Security Advisory
  • BEWARE of SMS phishing scams offering a free online investment training course

    24 June 2022

    Scammers have been sending SMSes claiming that OCBC is offering a free online investment training course. Recipients are invited to join a WhatsApp group by adding the mobile number provided in the SMS.

    This is a scam – such SMSes are not sent by OCBC Bank. DO NOT respond to the SMSes or click on any links. NEVER add unknown numbers to your WhatsApp contact list.

    Sample of SMS:

    If in doubt, call our Personal Banking hotline at 6363 3333 (or +65 6363 3333 if you are overseas) for assistance. Press 9 to report fraud or 8 to temporarily freeze all your accounts and cards.

    Tips to protect yourself against such scams

    • DO NOT call any numbers or click on any links in SMSes. We will never send an SMS to inform you about login issues, account closures or your being locked out of your account

    • DO NOT provide your Access Code, PIN, card details or One-Time Password (OTP) to anyone. OCBC employees will never ask you to reveal your PIN/OTP or transfer funds to personal accounts.

    • DO NOT key such information into unverified webpages. We will never send you any SMSes or emails with clickable URLs.

    • Use only the official OCBC Digital mobile banking app or OCBC Pay Anyone™ app, or go to the OCBC website > Login > Personal Banking.

    • DO NOT transfer money to strangers.

    • Always read the transaction notification alerts sent by the Bank via SMS, email or push notification – they are our first line of defence. Read them carefully and inform us immediately if the transactions are unauthorised.

    Be vigilant. Protect yourself from scams.

    Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to them.

    This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.

  • Beware of SMS scams that direct you to call a hotline or click on a URL

    24 May 2022 (Updated on 8 June 2022)

    Beware of SMS scams that direct you to call a hotline or click on a URL to resolve an issue involving your bank account or credit card.

    Scammers will send an SMS claiming that there are issues with your bank account, credit or debit cards. To resolve these issues, you are urged to call the number in the SMS or click on a URL.

    • If you put a call through, a scammer will answer and confirm that there are issues with your card(s), then ask for your credit or debit card details, login credentials and One-Time Passwords (OTPs) under the pretext of assisting you.
    • If you click on the URL, you will be taken to a website controlled by the scammers and asked to provide your online banking login credentials, card details or OTPs.
    Doing any of the above will result in the scammers making unauthorised transactions using your bank accounts or credit/debit cards.

    Sample of phishing SMSes:



    How to protect yourself:

    • Do not call any numbers or click on any links in SMSes. We will never send an SMS to inform you about login issues, account closures or your being locked out of your account.
    • Do not provide your Access Code, PIN, card details or OTP to anyone. OCBC employees will never ask you to reveal your PIN/OTP or transfer funds to personal accounts.
    • Do not key such information into unverified webpages. We will never send you any SMSes or emails with clickable URLs.
    • Use only the official OCBC Digital mobile banking app or OCBC Pay Anyone™ app, or go to the OCBC website > Login > Personal Banking.
    • If in doubt, call our Personal Banking hotline at 6363 3333 (or +65 6363 3333 if you are overseas) for assistance. Press 9 to report fraud or 8 to temporarily freeze all your accounts and cards.

    Be vigilant. Protect yourself from scams.

    Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to them.

    Read the police media release on bank-related phishing scams here: https://www.police.gov.sg/media-room/news/20220522_police_advisory_on_banking-related_phishing_scams.

    Spot the signs, stop the crimes. Stay vigilant at all times.

    This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.

  • Watch out for tech support scams

    17 May 2022

    Tech support scams are back.

    Scammers will approach victims under the pretext of assisting them to resolve computer or Wi-Fi network issues. Since January 2022, the police have reported that at least 154 victims have lost at least $7.1 million in such scams. Do not be the next victim.

    Got a pop-up alert on your Internet browser claiming that your computer has been compromised so that you should call a number for help?

    Received an unsolicited call, supposedly from your Internet Service Provider, claiming that your Wi-Fi network has been compromised by hackers?

    Do not act. These are 2 common methods used by scammers to gain access to your banking accounts.

    Read on – spot the tell-tale signs. Protect yourself.

    Tech support scams prey on your fears

    Be on your guard. Tech support and impersonation scams are on the rise and scammers can impersonate helpdesk support staff from telecommunication companies, IT firms, police, local or overseas government officials.

    Here is how they may prey on you:

    • What they will steal: Card details or digital banking login credentials.
    • Where: Through pop-up alerts on your internet browser, unsolicited phone calls, automated voice messages or video calls.
    • How: Scammers will continue to evolve their scam tactics, they will typically play on your fears, giving you a variety of reasons and asking you to act quickly. Here are 2 common methods:
    1. In the first method, victims will receive a pop-up alert while using the Internet on their computers. The alert states that their computer has been compromised and they must call the software provider for assistance. The number usually begins with +65, leading the victims to believe it is a valid local helpdesk number and that they will eventually speak to ‘tech support staff’.
    2. In the second method, the victims will receive unsolicited calls from scammers who claim to be working for Internet Service Providers. The scammers will tell the victims that their Wi-Fi network has issues or has been compromised by hackers. The scammers claim they are able to ‘help’ rectify this problem.

    In some instances, the scammers may also claim that the victim has committed a criminal offence and that they are investigating the issue.

    Under the pretext of resolving the issue, the scammers may ask the victims to do one or more of the following actions:

    • Download remote access software, such as TeamViewer, UltraViewer or AnyDesk, which gave the scammers control of the victims' devices.
    • Provide their Online Banking login credentials, credit/debit card details and/or One-Time Passwords (OTPs), which allow them to make fraudulent transactions.
    • Open accounts or apply for Internet Banking services, which allow them to take control of the victims’ bank accounts.
    • Scan a Singpass QR code on a phishing site (on the pretext that it is part of the verification process). This may lead to cryptocurrency wallets being unknowingly created in the name of the victims and used to facilitate illicit flows of funds.
    • Transfer money to people they do not know.

    How to protect yourself

    • Spot the tell-tale signs: Beware of unsolicited calls or unusual pop-up alerts on your device.
    • Ignore calls with the +65 sign prefix as these are international calls pretending to be domestic calls.
    • Always verify the identity of the person(s) and the organisation(s) by calling their official hotline number(s).
    • Do not answer unsolicited calls. If you do accidentally answer, do not install software in or type commands on your computer.
    • Never reveal your login credentials, card details or personal information to anyone.
    • Never authorise a transaction or login unless you know its purpose.

    Should you believe you have fallen prey to such scams, you are advised to take these immediate steps:

    1. Log off and turn off your computer to limit any further activities that the scammers can execute; and
    2. Call our Personal Banking hotline at 6363 3333 (or +65 6363 3333, if you are overseas) for assistance. Press option 9 to report fraud or 8 to temporarily freeze all your accounts and cards.

    Be vigilant. Protect yourself from scams.

    Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to them.

    Read the police media release on Tech Support Scam here: https://www.police.gov.sg/Media-Room/News/20220426_joint_advisory_on_tech_support_scam

    This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.

  • Latest scams sent from ‘OCBC’-looking SMS headers

    29 April 2022

    We have received reports from customers who have received SMSes that appear to originate from “OCBC” under similar-looking SMS headers like “OC ALERT” and "OC ONLINE". Beware - they are not sent by the Bank.


    • We will never send an SMS to inform you about about login issues, account closures or your being locked out of your account.
    • We will never send you any SMSes or emails with clickable URLs.
    • Use only the official OCBC Digital mobile banking app or OCBC Pay Anyone™ app, or go to the OCBC website > Login > Personal Banking.
    • Do not provide your Access Code, PIN, card details or OTP (One-Time Password) to anyone.
    • Do not key such information into unverified webpages.
    • Beware of SMS scams which direct you to call a fake hotline. If in doubt, call our hotline directly at 6363 3333 (or +65 6363 3333, if you are overseas).

    Sample of phishing SMSes NOT sent by us:


    We have availed a dedicated option for customers calling our hotline – 6363 3333 – to report possible fraud (just press 9).

    Spot the signs, stop the crimes. Be alert, not a victim.

  • Beware of police impersonation scams. Do NOT reveal your login credentials or card details to anyone.

    13 April 2022

    Be on your guard. Impersonation scams are on the rise and scammers can impersonate anyone, including the police, local and overseas government officials.

    Here is how they may prey on you:

      • What they will steal: Digital banking login credentials or card details.
      • How they will get in touch: Through unsolicited phone calls, automated voice messages or even video calls showing a Singapore Police Force logo in the background (the caller will pretend to be a police officer).
      • What they might say: They will play on your fears, asking you to help ‘the police’ resolve some issue. They might also claim that you are under investigation for being a money mule or a financial crime/money laundering offence.

