
  • Beware of unsolicited messages via SMS and phone calls impersonating as bank employees requesting for your banking details
    6 April 2021

    There is a new SMS scam on the rise targeting bank customers. 
     
    For such cases, the victims would receive a phishing SMS, purporting to be from their bank, alerting them that their bank accounts or ATM/Debit or Credit cards had been “suspended or deactivated,” including a specified phone number to call for assistance. When victims call the phone number, scammers impersonating as bank employees would answer the call, and ask the victims to reveal their personal particulars, online banking login details and One-Time Passwords (OTPs). After providing the details, the victims would subsequently discover that unauthorised transactions were made from their bank accounts or cards.
     
    Here are two samples of the phishing SMS: 

    Note: These phishing SMSes are not sent from OCBC Bank.

    Beware of such unsolicited messages or calls from persons impersonating as employees from OCBC Bank.
     
    Do adopt the following measures to prevent your bank accounts from being compromised:
    • Never disclose your online banking login details such as access code, PIN, and OTPs to anyone. OCBC Bank employees will not request you to reveal your PIN and/or OTP.
    • Do not respond to or authorise any authentication requests (through your OneToken or hardware token) if you did not initiate any online banking transaction. 
    • If you receive a suspicious message or call purporting to be from OCBC Bank, do not call the number provided in the SMS. Please call our Customer Service hotline at 1800 363 3333 to verify the authenticity of the request. 
    Be vigilant. Protect yourself from scams.
     
    Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to scams.

    Please call our Customer Service Hotline at 1800 363 3333 (or +65 6363 3333, if you are overseas) for assistance.
  • Beware of scams. DO NOT give your OTP to anyone.

    16 December 2020


    “Is he who he claims to be?”
    – Always pause and ask yourself, before you act.

    In this growing digitalised world, countless number of imposters and scammers are going on various types of platforms with more sophisticated scam methods, making it harder for consumers to know what and who is real and what and who is not. Scammers have devised many ways to lure their victims – these can happen anytime, anywhere.

    The best way to protect yourself? Follow this golden rule:

    DO NOT give your One-Time Password (OTP) to anyone or provide OneToken authorisation without knowing what the transaction is being used for.

     

    These are some of the common methods that the imposters and scammers have been using:

    • Are you receiving any messages from your ‘friends’ via social media, asking for your credit card or bank details, or any urgent money transfer? Be mindful, as these messages may not be from your actual friends. Online scammers and hackers may hack into your friends’ social media accounts and use their social media accounts to lure you into their traps. You should always verify with your friends or family members.
    • Automated calls claiming to be from government agencies, reputable companies, police or banks may not be from who you think he/she is from. Imposters may claim to be government officials such as personnel from the Customs or even from Ministry of Health for contact tracing matters for COVID-19. DO NOT give any personal banking information to the imposters. To check if the calls are legitimate, please call the official hotline number of the authorities or the companies.
    • Tech support calls, emails or SMSes claiming to be from Telcos or government agencies, alleging that your computers/mobile devices are having technical or internet issues and hence, requesting you to download certain applications or providing them with remote access to your computers/devices to resolve the issue. This will result in your banking details being stolen. DO NOT fall for this trick.
    • Investment schemes, where scammers offer quick, get-rich investment plans with unbelievably high returns, are usually dubious. They may take advantage of current unstable economic situations to lure the public that are looking for ways to grow their money.
    • Unsolicited messages that offer rapid approval of cash loans may require you to send your bank details prior to lending of the cash. The scammers may even request for a transfer of money before approving and granting you the loans. This could be a way to get your money and your account number for their further fraudulent activities.
    • New friend that you have met online? He/she may not be who you think he/she is. They may portray themselves with attractive photos and friendly personalities. Once they have gained your trust, they will start to ask you to transfer money to them using various excuses such as in financial difficulties or emergency situations. Be aware that they may be imposters and scammers.
    • Online deals that are too good to be true should be dealt with care. Year-end season is here now, and scammers may be approaching the public with attractive deals that are too good to be true, in celebration of Christmas, New Year, and Chinese New Year. Scammers may be attempting to steal your card details, and even your Internet Banking Access Code, PIN and OTP. DO NOT give your OTP to anyone or provide OneToken authorisation without knowing what the transaction is being used for.

    Do not be the next victim. Always remember:

    1. Your OTP is like your house key. DO NOT give it out to anyone.
    2. Transaction notifications sent by us are like an alarm that has been triggered. Read them carefully and inform us at once if the transactions are unauthorised.
    3. Verify any requests that ask for your personal or banking details.
    4. DO NOT transfer funds or send money to people you do not know.

     

    Be vigilant. Protect yourself from scams.

    Please call our customer service hotline at 1800 363 3333 (or +65 6363 3333 if overseas) if you need help.

    Learn more about online scams at www.scamalert.sg.

     

  • Spot the signs. Stop the scams.
    30 September 2020

    "I don’t think I will ever be a victim of scams." This is what many people think.

    This false sense of security is dangerous and not helpful in the fight against scams. Online scams are on the rise and it can happen anywhere, anytime to anybody. This makes constant vigilance even more important now as scammers have developed various creative ways to scam their victims. The best way to protect yourself is knowing how to identify scams.

    Learn how to spot these tell-tale signs of scams – the first step towards protecting yourself:

    • Automated calls or unsolicited phone calls claiming to be from banks, police, government agencies or reputable companies, such as telecommunications companies. Scammers disguise themselves as employees or officials on the pretext of checking your computers/mobile devices, internet connection or even pretending to be government officials, such as contact tracers from Ministry of Health. They will ask you for your bank account number, bank PIN and password. Do not give it to them. If you receive such a call, please hang up. If you are still not sure if it is real, call the official hotline number of the company or government agency.

    • Unsolicited messages offering quick loans promising fast access to cash loans and may require you to first send over some money to the person/company before they grant you the loan. Ignore and do not reply to such loan offers. DO NOT give out your banking credentials. DO NOT send over funds to unknown parties.

    • An attractive person you befriended online asking you for financial help or to join an investment website. Always verify the source and validate the legitimacy of the request.

    • Online deals with attractive prices that are too good to be true, especially during online sales spree periods such as the Oct 10.10 sales, Nov 11.11 sales and year-end sales. Always exercise caution when making online purchases, especially if you are making online transfers or payments.  Scammers may also try to steal your credit/debit card number, CVV, PIN or One-Time Password. Do not reveal such card details to anyone or key them into unverified websites.    

    • Dubious investment schemes offering quick, get-rich investment plans with high returns that are too good to be true. Scammers may take advantage of the current economic situation to entice you to first transfer money over to them in order to participate in quick get-rich programmes. Do not fall for them.

    • Impersonation - A private message from a “friend” or “family member” received via Facebook or Instagram asking for your credit card, internet banking details and One-Time Password (OTP) to participate in a lucky draw or asking you to transfer money due to an emergency. You should always verify the source and legitimacy of such requests.


    Scam Alert - Beware of online charmers  Scam Alert - Beware of Hot Deals


    Ways to protect yourself
     

    • DO NOT give out your OTPs to anyone!
      They are like the keys to your house.
    • Always read the transaction notification alerts sent by the Bank via SMS, emails or push notifications. They are like a ringing alarm. Read them carefully and inform us quickly if the transactions are unauthorised. Set up your e-Alerts by logging into Digital Banking > Customer Service > Manage your e-Alerts.
    • Always verify any requests that asked for your personal or banking details.
      DO NOT give your card details or banking credentials to anyone.
    • Do not transfer funds or remit money to unknown parties.
      Scammers will always try to create a false sense of urgency. Do not be pressurised into making FAST transfers, PayNow transfers or telegraphic transfers to unknown parties. Always verify the source and legitimacy of such requests. When in doubt, always check with the Bank. 


    Look out for the above tell-tale signs. When you know how to spot scams, you know how to protect yourself.

    Call our customer hotline at +65 6363 3333 if you need help.

    Learn more about online scams at www.scamalert.sg.