    To resolve these issues, the scammers will ask you to:

    • Apply for Internet Banking service or provide your online banking login credentials to the police or government officials so they can investigate offences in Singapore or other countries. Gaining access to them will allow them to make fraudulent funds transfers or set up unauthorised recurring funds transfers to certain organisations or payment wallets via eGIRO.
    • Provide your credit card details and/or One-Time Passwords (OTPs), which allow them to make transactions using your cards.
    • Open account that they will subsequently take control of.
    • Transfer money to someone you do not know.

    How to protect yourself:

    • Spot the tell-tale signs: Impersonation scams will usually start from unsolicited calls or requests.
    • Verify the identity of the person(s). Speak to a family member/trusted friend for help.
    • Do not be in a hurry to act. Stay vigilant. Never give out your login credentials, card details or personal information to anyone. 
    • Never transfer money to people/accounts that you do not know.
    • Read our security advisory at the OCBC Internet Banking or OCBC Digital app home page.
    • Visit the National Crime Prevention Council’s ScamAlert SG website to learn – and take a short quiz – about scams and how to avoid being a victim.

     

    Be vigilant. Protect yourself from scams.

    Please call our Customer Service hotline at 6363 3333 (or +65 6363 3333, if you are overseas) for assistance. To report possible fraud, please press 9.

    This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.

  • Stay vigilant and guard against imminent scams

    06 April 2022

    As the nation tackles sharp spike in the number of reported cases on scams in 2021, we would like to bring your attention to the prevailing types of scams which preyed on human's emotions and greed.

    Impersonation Scams, preying on your fears

    Be on your guard. Impersonation scams are on the rise and scammers can impersonate anyone, including bank staff, your family and friends, the police, local or overseas government officials and technical support staff.

    Here is how they may prey on you:

    • What they will steal: Card details or digital banking login credentials.
    • Where: Through social media, chat apps, phone calls, automated voice messages, or even via a video call to you with a bank logo in the background, pretending to be calling from the bank.
    • How: They will play on your fears, giving you reasons like the following and asking you to act quickly:
      • Your account/card is frozen or login attempts were made using your account.
      • Your Internet connection needs to be fixed.
      • You must help ‘the police’ resolve some issues or you are under investigation for being a money mule, or a financial crime/money laundering offence.
      • You are asked to apply for Internet Banking service or reveal your login credentials to some China ‘police’ or ‘government officials’ to investigate on offences in Singapore or China.
      • You are given an attractive offer from the bank or a company.

    To resolve these issues or to take up the offer, the scammers will ask you to:

      • Download remote access software, which allow them to gain access to your computers or mobile devices.
      • Provide your credit card details and/or One-Time Passwords (OTPs), which allow them to make transactions using your cards.
      • Provide your online banking login credentials, which allow them to make funds transfers or payments.
      • Open account or apply for Internet banking services which allow them to take control of your bank accounts.
      • Transfer money to someone you do not know.

     

    Impersonation scam poster from Scamalert.sg:


    Jobs Scams, preying on greed through quick lucrative returns

    Ever come across online advertisements or phone messages offering easy jobs with lucrative returns?

    If it seems too good to be true, it probably is – such advertisements and messages are job scams. Do NOT respond to them or allow your bank accounts to be used by these scammers.

    Common tactics adopted by scammers:

    • Receiving unsolicited messages, via social media or messaging apps, and given details of an attractive, commission-based job offer.
    • You are added into a group chat with others supposedly doing the same job. These other ‘job seekers’ (fraud actors) will talk about how easy the job is and how quickly money can be made.
    • You are asked to take these steps: Add certain items to your shopping cart on an e-commerce site, take a screenshot of the shopping cart page, then transfer funds to a bank account.
    • You are told that this will help improve sales and are promised a full refund – with an attractive commission to boot.
    • In order to perform more job tasks and earn the commission, you may also be directed to recruit more members to upgrade your membership status.
    • After receiving the initial commissions, you will realise you will NOT be able to get back the sums of money you have transferred to the scammers.


    Job scam poster from Scamalert.sg:


    How to protect yourself:

    • Spot the tell-tale signs: Both types of scams will usually start from unsolicited calls or requests.
    • Verify the identity of the person(s). Speak to a family member/trusted friend for help.
    • Do not be in a hurry to act. Stay vigilant. Never give out your login credentials, card details or personal information to anyone.
    • Never transfer monies to people/ accounts whom you do not know.
    • Read our security advisory at the OCBC Internet Banking or OCBC Digital app login page.
    • Guard against the different types of scams and take a short quiz by the National Crime Prevention Council via the Scamalert SG website.


    Be vigilant. Protect yourself from scams.

    Read the Police Advisory alert on: China officials Impersonation Scams.

    Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to scams.

    Please call our Customer Service Hotline at 6363 3333 (or +65 6363 3333, if you are overseas) for assistance. To report possible fraud, please press 9.

    This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.

  • Do not be the next victim of Job Scams!

    24 March 2022

    Ever come across online advertisements or receive messages from strangers online, offering easy-to-do tasks for attractive commission?

    Scammers would offer fake online jobs which requires the victims to complete easy tasks such as making online purchases or doing surveys.

    If it seems too good to be true, it usually is – such advertisements and messages are job scams. Do NOT respond to them or allow your bank accounts to be used by these scammers.


    Look out for these red flags if you receive unsolicited job offers:

    • Easy jobs that offer lucrative commissions that are simply too good to be true;
    • Unsolicited messages advertising job offers from unknown numbers or unknown foreign numbers;
    • Requests to transfer funds to bank accounts belonging to individuals they had not met in person; and
    • Requests to open and hand over bank accounts to anyone.


    The following is a common tactic that scammers use in job scams:

    • You will receive unsolicited WhatsApp messages, Facebook or Telegram posts on advertisements promoting highly paid work-from-home jobs.
    • You are added into a group chat with others supposedly doing the same job. These other ‘job seekers’ will talk about how easy the job is and how quickly money can be made.
    • You are asked to complete easy tasks such as making online purchases.
    • You are told that this will help improve sales and are promised a full refund – with an attractive commission to boot.
    • You will be given refunds – with commission – as promised, for the first few purchases. However, you will be asked to pay for increasingly expensive items.
    • In order to perform more job tasks and earn the commission, you may also be directed to recruit more members to upgrade your membership status.
    • You will NOT get your money back after transferring a large sum of money.


    Screenshots of the job scam websites:

    Victims will realise that they had been scammed when they did not receive further commissions or were unable to make withdrawals from their member accounts. These job scammers are believed to be running Ponzi-like schemes where the new job seekers’ money was used to pay the promised commissions to existing job holders.


    How to protect yourself against job scams:

    • Do not accept dubious or unsolicited job offers that offer lucrative returns for little effort.
    • Do not transfer money to people you do not know.
    • Do not disclose your card details, online banking login credentials or One-Time-Passwords (OTPs) to anyone.
    • Ensure that we have your latest contact details.
    • Have us notify you via SMS, email or push notification (e-Alerts) about transactions that took place in your account. Set your e-Alert threshold limits or change your settings via Internet Banking > Customer service > Manage e-Alerts.
    • Always read the e-Alerts carefully and call us immediately if you notice something amiss.
    • If you have an iOS device, consider downloading the ScamShield app – it blocks unsolicited messages and calls. Visit www.scamshield.org.sg to find out more.


    Be vigilant. Protect yourself from scams.

    Read the Police Advisory alert regarding Job Scams: Another 14 Investigated For Their Suspected Involvement In Ponzi-Like Job Scams Involving E-Commerce Affiliate Business (EAB) (police.gov.sg)

    Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to scams.

    Please call our Customer Service Hotline at 6363 3333 (or +65 6363 3333, if you are overseas) for assistance. To report possible fraud, please press 9.

    This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.

  • Update: Cooling period for key account changes is now 12 hours. Please stay vigilant against scams.

    18 March 2022

    If you are making key account changes via OCBC Internet Banking or OCBC Digital app, here are some quick updates for you to take note of:

    • From 18 March 2022, when you add new payee, raise a limit or update your mobile number/email address, it will take at least 12 hours (instead of 24 hours now) for the change to take effect.
      • For your security, we will not be able to shorten this cooling period.
      • You will receive a SMS or push notification once the change is effected.
      • If you notice any requests that are not made by you or you suspect you could be a victim of scams, please call the Bank at once.
    • You can now change the PayNow daily limit via OCBC Digital app.
      • Just follow the on-screen steps at the funds transfer / payment page and you can adjust the limit according to your needs (to as low as $100).
    • You can also change your transaction limits via Internet Banking:
      • Login to OCBC Internet Banking > Customer service > Change transaction limits.


    Protect yourself against scams. We urge our customers to continue to stay vigilant at all times.