  • Stay vigilant against new COVID-19 scams
    20 April 2020

    Impersonation Scams
    Scammers are pretending to be government officials from Ministry of Health. They disguise themselves as contact tracers and will ask you for your bank account number, bank PIN and password. Do not give it to them. Bank information is NOT needed for contact tracing. If you receive such a call, please hang up. If you are still not sure if it is real, call the official government agency hotline number (MOH hotline at 1800-333-9999).  

    Phishing emails or SMSes
    Cybercriminals are sending out phishing emails under the names of trusted organisations like Apple and SIA. The subject headers are hot topics about COVID-19. Do not open the attachments or links in the emails. Once you do that, a malware will be planted in your computer. Even if there are no attachments, the emails will direct you to websites to trick you to disclose sensitive information like your bank account number, bank PIN and password.

    Malicious Websites and Applications
    Cybercriminals are sending out links to websites that claim to be COVID-19 related. They offer to provide situation maps, facilitate self-health checks, or with services for online communications for telecommuting. These sites are dangerous and can spread malware. Visitors to the malicious sites may be asked to download software that claims to help monitor the COVID-19 situation, but is in fact a Trojan, ransomware or spyware.

    Cyber Threats Targeting Technology for Remote Working Arrangements
    Video-teleconferencing (VTC) platforms have been hijacked to steal user credentials, or to gain access to your microphone and webcam. Do ensure robust controls are in place for your work from home access, or else your systems and networks can be compromised. Stay protected by using strong passwords and Wi-Fi Protected Access (WPA). Do not click on phishing emails and malicious websites.

    Loans Scams impersonating OCBC
    Scammers have sent SMS and WhatsApp messages impersonating OCBC to offer loans packages. These SMSes appear to come from "OCBCPROMO". Do not reply to these messages or call the number in the text. OCBC does not send SMSes to ‘sell’ loans. If you need financing, call us. This is an impersonation account from an unlicensed money lender and has been reported to the police. Scammers may use caller ID spoofing technology to display the bank’s number or logo, especially on Viber and WhatsApp. Always call our official hotline at 1800 363 3333 if you need help.
  • Stay vigilant against scams that use COVID-19 as bait
    18 March 2020
    Threat: Covid-19 Scams
    Severity: Medium 


    In light of the heightened situation around coronavirus (COVID-19), scammers will be looking to take advantage by stealing your money. As you take steps to protect yourself from COVID-19, it is also important to remain vigilant against scams such as:

    Impersonation scams: Scammers may impersonate as government officials (e.g. the Ministry of Health) or police officers to request for your personal and financial information on the pretext of contact tracing

    Phishing emails or SMSes: Scammers may send phishing emails or SMSes claiming to contain important COVID-19 updates. Their aim is to trick you into opening attachments containing malware or to click on a weblink to provide your online banking information.

    Ecommerce Scams: Scammers may prey on people who are looking online to buy medical supplies (e.g. surgical masks, hand sanitisers), and attempt to defraud them while they are at their most susceptible.

    How to protect yourself

    Rule number one: Do NOT reveal your One-Time Password (OTP) to anyone, or provide OneToken authorisation without knowing the intended purpose.

    It is also essential that you:
    • Remain calm if you receive calls from the government agencies or police. You can call the government agency hotline number (e.g. Ministry of Health General Hotline at 6325 9220) to verify the authenticity of the phone call.
    • Do not click on links or open attachments found in suspicious looking emails or SMSes. Always type our URL: https://www.ocbc.com/login into the browser’s address bar or download the OCBC Mobile Banking app via the App Store or Google Play.
    • Always check the credibility of the sellers by reading reviews of their services. If advance payments are required, use shopping platforms that provide arrangements to release payment to the seller only upon receipt of the item. When in doubt, purchase only from reputable sellers.
    What you should do:

    Please call us immediately at 1800 363 3333 (or +65 6363 3333 when calling from overseas) if you notice or receive:
    • SMS transaction alerts or email notifications for transactions you did not initiate or perform.
    • Any compromise or loss of your security device or security details.
    • Alerts on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.
    For more information on scams, please visit www.scamalert.sg.
  • Beware of unsolicited phone calls asking you to download or install any apps or programs on your desktop or mobile phone
    13 November 2019
    Threat: Impersonation Scam
    Severity: High

    There has been an increase in scams impersonating helpdesk support staff from telecommunication companies, IT firms or law enforcement agencies. The callers will claim that the victim’s PC or mobile device is in need of a software upgrade as it are vulnerable to online security risks. The callers will also claim that the victim has a criminal offense and they required access to their PC or mobile device to assist in supposedly ‘confidential’ investigations.

    Victims may be asked to download a program or to input several commands onto their PC or mobile device. Once this is done, the victims’ PC or mobile device will be taken control by the fraudster. Subsequently, the victims’ will be directed to provide their login credentials or credit card information. Fraudulent transactions will then take place.

    To avoid unauthorised access to your account or falling victim to such scams, please stay vigilant and take the necessary precaution to protect yourself.

    How to protect yourself:

    • Ignore calls from unsolicited callers. Scammers may use Caller ID spoofing technology to mask their actual phone numbers and display a different number.
    • Never follow the caller's instructions to install software or type commands onto your computer.
    • Be wary of any unsolicited phone call or pop-up message on your device. Security pop-up warnings from real tech companies will never ask you to call a phone number.
    • Never disclose to anyone, or key in your personal banking details such as ATM/credit/debit card numbers, their PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
    • Be wary and read the instructions on the push notifications before confirming the transactions if you are using the OneToken.
    • Never reveal the OTP from SMS, hardware or OneToken to anyone.
    • Do not transfer funds to any unknown parties.

    For more information on such scams, please visit www.scamalert.sg/scam-details/software-update-scam

    What you should do

    Please call us immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if you notice/receive:

    • any unusual/unauthorised transactions such as receiving funds you did not expect, SMS transaction alerts or email notifications for transactions you did not initiate,
    • any compromise or loss of your security device or security details.
    • SMS messages or emails for transactions which you did not perform.
    • alerts on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of unsolicited phone calls asking you to withdraw funds from your account or provide personal or banking information
    23 December 2019
    Threat: Impersonation Scam
    Severity: Medium

    Updated as of 23 December 2019

    There has been a resurgence in scams involving Mandarin-speaking callers pretending to be police officers informing you that you are involved in criminal activities.

    To avoid being prosecuted by the law, they may instruct you to:

    • provide your banking details such as ATM card, credit card, debit card and Personal Identification Number (PIN), Online Banking Access Code, PIN and One-Time Password (OTP)
    • apply for Internet banking services and a hardware token
    • and from time to time provide them the OTP generated from the token to update them on your whereabouts or location.

    In some instances, you may find unexplained sum of money in your account. The caller will instruct you to withdraw these monies and hand them to a third party (purported to be a police officer) who will meet you at a selected location.

    To avoid unauthorised access to your account or falling victim to such scams, please stay vigilant and take the necessary precaution to protect yourself.

    How to protect yourself:

    • Be wary or ignore callers claiming to be police officers or government officials.
    • If there are unexplained money in your account, do not attempt to withdraw the money for your own use or pass it to anyone. You should inform us and lodge a police report immediately.
    • Never reveal to anyone, or key in your personal banking details such as ATM/credit/debit card numbers, their PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
    • Never generate the OTP from your hardware token and reveal the OTP to anyone.
    • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
    • OCBC Bank staff will never ask you for your OCBC Online Banking PIN or OTP over the phone.
    • Call us immediately if you detect any suspicious alerts or transactions not performed by you.
    • Ignore calls from unsolicited callers. Scammers may use Caller ID spoofing technology to mask their actual phone numbers and display a different number.
    • Update us immediately when there is a change in your contact details such as mobile number or email address.

    For more information on such scams, please visit: www.scamalert.sg/types-of-scams/impersonation-scam

    What you should do

    If you notice any unusual/unauthorised transactions such as receiving funds you did not expect, SMS transaction alerts or email notifications for transactions you did not initiate, please call us immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas).

    Learn more about Phishing, Malware and Online Banking security.