    To safeguard your accounts, it is important for you to adopt these security practices:

    • Never click on links in SMSes or emails. Emails and SMSes sent by us will not contain any clickable URLs.
    • Beware of SMS scams which direct you to call a fake hotline. Do not call any numbers given in SMSes.
    • Beware of scammers making video calls to you with a bank logo featured in the background and claiming to be working for the bank, leading you to believe the call was from the bank.
    • OCBC employees will never ask you to reveal your PIN/OTP or transfer funds to personal accounts.
    • Call only the Bank’s Personal or Premier Banking hotline: OCBC website > Contact us. Our hotline number can also be found at the back of your debit/credit/ATM card.
    • Never provide your Access Code, PIN, card details or OTP (One-Time Password) to anyone. Do not key such information into unverified webpages.
    • Use only the official OCBC Digital mobile banking app or OCBC Pay Anyone™ app, or go to the OCBC website > Login > Personal Banking.
    • If you are using OCBC OneToken, carefully read the authorisation message sent to you via push notification. Do not provide OCBC OneToken authorisation without knowing the purpose of the transaction or login.
    • Do not transfer money to strangers. When in doubt, get advice from a family member or friend.
    • Read the transaction notification alerts sent from the Bank carefully. Notify us immediately if you find any suspicious transactions.

    To manage your e-Alerts and threshold limits, log in to OCBC Internet Banking > Customer service > Manage e-Alerts.

    Scammers are constantly evolving their scam tactics. To avoid falling prey to scammers, please visit the ScamAlert.sg website to learn more about the tell-tale signs of the different types of scams and the latest scam tactics - such as impersonation scams, investment scams, job scams, love scams, ecommerce scams and identity theft scams.

    Please call our Customer Service Hotline at 6363 3333 (or +65 6363 3333, if you are overseas) for assistance. To report possible fraud, please press 9.

  • Beware: Latest SMS scam directs you to a fake URL

    08 March 2022

    We have received reports from customers who have received SMSes that appear to originate from “OCBC”, but they are not. Please take note of the following:

    • We will never send an SMS to inform you about account closures or being locked out of your account.
    • We will never send you any SMSes or emails with clickable URLs.
    • Use only the official OCBC Digital mobile banking app or OCBC Pay Anyone™ app, or go to the OCBC website > Login > Personal Banking.
    • Do not provide your Access Code, PIN, card details or OTP (One-Time Password) to anyone. Do not key such information into unverified webpages.
    • Beware of SMS scams which direct you to call a fake hotline. If you're ever in doubt, call our hotline directly at 6363 3333 (or +65 6363 3333, if you are overseas). Do not call any numbers provided in the SMS.

    Sample of Phishing SMS that is NOT sent from OCBC Bank:


    Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to them.

    Spot the signs, stop the crimes. Be alert, not a victim.

    This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.

  • Additional security measures on Digital Banking

    03 March 2022

    As additional measures to protect you from scams, we have implemented the following changes for online requests made via our Digital Banking channels:

    Internet Banking / OCBC Digital app / OCBC Pay Anyone™ app

    Online Request New Measures
    Local and overseas fund transfers / Bill payments
    (excluding PayNow, NETS QR and PromptPay PayNow payments*)
    Authorisation limit will be changed to SGD 1,000.

    You will need to use your fully activated OCBC OneToken or hardware token to authorise a transaction when its amount is equal to or above the authorisation limit.
    Change of authorisation limits No longer available via Internet Banking. You will not be able to change these authorisation limits.

    *The authorisation limit for PayNow, NETS QR and PromptPay PayNow transactions remains at SGD 200.

    Internet Banking / OCBC Digital app

    Online Request New Measures
    Add payee
    (OCBC or other banks)
    A cooling period will apply before such key account changes take effect. Please be guided by the on-screen instructions.
    Update email address or contact number
    Increase transaction limit**

    **To update your transaction limit, please log in to Internet Banking > Customer service > Update transaction limits.

    OCBC Pay Anyone™ app

    Online Request New Measures
    Set up/reactivate biometrics login

    OR

    Reinstalling of app by existing biometrics login user
    • Once biometrics login is set up, you will be logged out
    • When you next log in, key in the One-Time Password sent to you via SMS to activate biometrics login
    Updating of the app by existing biometrics login user When you next log in, key in the One-Time Password sent to you via SMS to reactivate biometrics login
    Update email address No longer available
    Manage daily transfer limit

    Read up on frequently asked questions regarding the measures above.

    Protect yourself against scams. We urge our customers to continue to stay vigilant at all times.

    To safeguard your accounts, it is important for you to adopt these security practices:

    • Never click on links in SMSes or emails. Emails and SMSes sent by us will not contain any clickable URLs.
    • Beware of SMS scams which direct you to call a fake hotline. Do not call any numbers given in SMSes.
    • Call only the Bank’s Personal or Premier Banking hotline: OCBC website > Contact us. Our hotline number can also be found at the back of your debit/credit/ATM card.
    • Use only the official OCBC Digital mobile banking app or OCBC Pay Anyone™ app, or go to the OCBC website > Login > Personal Banking.
    • Never provide your Access Code, PIN, card details or OTP (One-Time Password) to anyone. Do not key such information into unverified webpages.
    • If you are using OCBC OneToken, carefully read the authorisation message sent to you via push notification. Do not provide OCBC OneToken authorisation without knowing the purpose of the transaction or login.
    • Do not transfer money to strangers. When in doubt, get advice from a family member or friend.
    • Read the transaction notification alerts sent from the Bank carefully. Notify us immediately if you find any suspicious transactions.

      To manage your e-Alerts threshold limit and daily transaction limits, log in to OCBC Internet Banking > Customer service > Manage e-Alerts or Update transaction limits.

      For more information, visit the OCBC website > Personal banking > Help and Support > Banking > See more.
    • If you have an iOS device, consider downloading the ScamShield app – it blocks unsolicited messages and calls. Visit https://www.scamshield.org.sg/ to find out more.

    Scammers are constantly evolving their scam tactics. To avoid falling prey to scammers, please visit the ScamAlert.sg website to learn more about the tell-tale signs of the different types of scams and the latest scam tactics - such as impersonation scams, investment scams, job scams, love scams, ecommerce scams, and identity theft scams.

  • Beware: Latest scams target the use of Singpass

    24 February 2022 (last updated 02 March 2022)

    The police have issued a media advisory alerting the public to a new type of scam: Getting you to scan Singpass QR codes so the fraudsters can access digital services and take certain actions in your name.

    These scams involve fake surveys, purportedly conducted on behalf of reputable companies or organisations in Singapore, with participants recruited via online forums, e-commerce sites and other such channels.

    Upon completing the survey, the victim is asked to scan a Singpass QR code with his or her Singpass app – supposedly part of a verification process to retrieve the survey result so a monetary reward can be gained. The police warned that these Singpass QR codes were actually screenshots of legitimate websites and that scanning the codes and authorising transactions without further checks will grant the scammers access to certain online services.

    Scammers have misused the access to register businesses, subscribe for new mobile lines or open new bank accounts in the victim’s name. Victims only realised something was amiss when notified of these transactions by their telco or bank, or after receiving notifications in their Singpass Inbox that their personal details had been retrieved.

    To learn more, please read the full police advisory.

    Singpass Mobile can be used to log in to bank accounts, so do keep your Singpass access secure.


    Protect yourself against scams

    • Never scan any Singpass QR codes sent to you by others. OCBC will not send you Singpass QR codes or links to Singpass QR codes via SMS, email or a messaging app.
    • Only scan the Singpass QR code on the official website of the digital service that you want to access or tap on the Singpass QR code on the official app of the digital service.
    • Always use only the official OCBC Digital mobile banking app or OCBC Pay AnyoneTM app. Alternatively, go to the OCBC website > Login > Personal Banking.


      If you log in to OCBC Internet Banking by scanning a Singpass QR code:

      Icon 1 Always check and ensure that the OCBC URL displayed on your Singpass app matches the URL on your browser.
        OCBC URL: internet.ocbc.com
      Icon 2 Ensure that the login or transaction request was initiated by you before you hit the ‘Log In’ button on your Singpass app.

    • Never provide your Access Code, PIN, card details or OTP (One-Time Password) to anyone. Do not key such information into unverified webpages.
    • If you are using OCBC OneToken, carefully read the authorisation message sent to you via push notification. Do not provide OCBC OneToken authorisation without knowing the purpose of the transaction or login.
    • Notify us immediately if you receive notification alerts for transactions that you did not initiate.
    Scammers are constantly evolving their scam tactics. To avoid falling prey to scammers, please visit the ScamAlert SG website to learn more about the tell-tale signs of the different types of scams and the latest scam tactics – such as impersonation scams, investment scams, job scams, love scams, ecommerce scams and identity theft scams.

    This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.

  • Beware of latest SMS scams which direct you to call a fake hotline

    31 January 2022

    Beware of latest SMS scams which direct you to call a fake hotline to resolve an issue with your bank account or credit card.

    Do NOT call any numbers within SMSes or click on any links in SMSes.

    If in doubt, call our official hotline at 6363 3333 (or +65 6363 3333 if you're calling from overseas). Do not call any other numbers or click on any links in SMSes.