  • Customers using Samsung Galaxy S10/10+, Note 10/10+ 5G devices are advised to temporarily disable fingerprint authentication due to an issue found with Samsung’s fingerprint sensor
    19 October 2019
    Threat: Data security
    Severity: Medium

    Updated as of 25 October 2019

    Customers of affected mobile phones will receive a system notification message to update the fingerprint software. Please restart the phone once the update is complete. For more information about the update from Samsung, please click here.

    Original security advisory:

    Customers utilising Samsung's fingerprint authentication are advised to use alternative methods such as passwords or Pin until a fix has been issued to prevent unauthorised access to their OCBC Mobile Banking / Pay Anyone Applications.

    Owners of the affected models are advised to disable fingerprint authentication until a fix is released by Samsung.

    To disable fingerprint login:

    • Login to the OCBC Mobile Banking app > Open the side menu > Select Settings > Deactivate OCBC OneTouch > Confirm
    • Login to the OCBC Pay Anyone app > Open the side menu > Select Settings> toggle off the Login with OneTouch

    Reference:

    https://news.samsung.com/global/statement-on-fingerprint-recognition-issue

    How to protect yourself:

    • Verify the transaction details in the SMS message, ensure that it is for the transaction that you are authorising before using the associated OTP. Inform the Bank immediately if the transaction is suspicious.
    • Ensure the OTP is keyed in the correct bank’s mobile application or website. Do not reveal the OTP to anyone.
    • The Bank will not make unsolicited requests for your banking details. Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, Online Banking Access Code, PIN/OTP into mobile applications or websites that you are not sure of.
    • Be on the alert for suspicious emails/SMS messages and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. Inform the Bank immediately if the transaction is suspicious.
    • Stay vigilant before clicking on any links embedded in the SMS messages or emails.
    • Always type the URL of the website directly into the address bar of the browser.
    • Inform the Bank immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.
    • Do not transfer funds to any unknown parties.

    What you should do

    Please call the Bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details.
    • You received a SMS message or email for transactions which you did not perform.
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of emails that may direct you to phishing webpages asking for your online banking credentials
    22 February 2019
    Threat: Phishing alert
    Severity: Medium

    There has been an increase in phishing emails received by our customers claiming to be from OCBC, such as a recent one requesting customers to register for a new authentication login for online banking.

    These emails contain a hyperlink directing you to a phishing website, which will require you to provide your personal or banking details. For example, full name, NRIC/ passport numbers, Bank account numbers, card numbers, expiry date, CVV number, Personal Identification Number (PIN), One Time Password (OTP) and even in some instances to provide the OTP generated from their hardware token. Once this is done, fraudulent transactions may be effected from your accounts.

    We advise you to stay vigilant and take the necessary precautions to protect yourself.

    Sample of a phishing email

    How to protect yourself:

    • OCBC will not request for your confidential information (e.g. PIN or OTP) through email, SMS or voice conversation.
    • Do not respond to unsolicited emails or SMS messages requesting for personal/banking credentials (e.g. NRIC/ passport numbers, address, emails, access code, PIN or OTP) or credit/debit/ATM cards details (e.g. card number, expiration date, CVV number, PIN).
    • Stay vigilant before clicking on any links embedded in the SMS messages or emails. Always type the URL of the website directly into the address bar of the browser.
    • Do not transfer funds to any unknown parties.
    • Always read the entire SMS alerts sent to your mobile phone for your transactions carefully. Inform the Bank immediately if you find the transaction suspicious.
    • Inform the Bank immediately when there is a change in your contact details such as mobile number or email address.

    What you should do:

    Please call the Bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You notice any suspected fraud or transactions which are suspicious or not performed by you.
    • There is any compromise or loss of your security device or security details.
    • You received a SMS message or email for transactions which you did not perform.
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of emails that may direct you to phishing webpages asking for your credentials
    19 December 2018
    Threat: Phishing alert
    Severity: Medium

    Avoid getting an unwanted surprise this holiday season. There has been an increase in phishing emails purporting to be from OCBC. These emails may contain hyperlinks directing you to a non-OCBC website that requires you to provide your credit/debit/ATM cards details such as card number, expiration date, CVV number or Personal Identification Number (PIN), or online banking login credentials such as Access Code, PIN or One Time Password (OTP). This may result in unauthorised access to your bank accounts. Exercise vigilance during the holiday season and be mindful not to respond to such unsolicited requests.

    Sample of a phishing email

    Sample of a phishing webpage

    How to protect yourself:

    • OCBC will not request for your PIN or OTP through voice conversation, SMS or email.
    • Do not respond to unsolicited SMS or emails requesting for credit/debit/ATM cards details (e.g. card number, expiration date, CVV number, PIN), or online banking credentials.
    • Stay vigilant before clicking on any links embedded in the SMS messages or emails. Always type the URL of the website directly into the address bar of the browser.
    • Do not transfer funds to any unknown parties.
    • Always read the SMS alerts sent to your mobile phone for your transactions carefully. Inform the Bank immediately if the transaction is suspicious.
    • Inform the Bank immediately when there is a change in your contact details such as mobile number or email address.

    What you should do:

    Please call the Bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details.
    • You received a SMS message or email for transactions which you did not perform.
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • For iOS version 12 users - How to safely use the Security Code Autofill suggestion for One-Time Password (OTP)
    1 November 2018
    Threat: Autofill input of OTP resulting in unauthorised transaction
    Severity: Medium

    Apple has introduced a new feature, Security Code Autofill, in iOS version 12. As shown in the diagrams below, this feature enables mobile devices to scan incoming Short Message Server (SMS) messages for One-Time-Password (OTP) and automatically display it as an AutoFill suggestion in the Quick Type bar above the virtual keyboard. You will only need to tap on the OTP to input it in the OTP field of an application or website instead of keying it manually.

    While this new feature may enhance user experience, please continue to stay vigilant and adopt the following safe practices when you perform online banking transactions:

    • Verify the transaction details in the SMS message, ensure that it is for the transaction that you are authorising before using the associated OTP. Inform the Bank immediately if the transaction is suspicious.
    • Ensure the OTP is keyed in the correct bank’s mobile application or website. Do not reveal the OTP to anyone.
    • The Bank will not make unsolicited requests for your banking details. Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, Online Banking Access Code, PIN/OTP into mobile applications or websites that you are not sure of.
    • Be on the alert for suspicious emails/SMS messages and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. Inform the Bank immediately if the transaction is suspicious.
    • Stay vigilant before clicking on any links embedded in the SMS messages or emails.
    • Always type the URL of the website directly into the address bar of the browser.
    • Inform the Bank immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.
    • Do not transfer funds to any unknown parties.

    What you should do:

    Please call the Bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details.
    • You received a SMS message or email for transactions which you did not perform.
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • SMS Phishing Scam
    24 August 2018
    Threat: Phishing alert
    Severity: High

    Recently, fraudsters have been sending SMSes and emails that appear to originate from OCBC, informing you to check out a new investment program.

    It claims that OCBC has announced new software that will make you a millionaire, while others tell you some miraculous software will let you “quit your job in 30 days”.

    These are NOT sent by OCBC Bank.

    If you know of friends and loved ones who have been tempted to click on the links provided in these SMSes and emails, please tell them not to. While we work hard to help our customers succeed, we certainly don’t believe in “Get rich quick” approaches.

    SMS Samples

    Sample of website after clicking the link:

    We would like to advise the public that under no circumstances will OCBC Bank make unsolicited requests through e-mail, SMSes, and phone calls that request for the following:

    • Personal details
    • Financial details
    • Bank account details
    • Credit/debit details
    • Logging into your Internet banking account
    • Verifying your account validity
    • PIN/Password

    How to protect yourself:

    • Be on the alert for suspicious emails / SMSes and websites or mobile messages, purporting to be from the Bank aking for your OCBC Online Banking login credentials such as PIN/OTP etc. You should report these immediately by contacting us.
    • Stay vigilant before clicking on any links embedded in the SMS or emails.
    • Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
    • Always type the URL of the website directly into the address bar of the browser.
    • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
    • Update us immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.
    • Do not transfer funds to any unknown parties.