    Sample of a scam SMS as follows:


    Always remember:

    • Never provide your Access Code, PIN, card details or OTP (One-Time Password) to anyone or key such information into unverified webpages;
    • To log in, always use OCBC’s official mobile banking apps or go to the OCBC website > Login > Personal Banking (type the URL directly into your browser);
    • OCBC employees will never ask you to reveal your PIN/OTP or transfer funds to personal accounts; and
    • Never click on links in SMSes or emails that claim to be from OCBC

    We have availed a dedicated option for customers calling our hotline – 6363 3333 – to report possible fraud (just press 9).


    Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to them.

    Spot the signs, stop the crimes. Stay vigilant at all times.

    This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.

  • Beware of FAKE OCBC WEBSITES. Do not click on SMS links for login.

    30 December 2021

    Scammers may create SMSes that look like they are from “OCBC”, BUT:

    1. We will never send an SMS to inform you about account closures or being locked out of your account.
    2. We will never send an SMS with a link to reactivate your account.
    3. Don't click on links in SMSes. Use OCBC’s official mobile banking app or type www.ocbc.com directly in your browser.
    4. Don't provide your log-in ID, password or OTPs (One-Time Passwords received via SMS) to anyone, or key these into unverified webpages.
    5. If you're ever in doubt, call our hotline directly at 1800 363 3333 (or +65 6363 3333, if you are overseas). Do not call any numbers provided in the SMS.

    Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to them.

    Spot the signs, stop the crimes. Be alert, not a victim.

    This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.

  • Protect yourself from scams this festive season

    27 December 2021

    With the year-end festivities in full swing, we urge you to remain alert as you browse the online marketplaces and stores for great deals and holiday offers. Do not fall prey to scammers out in full force and armed seemingly with attractive e-commerce deals and impersonation scams.

    Six questions to protect yourself:

    1. Are the deals too good to be true – priced way below market rates and/or disguised as limited-time-only offers?
    2. Did you chance upon these unsolicited offers on unverified third-party sites, or receive them from unfamiliar email addresses or mobile numbers?
    3. Do you feel pressured to make bank transfers to strangers, e.g. as advance fees in return for a benefit?
    4. Has the person claimed to be from a reputable company or government agency; claimed that there are issues with your accounts or payments; or asked for your banking credentials?
    5. Did the seller request to take the conversations off the online shopping platform?
    6. Is there a lack of information on the products with unstated terms and conditions?

    If the answer to any of the above questions is yes, beware. It is likely a scam. Always verify the authenticity of the offers. NEVER reveal your Online Banking login credentials or card details to anyone.

    Read e-Alerts as soon as you receive them; alert us IMMEDIATELY if you spot any suspicious transactions. Manage your e-Alert threshold settings to get notified of transactions: Log in to Internet Banking > Customer service > Manage e-Alerts.

    Identify suspicious transactions:

    1. SMS One-Time Passwords (OTPs) for logging in to OCBC Online Banking

    • Your SMS OTP is like your house key. DO NOT share it with anyone.
    • No employee from banks, government agencies or any other legitimate company should ask you to reveal your OTP.
    • If you did not request to log in to Online Banking, yet receive such an SMS, alert us at once.

       

    • Your SMS OTP is like your house key. DO NOT share it with anyone.
    • No employee from banks, government agencies or any other legitimate company should ask you to reveal your OTP.
    • If you did not request to log in to Online Banking, yet receive such an SMS, alert us at once.

       

    2. Authorisation messages via OCBC OneToken

    • Do not authorise logins or transactions unless YOU are making them.
    • OCBC OneToken allows you to authorise your logins or transactions via the OCBC Digital app on your mobile device.
    • If you are not making such a request, tap the ‘Reject’ button and alert us immediately.

       

    • Do not authorise logins or transactions unless YOU are making them.
    • OCBC OneToken allows you to authorise your logins or transactions via the OCBC Digital app on your mobile device.
    • If you are not making such a request, tap the ‘Reject’ button and alert us immediately.

       

    3. SMS OTPs to authenticate online payments at 3D Secure (3DS) merchants

    • Only authorise transactions where the details are correct – take note of the time, amount and merchant name/payee.
    • When you shop online and pay with a card, you may receive SMSes asking you to authorise payment.
    • If you receive such SMSes but are not making the transactions, alert us at once. A fraudster may have stolen your credentials.

       

    • Only authorise transactions where the details are correct – take note of the time, amount and merchant name/payee.
    • When you shop online and pay with a card, you may receive SMSes asking you to authorise payment.
    • If you receive such SMSes but are not making the transactions, alert us at once. A fraudster may have stolen your credentials.

       

    Other Tips

    • Before you make transactions or enter personal information online, check the link to make sure you are on a legitimate website and not a lookalike.
    • Verify information with official websites and sources before parting with your personal details and money.
    • When making online purchases, insist on cash-on-delivery or use platform’s secure payment options.
    • Always choose to purchase from reputable online platforms and sellers for high-value items.

    Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to them.

    Please call our Customer Service Hotline at 1800 363 3333 (or +65 6363 3333, if you are overseas) for assistance.

    Spot the signs, stop the crimes. Be alert, not a victim.

    This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.

  • Stay vigilant against SMS Phishing Scams

    16 December 2021

    Scammers are constantly trying to steal your money using different methods.

    One method they commonly use is to send you a phishing SMS while impersonating OCBC. They will claim that there are issues with your account/card or that you are eligible for some free gifts. You will then be asked to click on a URL link in the SMS. Thereafter, you will be directed to a fake website, where you will be asked to provide your online banking login details, card details or One-Time Passwords (OTPs).

    Having obtained your banking credentials through the fake website, the scammers will start to make unauthorised transactions on your accounts or credit cards.

    Sample of Fake SMSes

    Tips to protect yourself against such scams

    • DO NOT click on such phishing SMS links. The URL will lead you to a fake website controlled by the scammers. Always type URLs directly into the address bar of the browser.
    • Always read the transaction notification alerts sent by the Bank via SMS, email or push notification – they are our first line of defence. Read them carefully and inform us immediately if the transactions are unauthorised.
    • Always verify any requests that ask for your personal or banking details. DO NOT give your card details or banking credentials to anyone.

    Be vigilant. Protect yourself from scams.

    Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to them.

    Please call our Customer Service Hotline at 1800 363 3333 (or +65 6363 3333, if you are overseas) for assistance.

    This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.

  • BEWARE of SMS phishing scams offering fixed deposit placement

    03 December 2021

    Scammers have been sending SMSes purporting to be sent by OCBC regarding fixed deposit promotions offered by us.

    These SMSes claim that OCBC is offering attractive fixed deposit rates, and will invite the SMS recipient to dial the mobile number provided in the SMS. Once the call is placed, the scammer, claiming to be from OCBC Bank, will ask the recipient to make a funds transfer to another OCBC account on the pretext that it is for the fixed deposit placement.

    NEVER fall for such scams.

    These SMSes or WhatsApp messages are NOT sent by OCBC Bank.

    Sample of SMS:

    When in doubt, you should always call our Customer Service Hotline at 1800 363 3333 (or +65 6363 3333, if you are overseas) to verify or report suspicious messages.

    Tips to protect yourself against such scams

    • DO NOT click on any phishing SMS links. The URL will lead you to a fake website controlled by the scammers. Always type URLs directly into the address bar of the browser.

    • DO NOT transfer money to strangers.

    • DO NOT reveal your Online Banking PIN, One-Time Passwords (OTPs) or Card PIN over the phone or via other means to anyone. OCBC Bank employees will not request you to reveal your PIN and/or OTP.

    • Always read the transaction notification alerts sent by the Bank via SMS, email or push notification – they are our first line of defence. Read them carefully and inform us immediately if the transactions are unauthorised.

    Be vigilant. Protect yourself from scams.

    Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to them.

    This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.

  • Use e-Alerts to safeguard your account

    24 November 2021

    With the rapid rise in online transactions amid the pandemic, scammers are devising ways to lure customers to unwittingly give away their online banking login credentials and card details. This has led to more people falling victim to unauthorised banking and card transactions.

    While the Bank has robust controls in place such as two-factor authentication using one-time passwords (OTPs) to safeguard your transactions, these measures alone cannot eliminate scams entirely.

    We advise you to remain vigilant and take measures to protect yourself.

    How to protect yourself
    Here is what you can do to ensure you are aware of all transactions taking place in your account:

    • Use our e-Alerts as your first line of defence
      Make sure that we have your latest mobile number and email address. This is so that we can send you timely e-Alerts for transactions made using your account.

      You can give us your latest contact details via Internet Banking or our mobile banking app:

        • Via Internet Banking: Customer service > Change personal details
        • Via our app: Log in to OCBC Digital > Menu > Profile & Settings > Update phone number/email

       

    • Set your threshold limit for e-Alerts according to your risk preference
      Tell us how you want to receive e-Alerts (push notifications, emails and/or SMSes) by going to Internet Banking > Customer service > Manage e-Alerts.

      You should also review your threshold limit for e-Alerts to be triggered (the prevailing default threshold limits for card transactions, if you wish to refer to them, can be found at Transaction Alerts page). For instance, if you want us to send you e-Alerts for transactions below S$1,000, you may choose a threshold limit of S$100, S$300 or S$500.

    IMPORTANT:
    We strongly recommend that you do not raise the threshold limit that we have set as default. As transactions below this limit will not trigger any e-Alerts, you may not notice any unauthorised ones in time and subsequently not be able to recover the money. Setting a higher threshold limit would also affect your liability for losses arising from unauthorised transactions. This is as you may be deemed to have not complied with your duty, as a consumer, to opt to receive notifications for payments made using your account.

    To learn how to set threshold limits, please visit our Transaction Alerts page.

    • Always review all e-Alerts
      Always read the e-Alerts carefully and notify us immediately if the transactions are not performed by you.

    Tip : How to check for push notifications
    Open OCBC Digital and look out for the bell icon at the top right corner of the screen. An orange dot beside the bell icon (circled in red in the image) means that we have sent you a notification. This could be a security advisory or an e-Alert.

    To receive your e-Alerts in the form of push notifications, go to Internet Banking > Customer service > Manage e-Alerts

    Noticed any unauthorised transactions? Inform us immediately.

    • Did you receive e-Alerts for transactions which you did not perform such as OneToken activation or deactivation, change of contact details, increase of limits, adding of a beneficiary or funds transfer?

    • Did you reveal your OTP or card PIN to someone or key it into an unknown website?

    Please call our Customer Service Hotline for assistance at 1800 363 3333 (or +65 6363 3333 if you are overseas), or by visiting one of our branches during our opening hours.

    Be vigilant. Protect yourself from scams.
    Never reveal your Online Banking PIN, OTP or card PIN to anyone.

    Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to scams.

    This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.

  • Stay vigilant against SMS Phishing Scams

    10 November 2021

    Scammers are constantly trying to steal your money using different methods.

    One method they commonly use is to send you a phishing SMS while impersonating OCBC. They will claim that there are issues with your account/card or that you are eligible for some free gifts. You will then be asked to click on a URL link in the SMS. Thereafter, you will be directed to a fake website, where you will be asked to provide your online banking login details, card details or One-Time Passwords (OTPs).

    Having obtained your banking credentials through the fake website, the scammers will start to make unauthorised transactions on your accounts or credit cards.

    Sample of Fake SMS and Login Page

    Tips to protect yourself against such scams

    • DO NOT click on such phishing SMS links. The URL will lead you to a fake website controlled by the scammers. Always type URLs directly into the address bar of the browser.
    • Always read the transaction notification alerts sent by the Bank via SMS, email or push notification – they are our first line of defence. Read them carefully and inform us immediately if the transactions are unauthorised.
    • Always verify any requests that ask for your personal or banking details. DO NOT give your card details or banking credentials to anyone.

    Be vigilant. Protect yourself from scams.

    Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to them.

    Please call our Customer Service Hotline at 1800 363 3333 (or +65 6363 3333, if you are overseas) for assistance.

    This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.

  • Beware of job scams

    1 September 2021

    Ever come across online advertisements or phone messages offering part-time jobs with lucrative returns? 

    If it seems too good to be true, it usually is – such advertisements and messages are job scams. Do NOT respond to them or allow your bank accounts to be used by these scammers.


    The following is a common tactic that scammers use in job scams:

    • You are contacted, via social media or messaging apps, and given details of an attractive, commission-based job offer.
    • You are added into a group chat with others supposedly doing the same job. These other ‘job seekers’ will talk about how easy the job is and how quickly money can be made.
    • You are asked to take these steps: Add certain items to your shopping cart on an e-commerce site, take a screenshot of the shopping cart page, then transfer funds to a bank account.
    • You are told that this will help improve sales and are promised a full refund – with an attractive commission to boot.
    • You will be given refunds – with commission – as promised, for the first few purchases. However, you will be asked to pay for increasingly expensive items.
    • You will NOT get your money back after transferring a large sum of money.

         .

    How to protect yourself against job scams

      • Do not accept dubious or unsolicited job offers that offer lucrative returns for little effort.
      • Do not transfer money to people you do not know.
      • Do not disclose your card details, online banking login credentials or One-Time-Passwords (OTPs) to anyone.
      • Ensure that we have your latest contact details.
      • Have us notify you via SMS, email or push notification (e-Alerts) about transactions that took place in your account. Set your e-Alert threshold limits or change your settings via Internet Banking > Customer service > Manage e-Alerts.
      • Always read the e-Alerts carefully and call us immediately if you notice something amiss.
      • If you have an iOS device, consider downloading the ScamShield app – it blocks unsolicited messages and calls. Visit https://www.scamshield.org.sg/ to find out more.

    Be vigilant. Protect yourself from scams.

    Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to scams.

    Please call our Customer Service Hotline at 1800 363 3333 (or +65 6363 3333, if you are overseas) for assistance.


    This message contains links to third-party websites. By accessing any such websites, you agree to our terms of use.

  • Beware of SMS Phishing Scams

    12 July 2021

    There were recent reports of phishing cases where scammers will send you fake SMSes impersonating as OCBC, claiming issues with your account and asking you to click on an URL link.

     

    • DO NOT click on such phishing SMS link. The URL will lead you to a fake website which is controlled by the scammers. It will trick you to provide your online banking login details, card details or one-time passwords (“OTPs”).
    • Be vigilant against such phishing threats which may come in other forms such as emails or voice calls.

     

    Phishing is a way of obtaining confidential information such as one’s banking account details, PIN, OTPs, credit card numbers, user ID or passwords through the Internet, in order to perform unauthorised banking transactions.

     

    How are Phishing scams conducted?

    1. Email and SMS

      • Scammers typically send emails or SMSes impersonating reputable companies, banks or government agencies to victims.
      • These emails and text messages include fake bank notifications, offers, lucky draws, investment schemes or COVID-19 related campaigns to lure recipients into clicking on an URL link.
      • Upon clicking on the URL link, the victim will be redirected to fraudulent or spoofed websites where they are tricked into providing their credit/debit card details, banking credentials, or OTP.

       

      Samples of Phishing SMSes that are NOT sent from OCBC Bank:

      Phishing 1

      Phishing 2

    2. Voice-based Phishing (“Vishing”)

      • Scammers also contact victims and impersonate as government officials, bank officers or technical support staff to trick victims into providing their banking credentials and OTP.
      • These calls could be automated through robocalls, requiring the victims to follow instructions in pressing the number before the scammer picks up the call in-person.
      • Scammers impersonating as technical support staff may request victim to download a remote access software for them to gain control of their computers/laptops/mobile devices.
      • The victims will be directed to provide their banking credentials and OTP and fraudulent transactions will take place.

     

    Tips to protect yourself against such scams

    • DO NOT click on URL links provided in suspicious emails and text messages. Always type the URL of the website directly into the address bar of the browser.
    • Hang up the call if you receive unsolicited calls which are suspicious. When in doubt, please call the official hotline number of the company or government agency.
    • DO NOT divulge confidential information, such as account/login credentials or OTPs over the phone or via other means to anyone. OCBC Bank employees will not request you to reveal your PIN and/or OTP.
    • DO NOT transfer or send money to people you do not know. When in doubt, get advice from a family member or friend.
    • Download the Scam Shield App (only available on iOS devices) which is a mobile app that blocks unsolicited messages and calls. Find out more at https://www.scamshield.org.sg/.

     

    Be vigilant. Protect yourself from scams.

    Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to scams.
    Please call our Customer Service Hotline at 1800 363 3333 (or +65 6363 3333, if you are overseas) for assistance.

  • Beware of job scams on e-commerce platforms

    24 June 2021

    Job scams are on the rise in Singapore — stay vigilant of strangers contacting you with attractive, commission-based job offers on social media or messaging apps.


    Take note of these steps that the scammers may use in job scams:

    Step 1 – Victims are contacted with attractive, commission-based job offers on social media or messaging apps.

    Step 2 – The scammers will urge you to add something from an online shop listed on e-commerce platforms to your cart, take a screenshot and perform a funds transfer to a bank account.

    Step 3 – You would then get the cost of the item back + 10% commission.

    Step 4 – The items will start to be more expensive and you will not get your money back after transferring large amounts to their bank accounts.

    Screenshots of recruitment message (samples)

    Source: Police Advisory On Fake Job Advertisements For E-Commerce Platforms

    Screenshots of messages exchanged between scammer and victim (samples)

    ..
    Source: Police Advisory On Fake Job Advertisements For E-Commerce Platforms

    How to protect yourself

    1. If it is too good to be true, it probably is. DO NOT accept dubious job offers that offer lucrative returns for minimal effort.
    2. Always complete your purchase on the e-commerce platform itself. Avoid making advance payments or direct bank transfers to the seller as this method does not offer you any protection.
    3. Do not disclose your card details, online banking login details or OTP to anyone.

    Be vigilant. Protect yourself from scams.
     
    Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to scams.

    Please call our Customer Service Hotline at 1800 363 3333 (or +65 6363 3333, if you are overseas) for assistance.
  • How likely are you to fall for a scam?