    What you should do:

    Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
    • You received an SMS or email alert for transactions which you did not perform; or
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of SMS that may direct you to phishing webpages asking for your credentials
    6 August 2018
    Threat: Phishing alert
    Severity: Medium

    Fraudsters have been sending SMS containing hyperlinks targeting OCBC customers. Upon clicking on the hyperlink, you will be directed to a page requesting for your Online Banking Access Code, PIN, credit or debit card numbers, expiration date and 3-digit CVV number on the back of your card. The websites are intended to trick you to revealing your personal information and use it for unauthorised transactions on your accounts or credit cards.

    Fraudsters may spoof SMS or emails to give the appearance that they originate from OCBC. All mobile device will list the spoofed SMS in the same thread with those sent under the bank.

    Please stay vigilant and take the necessary precautions.

    How to protect yourself:

    • Always type the URL of the website directly into the address bar of the browser.
    • OCBC Bank will not make unsolicited requests for your personal or banking details (e.g., credit/ debit card information or login credentials) through channels such as emails or SMS. Inform the Bank immediately if such requests are received
    • Do not reveal any personal or banking details (e.g., ATM/ Credit/ Debit Card numbers, login credentials, OTP) into suspicious websites or mobile apps.
    • Always read SMS alerts for your transaction details carefully.
    • Inform the Bank whenever contact details or mailing address get updated.

    What you should do :

    Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you;
    • If any of your credit or atm cards, banking login credentials or security devices have been lost or compromised;
    • You received an SMS or email alert for transactions which you did not perform; or
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of unsolicited calls, emails or SMS asking for your personal or banking information or credentials
    23 July 2018
    Threat: Phishing alert
    Severity: Medium

    Last week, SingHealth reported a data breach where patients’ data such as names, NRIC numbers, addresses and date of birth were stolen. The stolen information may be used by syndicates to conduct social engineering and phishing scams. They may use the stolen information to trick victims to believe these scams are real.

    Please be reminded to stay vigilant when you receive calls, emails and SMS from unfamiliar or unsolicited sources asking for your personal particulars, banking information and credentials.

    Please stay vigilant and take the necessary precautions.

    How to protect yourself:

    • Be on the alert for suspicious emails / SMS and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. You should report these immediately by contacting us.
    • OCBC Bank will not make unsolicited requests for your personal, financial, bank account or credit/debit card information, or unsolicited requests that you log in and verify account validity, through e-mail, mobile messages or on phone unless you have initiated the contact. Under no circumstances will the Bank ask you to reveal your PIN/Password.
    • Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
    • Stay vigilant before clicking on any links embedded in the SMSes or emails.
    • Always type the URL of the website directly into the address bar of the browser.
    • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
    • Update us immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.

    What you should do

    Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
    • You received an SMS or email alert for transactions which you did not perform; or
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of SMS linking to phishing websites asking for your credentials
    13 June 2018
    Threat: Phishing alert
    Severity: Medium

    The SMS may contain hyperlinks which redirect you to a webpage requesting for your Online Banking Access Code, PIN, ATM or credit card numbers, expiration date and even the 3-digit CVV number on the back of your card.

    The websites are intended to steal your information and use it for unauthorised transactions on your accounts or credit cards.

    Please stay vigilant and take the necessary precautions.

    How to protect yourself:

    • Always type the URL of the website directly into the address bar of the browser.
    • Stay vigilant before clicking on any links embedded in the SMSes or emails.
    • Be on the alert for suspicious emails / SMS and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. You should report these immediately by contacting us.
    • OCBC Bank will not make unsolicited requests for your personal, financial, bank account or credit/debit card information, or unsolicited requests that you log in and verify account validity, through e-mail, mobile messages or on phone unless you have initiated the contact. Under no circumstances will the Bank ask you to reveal your PIN/Password.
    • Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
    • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
    • Update us immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.

    What you should do

    Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
    • You received an SMS or email alert for transactions which you did not perform; or
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of emails linking to websites asking for your personal information
    7 May 2018
    Threat: Phishing alert
    Severity: Medium

    There has been an increase in phishing emails received by our customers on their accounts being placed on hold and were requested to confirm their card details.