    3 May 2021

    Scammers prey on our lack of vigilance to get us to part with our hard-earned money. When you know how to spot scams, you know how to protect yourself. To find out how savvy are you at spotting the signs of scams, take this quiz by the National Crime Prevention Council.


    According to a recent survey conducted by the Ministry of Home Affairs, victims of scams have these characteristics in common which you should avoid:

    Icon - Security - They do not believe they would fall for scams. They do not believe that they would fall for scams.
    Icon - Security - They think it is alright to share OTP or password with others. They think it is alright to share OTPs or password with others.
    Icon - Security - They are less likely to seek help and support from family and friends. They are less likely to seek help and support from family and friends after being scammed.
    Icon - they act impulsively on seeing a bargain and give in when pressured by others. They act impulsively on seeing a bargain and give in when pressured by others.
    They click on pop-up ads, emails, and links from unknown sources.


    How to protect yourself

    1. DO NOT disclose your card details or online banking login details such as access code, PIN, and OTPs to anyone. OCBC Bank employees will not request you to reveal your PIN and/or OTP.
    2. Always verify any requests that asked for your personal or banking details. 
    3. DO NOT ignore any notifications from the bank. Call us immediately if you did not make a certain transaction or suspect your bank accounts have been compromised.
    4. DO NOT transfer funds or send money to people you do not know. Scammers will always try to create a false sense of urgency. Talk to a family member or friend for advice and support when in doubt.

    Be vigilant. Protect yourself from scams.
     
    Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to scams.

    Please call our Customer Service Hotline at 1800 363 3333 (or +65 6363 3333, if you are overseas) for assistance.
  • Beware of unsolicited messages via SMS and phone calls impersonating as bank employees requesting for your banking details
    6 April 2021

    There is a new SMS scam on the rise targeting bank customers. 
     
    For such cases, the victims would receive a phishing SMS, purporting to be from their bank, alerting them that their bank accounts or ATM/Debit or Credit cards had been “suspended or deactivated,” including a specified phone number to call for assistance. When victims call the phone number, scammers impersonating as bank employees would answer the call, and ask the victims to reveal their personal particulars, online banking login details and One-Time Passwords (OTPs). After providing the details, the victims would subsequently discover that unauthorised transactions were made from their bank accounts or cards.
     
    Here are two samples of the phishing SMS: 

    Note: These phishing SMSes are not sent from OCBC Bank.

    Beware of such unsolicited messages or calls from persons impersonating as employees from OCBC Bank.
     
    Do adopt the following measures to prevent your bank accounts from being compromised:
    • Never disclose your online banking login details such as access code, PIN, and OTPs to anyone. OCBC Bank employees will not request you to reveal your PIN and/or OTP.
    • Do not respond to or authorise any authentication requests (through your OneToken or hardware token) if you did not initiate any online banking transaction. 
    • If you receive a suspicious message or call purporting to be from OCBC Bank, do not call the number provided in the SMS. Please call our Customer Service hotline at 1800 363 3333 to verify the authenticity of the request. 
    Be vigilant. Protect yourself from scams.
     
    Visit ScamAlert.sg to learn more about scams and how to avoid falling prey to scams.

    Please call our Customer Service Hotline at 1800 363 3333 (or +65 6363 3333, if you are overseas) for assistance.
  • Beware of scams. DO NOT give your OTP to anyone.

    16 December 2020


    “Is he who he claims to be?”
    – Always pause and ask yourself, before you act.

    In this growing digitalised world, countless number of imposters and scammers are going on various types of platforms with more sophisticated scam methods, making it harder for consumers to know what and who is real and what and who is not. Scammers have devised many ways to lure their victims – these can happen anytime, anywhere.

    The best way to protect yourself? Follow this golden rule:

    DO NOT give your One-Time Password (OTP) to anyone or provide OneToken authorisation without knowing what the transaction is being used for.

     

    These are some of the common methods that the imposters and scammers have been using:

    • Are you receiving any messages from your ‘friends’ via social media, asking for your credit card or bank details, or any urgent money transfer? Be mindful, as these messages may not be from your actual friends. Online scammers and hackers may hack into your friends’ social media accounts and use their social media accounts to lure you into their traps. You should always verify with your friends or family members.
    • Automated calls claiming to be from government agencies, reputable companies, police or banks may not be from who you think he/she is from. Imposters may claim to be government officials such as personnel from the Customs or even from Ministry of Health for contact tracing matters for COVID-19. DO NOT give any personal banking information to the imposters. To check if the calls are legitimate, please call the official hotline number of the authorities or the companies.
    • Tech support calls, emails or SMSes claiming to be from Telcos or government agencies, alleging that your computers/mobile devices are having technical or internet issues and hence, requesting you to download certain applications or providing them with remote access to your computers/devices to resolve the issue. This will result in your banking details being stolen. DO NOT fall for this trick.
    • Investment schemes, where scammers offer quick, get-rich investment plans with unbelievably high returns, are usually dubious. They may take advantage of current unstable economic situations to lure the public that are looking for ways to grow their money.
    • Unsolicited messages that offer rapid approval of cash loans may require you to send your bank details prior to lending of the cash. The scammers may even request for a transfer of money before approving and granting you the loans. This could be a way to get your money and your account number for their further fraudulent activities.
    • New friend that you have met online? He/she may not be who you think he/she is. They may portray themselves with attractive photos and friendly personalities. Once they have gained your trust, they will start to ask you to transfer money to them using various excuses such as in financial difficulties or emergency situations. Be aware that they may be imposters and scammers.
    • Online deals that are too good to be true should be dealt with care. Year-end season is here now, and scammers may be approaching the public with attractive deals that are too good to be true, in celebration of Christmas, New Year, and Chinese New Year. Scammers may be attempting to steal your card details, and even your Internet Banking Access Code, PIN and OTP. DO NOT give your OTP to anyone or provide OneToken authorisation without knowing what the transaction is being used for.

    Do not be the next victim. Always remember:

    1. Your OTP is like your house key. DO NOT give it out to anyone.
    2. Transaction notifications sent by us are like an alarm that has been triggered. Read them carefully and inform us at once if the transactions are unauthorised.
    3. Verify any requests that ask for your personal or banking details.
    4. DO NOT transfer funds or send money to people you do not know.

     

    Be vigilant. Protect yourself from scams.

    Please call our customer service hotline at 1800 363 3333 (or +65 6363 3333 if overseas) if you need help.

    Learn more about online scams at www.scamalert.sg.

     

  • Spot the signs. Stop the scams.
    30 September 2020

    "I don’t think I will ever be a victim of scams." This is what many people think.

    This false sense of security is dangerous and not helpful in the fight against scams. Online scams are on the rise and it can happen anywhere, anytime to anybody. This makes constant vigilance even more important now as scammers have developed various creative ways to scam their victims. The best way to protect yourself is knowing how to identify scams.

    Learn how to spot these tell-tale signs of scams – the first step towards protecting yourself:

    • Automated calls or unsolicited phone calls claiming to be from banks, police, government agencies or reputable companies, such as telecommunications companies. Scammers disguise themselves as employees or officials on the pretext of checking your computers/mobile devices, internet connection or even pretending to be government officials, such as contact tracers from Ministry of Health. They will ask you for your bank account number, bank PIN and password. Do not give it to them. If you receive such a call, please hang up. If you are still not sure if it is real, call the official hotline number of the company or government agency.

    • Unsolicited messages offering quick loans promising fast access to cash loans and may require you to first send over some money to the person/company before they grant you the loan. Ignore and do not reply to such loan offers. DO NOT give out your banking credentials. DO NOT send over funds to unknown parties.

    • An attractive person you befriended online asking you for financial help or to join an investment website. Always verify the source and validate the legitimacy of the request.

    • Online deals with attractive prices that are too good to be true, especially during online sales spree periods such as the Oct 10.10 sales, Nov 11.11 sales and year-end sales. Always exercise caution when making online purchases, especially if you are making online transfers or payments.  Scammers may also try to steal your credit/debit card number, CVV, PIN or One-Time Password. Do not reveal such card details to anyone or key them into unverified websites.    

    • Dubious investment schemes offering quick, get-rich investment plans with high returns that are too good to be true. Scammers may take advantage of the current economic situation to entice you to first transfer money over to them in order to participate in quick get-rich programmes. Do not fall for them.

    • Impersonation - A private message from a “friend” or “family member” received via Facebook or Instagram asking for your credit card, internet banking details and One-Time Password (OTP) to participate in a lucky draw or asking you to transfer money due to an emergency. You should always verify the source and legitimacy of such requests.


    Scam Alert - Beware of online charmers  Scam Alert - Beware of Hot Deals


    Ways to protect yourself
     

    • DO NOT give out your OTPs to anyone!
      They are like the keys to your house.
    • Always read the transaction notification alerts sent by the Bank via SMS, emails or push notifications. They are like a ringing alarm. Read them carefully and inform us quickly if the transactions are unauthorised. Set up your e-Alerts by logging into Digital Banking > Customer Service > Manage your e-Alerts.
    • Always verify any requests that asked for your personal or banking details.
      DO NOT give your card details or banking credentials to anyone.
    • Do not transfer funds or remit money to unknown parties.
      Scammers will always try to create a false sense of urgency. Do not be pressurised into making FAST transfers, PayNow transfers or telegraphic transfers to unknown parties. Always verify the source and legitimacy of such requests. When in doubt, always check with the Bank. 


    Look out for the above tell-tale signs. When you know how to spot scams, you know how to protect yourself.

    Call our customer hotline at +65 6363 3333 if you need help.

    Learn more about online scams at www.scamalert.sg.

  • Stay vigilant against new COVID-19 scams
    20 April 2020

    Impersonation Scams
    Scammers are pretending to be government officials from Ministry of Health. They disguise themselves as contact tracers and will ask you for your bank account number, bank PIN and password. Do not give it to them. Bank information is NOT needed for contact tracing. If you receive such a call, please hang up. If you are still not sure if it is real, call the official government agency hotline number (MOH hotline at 1800-333-9999).  

    Phishing emails or SMSes
    Cybercriminals are sending out phishing emails under the names of trusted organisations like Apple and SIA. The subject headers are hot topics about COVID-19. Do not open the attachments or links in the emails. Once you do that, a malware will be planted in your computer. Even if there are no attachments, the emails will direct you to websites to trick you to disclose sensitive information like your bank account number, bank PIN and password.

    Malicious Websites and Applications
    Cybercriminals are sending out links to websites that claim to be COVID-19 related. They offer to provide situation maps, facilitate self-health checks, or with services for online communications for telecommuting. These sites are dangerous and can spread malware. Visitors to the malicious sites may be asked to download software that claims to help monitor the COVID-19 situation, but is in fact a Trojan, ransomware or spyware.

    Cyber Threats Targeting Technology for Remote Working Arrangements
    Video-teleconferencing (VTC) platforms have been hijacked to steal user credentials, or to gain access to your microphone and webcam. Do ensure robust controls are in place for your work from home access, or else your systems and networks can be compromised. Stay protected by using strong passwords and Wi-Fi Protected Access (WPA). Do not click on phishing emails and malicious websites.

    Loans Scams impersonating OCBC
    Scammers have sent SMS and WhatsApp messages impersonating OCBC to offer loans packages. These SMSes appear to come from "OCBCPROMO". Do not reply to these messages or call the number in the text. OCBC does not send SMSes to ‘sell’ loans. If you need financing, call us. This is an impersonation account from an unlicensed money lender and has been reported to the police. Scammers may use caller ID spoofing technology to display the bank’s number or logo, especially on Viber and WhatsApp. Always call our official hotline at 1800 363 3333 if you need help.
  • Stay vigilant against scams that use COVID-19 as bait
    18 March 2020
    Threat: Covid-19 Scams
    Severity: Medium 


    In light of the heightened situation around coronavirus (COVID-19), scammers will be looking to take advantage by stealing your money. As you take steps to protect yourself from COVID-19, it is also important to remain vigilant against scams such as:

    Impersonation scams: Scammers may impersonate as government officials (e.g. the Ministry of Health) or police officers to request for your personal and financial information on the pretext of contact tracing

    Phishing emails or SMSes: Scammers may send phishing emails or SMSes claiming to contain important COVID-19 updates. Their aim is to trick you into opening attachments containing malware or to click on a weblink to provide your online banking information.

    Ecommerce Scams: Scammers may prey on people who are looking online to buy medical supplies (e.g. surgical masks, hand sanitisers), and attempt to defraud them while they are at their most susceptible.

    How to protect yourself

    Rule number one: Do NOT reveal your One-Time Password (OTP) to anyone, or provide OneToken authorisation without knowing the intended purpose.

    It is also essential that you:
    • Remain calm if you receive calls from the government agencies or police. You can call the government agency hotline number (e.g. Ministry of Health General Hotline at 6325 9220) to verify the authenticity of the phone call.
    • Do not click on links or open attachments found in suspicious looking emails or SMSes. Always type our URL: https://www.ocbc.com/login into the browser’s address bar or download the OCBC Mobile Banking app via the App Store or Google Play.
    • Always check the credibility of the sellers by reading reviews of their services. If advance payments are required, use shopping platforms that provide arrangements to release payment to the seller only upon receipt of the item. When in doubt, purchase only from reputable sellers.
    What you should do:

    Please call us immediately at 1800 363 3333 (or +65 6363 3333 when calling from overseas) if you notice or receive:
    • SMS transaction alerts or email notifications for transactions you did not initiate or perform.
    • Any compromise or loss of your security device or security details.
    • Alerts on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.
    For more information on scams, please visit www.scamalert.sg.
  • Beware of unsolicited phone calls asking you to download or install any apps or programs on your desktop or mobile phone
    13 November 2019
    Threat: Impersonation Scam
    Severity: High

    There has been an increase in scams impersonating helpdesk support staff from telecommunication companies, IT firms or law enforcement agencies. The callers will claim that the victim’s PC or mobile device is in need of a software upgrade as it are vulnerable to online security risks. The callers will also claim that the victim has a criminal offense and they required access to their PC or mobile device to assist in supposedly ‘confidential’ investigations.

    Victims may be asked to download a program or to input several commands onto their PC or mobile device. Once this is done, the victims’ PC or mobile device will be taken control by the fraudster. Subsequently, the victims’ will be directed to provide their login credentials or credit card information. Fraudulent transactions will then take place.

    To avoid unauthorised access to your account or falling victim to such scams, please stay vigilant and take the necessary precaution to protect yourself.

    How to protect yourself:

    • Ignore calls from unsolicited callers. Scammers may use Caller ID spoofing technology to mask their actual phone numbers and display a different number.
    • Never follow the caller's instructions to install software or type commands onto your computer.
    • Be wary of any unsolicited phone call or pop-up message on your device. Security pop-up warnings from real tech companies will never ask you to call a phone number.
    • Never disclose to anyone, or key in your personal banking details such as ATM/credit/debit card numbers, their PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
    • Be wary and read the instructions on the push notifications before confirming the transactions if you are using the OneToken.
    • Never reveal the OTP from SMS, hardware or OneToken to anyone.
    • Do not transfer funds to any unknown parties.

    For more information on such scams, please visit www.scamalert.sg/scam-details/software-update-scam

    What you should do

    Please call us immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if you notice/receive:

    • any unusual/unauthorised transactions such as receiving funds you did not expect, SMS transaction alerts or email notifications for transactions you did not initiate,
    • any compromise or loss of your security device or security details.
    • SMS messages or emails for transactions which you did not perform.
    • alerts on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of unsolicited phone calls asking you to withdraw funds from your account or provide personal or banking information
    23 December 2019
    Threat: Impersonation Scam
    Severity: Medium

    Updated as of 23 December 2019

    There has been a resurgence in scams involving Mandarin-speaking callers pretending to be police officers informing you that you are involved in criminal activities.

    To avoid being prosecuted by the law, they may instruct you to:

    • provide your banking details such as ATM card, credit card, debit card and Personal Identification Number (PIN), Online Banking Access Code, PIN and One-Time Password (OTP)
    • apply for Internet banking services and a hardware token
    • and from time to time provide them the OTP generated from the token to update them on your whereabouts or location.

    In some instances, you may find unexplained sum of money in your account. The caller will instruct you to withdraw these monies and hand them to a third party (purported to be a police officer) who will meet you at a selected location.

    To avoid unauthorised access to your account or falling victim to such scams, please stay vigilant and take the necessary precaution to protect yourself.

    How to protect yourself:

    • Be wary or ignore callers claiming to be police officers or government officials.
    • If there are unexplained money in your account, do not attempt to withdraw the money for your own use or pass it to anyone. You should inform us and lodge a police report immediately.
    • Never reveal to anyone, or key in your personal banking details such as ATM/credit/debit card numbers, their PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
    • Never generate the OTP from your hardware token and reveal the OTP to anyone.
    • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
    • OCBC Bank staff will never ask you for your OCBC Online Banking PIN or OTP over the phone.
    • Call us immediately if you detect any suspicious alerts or transactions not performed by you.
    • Ignore calls from unsolicited callers. Scammers may use Caller ID spoofing technology to mask their actual phone numbers and display a different number.
    • Update us immediately when there is a change in your contact details such as mobile number or email address.

    For more information on such scams, please visit: www.scamalert.sg/types-of-scams/impersonation-scam

    What you should do

    If you notice any unusual/unauthorised transactions such as receiving funds you did not expect, SMS transaction alerts or email notifications for transactions you did not initiate, please call us immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas).

    Learn more about Phishing, Malware and Online Banking security.