    These emails may contain hyperlink(s) directing customers to a phishing website which will require customers to provide their personal / banking / card details. For example, full name, NRIC/ passport numbers, Bank account numbers, card numbers, expiry date, CVV number, Personal Identification Number (PIN), One Time Password (OTP) and even in some instances to provide the OTP generated from their hardware token. Once this is done, fraudulent transactions may be effected from your accounts.

    Example of phishing email

    To avoid any unauthorised access to your bank account(s) or transactions on your cards, please be mindful to never enter such information on to links to websites sent via emails. We advise you to stay vigilant and take the necessary precautions to protect yourself.

    How to protect yourself:

    • Be on the alert for suspicious emails and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. You should report these immediately by contacting us.
    • OCBC Bank will not make unsolicited requests for your personal, financial, bank account or credit/debit card information, or unsolicited requests that you log in and verify account validity, through e-mail, mobile messages or on phone unless you have initiated the contact. Under no circumstances will the Bank ask you to reveal your PIN/Password.
    • Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
    • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
    • Update us immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.

    What you should do

    Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
    • You received a SMS or an e-mail alert for transactions which you did not perform; or
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of emails or SMS linking to websites asking for your personal information
    17 January 2018
    Threat: Phishing alert
    Severity: Medium

    Reports on phishing attacks had increased over the last few weeks. Generally, phishing attacks use emails or SMS (purportedly from a trusted organisation such as OCBC) with links to fictitious websites or to download apps. Such emails or SMS typically use fear tactics and may threaten to disable an account or delay services until you update certain information.

    Example of phishing email and sms

    The links will direct you to a website or app that looks legit, as below. The intent is to gain unauthorised access to your bank accounts once you provide the information they request for such as:

    • Personal information - NRIC/ passport number, mailing address, email address
    • Banking credentials - bank account numbers, card numbers, expiry date, CVV number, Personal Identification Number (PIN), One Time Password (OTP) and in some instances to provide the OTP generated from your hardware token.
    Example of how a phishing website or app login may look like

    How to protect yourself:

    • Know that OCBC Bank will not make unsolicited requests for your personal, financial, bank account or credit/debit card information, or unsolicited requests that you log in and verify account validity, through e-mail, mobile messages or on phone unless you have initiated the contact. Under no circumstances will the Bank ask you to reveal your PIN/Password.
    • Do not use links in an email or instant message to connect to the Bank's website unless you are certain they are authentic. If you need to get to the Bank’s webpage, open your browser and type the URL directly into the address bar.
    • Do not respond to emails asking for confidential information, e.g: your financial or personal information. Phishers like to use fear tactics and may threaten to disable an account or delay services until you update certain information.
    • Never reveal to anyone or key in your personal banking details such as ATM, Credit Card Numbers, their PINs, Online Banking Access codes, PIN and OTP into websites or mobile apps.
    • Beware of anyone who may request that you install software on your device.
    • Always ensure that you download information or apps from official source only.
    • Protect your computer with firewall, spam filters, anti-virus and anti-spyware software. Ensure you are getting the most up-to-date software and update them regularly to ensure that you are protected against new viruses and spyware.
    • Always keep your contact information with the bank updated so that we may send you:
      • Instant alerts on transactions performed on your bank accounts.
      • Instant notifications on account activities such as adding a beneficiary or change of contact particulars
    • Always read the SMS alerts sent to your mobile phone for your transactions carefully.

    What you should do

    Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
    • You received a SMS or an e-mail alert for transactions which you did not perform; or
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

Important notices

The above is for general information only and provided solely as a convenience to you. No representation or warranty (whether on adequacy or usefulness or otherwise) is given by OCBC. You confirm that you are responsible for the security of your computer and mobile devices and OCBC assumes no responsibility to you in relation thereto. We refer you to our online banking safe security practices at Safeguarding Your Online Banking Access. Your usage of our OCBC Online Banking Service is subject at all times to the terms and conditions governing Electronic Banking and the terms and conditions governing Deposit Accounts.