  • Customers using Samsung Galaxy S10/10+, Note 10/10+ 5G devices are advised to temporarily disable fingerprint authentication due to an issue found with Samsung’s fingerprint sensor
    19 October 2019
    Threat: Data security
    Severity: Medium

    Updated as of 25 October 2019

    Customers of affected mobile phones will receive a system notification message to update the fingerprint software. Please restart the phone once the update is complete. For more information about the update from Samsung, please click here.

    Original security advisory:

    Customers utilising Samsung's fingerprint authentication are advised to use alternative methods such as passwords or Pin until a fix has been issued to prevent unauthorised access to their OCBC Digital app and Pay Anyone™ app.

    Owners of the affected models are advised to disable fingerprint authentication until a fix is released by Samsung.

    To disable fingerprint login:

    • Log in to OCBC Digital app > Open the side menu > Select Settings > Deactivate OCBC OneTouch™ > Confirm
    • Log in to OCBC Pay Anyone™ app > Open the side menu > Select Settings > toggle off the Login with OCBC OneTouch™

    Reference:

    https://news.samsung.com/global/statement-on-fingerprint-recognition-issue

    How to protect yourself:

    • Verify the transaction details in the SMS message, ensure that it is for the transaction that you are authorising before using the associated OTP. Inform the Bank immediately if the transaction is suspicious.
    • Ensure the OTP is keyed in the correct bank’s mobile application or website. Do not reveal the OTP to anyone.
    • The Bank will not make unsolicited requests for your banking details. Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, Online Banking Access Code, PIN/OTP into mobile applications or websites that you are not sure of.
    • Be on the alert for suspicious emails/SMS messages and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. Inform the Bank immediately if the transaction is suspicious.
    • Stay vigilant before clicking on any links embedded in the SMS messages or emails.
    • Always type the URL of the website directly into the address bar of the browser.
    • Inform the Bank immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.
    • Do not transfer funds to any unknown parties.

    What you should do

    Please call the Bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details.
    • You received a SMS message or email for transactions which you did not perform.
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of emails that may direct you to phishing webpages asking for your online banking credentials
    22 February 2019
    Threat: Phishing alert
    Severity: Medium

    There has been an increase in phishing emails received by our customers claiming to be from OCBC, such as a recent one requesting customers to register for a new authentication login for online banking.

    These emails contain a hyperlink directing you to a phishing website, which will require you to provide your personal or banking details. For example, full name, NRIC/ passport numbers, Bank account numbers, card numbers, expiry date, CVV number, Personal Identification Number (PIN), One Time Password (OTP) and even in some instances to provide the OTP generated from their hardware token. Once this is done, fraudulent transactions may be effected from your accounts.

    We advise you to stay vigilant and take the necessary precautions to protect yourself.

    Sample of a phishing email

    How to protect yourself:

    • OCBC will not request for your confidential information (e.g. PIN or OTP) through email, SMS or voice conversation.
    • Do not respond to unsolicited emails or SMS messages requesting for personal/banking credentials (e.g. NRIC/ passport numbers, address, emails, access code, PIN or OTP) or credit/debit/ATM cards details (e.g. card number, expiration date, CVV number, PIN).
    • Stay vigilant before clicking on any links embedded in the SMS messages or emails. Always type the URL of the website directly into the address bar of the browser.
    • Do not transfer funds to any unknown parties.
    • Always read the entire SMS alerts sent to your mobile phone for your transactions carefully. Inform the Bank immediately if you find the transaction suspicious.
    • Inform the Bank immediately when there is a change in your contact details such as mobile number or email address.

    What you should do:

    Please call the Bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You notice any suspected fraud or transactions which are suspicious or not performed by you.
    • There is any compromise or loss of your security device or security details.
    • You received a SMS message or email for transactions which you did not perform.
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of emails that may direct you to phishing webpages asking for your credentials
    19 December 2018
    Threat: Phishing alert
    Severity: Medium

    Avoid getting an unwanted surprise this holiday season. There has been an increase in phishing emails purporting to be from OCBC. These emails may contain hyperlinks directing you to a non-OCBC website that requires you to provide your credit/debit/ATM cards details such as card number, expiration date, CVV number or Personal Identification Number (PIN), or online banking login credentials such as Access Code, PIN or One Time Password (OTP). This may result in unauthorised access to your bank accounts. Exercise vigilance during the holiday season and be mindful not to respond to such unsolicited requests.

    Sample of a phishing email

    Sample of a phishing webpage

    How to protect yourself:

    • OCBC will not request for your PIN or OTP through voice conversation, SMS or email.
    • Do not respond to unsolicited SMS or emails requesting for credit/debit/ATM cards details (e.g. card number, expiration date, CVV number, PIN), or online banking credentials.
    • Stay vigilant before clicking on any links embedded in the SMS messages or emails. Always type the URL of the website directly into the address bar of the browser.
    • Do not transfer funds to any unknown parties.
    • Always read the SMS alerts sent to your mobile phone for your transactions carefully. Inform the Bank immediately if the transaction is suspicious.
    • Inform the Bank immediately when there is a change in your contact details such as mobile number or email address.

    What you should do:

    Please call the Bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details.
    • You received a SMS message or email for transactions which you did not perform.
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • For iOS version 12 users - How to safely use the Security Code Autofill suggestion for One-Time Password (OTP)
    1 November 2018
    Threat: Autofill input of OTP resulting in unauthorised transaction
    Severity: Medium

    Apple has introduced a new feature, Security Code Autofill, in iOS version 12. As shown in the diagrams below, this feature enables mobile devices to scan incoming Short Message Server (SMS) messages for One-Time-Password (OTP) and automatically display it as an AutoFill suggestion in the Quick Type bar above the virtual keyboard. You will only need to tap on the OTP to input it in the OTP field of an application or website instead of keying it manually.

    While this new feature may enhance user experience, please continue to stay vigilant and adopt the following safe practices when you perform online banking transactions:

    • Verify the transaction details in the SMS message, ensure that it is for the transaction that you are authorising before using the associated OTP. Inform the Bank immediately if the transaction is suspicious.
    • Ensure the OTP is keyed in the correct bank’s mobile application or website. Do not reveal the OTP to anyone.
    • The Bank will not make unsolicited requests for your banking details. Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, Online Banking Access Code, PIN/OTP into mobile applications or websites that you are not sure of.
    • Be on the alert for suspicious emails/SMS messages and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. Inform the Bank immediately if the transaction is suspicious.
    • Stay vigilant before clicking on any links embedded in the SMS messages or emails.
    • Always type the URL of the website directly into the address bar of the browser.
    • Inform the Bank immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.
    • Do not transfer funds to any unknown parties.

    What you should do:

    Please call the Bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details.
    • You received a SMS message or email for transactions which you did not perform.
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • SMS Phishing Scam
    24 August 2018
    Threat: Phishing alert
    Severity: High

    Recently, fraudsters have been sending SMSes and emails that appear to originate from OCBC, informing you to check out a new investment program.

    It claims that OCBC has announced new software that will make you a millionaire, while others tell you some miraculous software will let you “quit your job in 30 days”.

    These are NOT sent by OCBC Bank.

    If you know of friends and loved ones who have been tempted to click on the links provided in these SMSes and emails, please tell them not to. While we work hard to help our customers succeed, we certainly don’t believe in “Get rich quick” approaches.

    SMS Samples

    Sample of website after clicking the link:

    We would like to advise the public that under no circumstances will OCBC Bank make unsolicited requests through e-mail, SMSes, and phone calls that request for the following:

    • Personal details
    • Financial details
    • Bank account details
    • Credit/debit details
    • Logging into your Internet banking account
    • Verifying your account validity
    • PIN/Password

    How to protect yourself:

    • Be on the alert for suspicious emails / SMSes and websites or mobile messages, purporting to be from the Bank aking for your OCBC Online Banking login credentials such as PIN/OTP etc. You should report these immediately by contacting us.
    • Stay vigilant before clicking on any links embedded in the SMS or emails.
    • Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
    • Always type the URL of the website directly into the address bar of the browser.
    • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
    • Update us immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.
    • Do not transfer funds to any unknown parties.

    What you should do:

    Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
    • You received an SMS or email alert for transactions which you did not perform; or
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of SMS that may direct you to phishing webpages asking for your credentials
    6 August 2018
    Threat: Phishing alert
    Severity: Medium

    Fraudsters have been sending SMS containing hyperlinks targeting OCBC customers. Upon clicking on the hyperlink, you will be directed to a page requesting for your Online Banking Access Code, PIN, credit or debit card numbers, expiration date and 3-digit CVV number on the back of your card. The websites are intended to trick you to revealing your personal information and use it for unauthorised transactions on your accounts or credit cards.

    Fraudsters may spoof SMS or emails to give the appearance that they originate from OCBC. All mobile device will list the spoofed SMS in the same thread with those sent under the bank.

    Please stay vigilant and take the necessary precautions.

    How to protect yourself:

    • Always type the URL of the website directly into the address bar of the browser.
    • OCBC Bank will not make unsolicited requests for your personal or banking details (e.g., credit/ debit card information or login credentials) through channels such as emails or SMS. Inform the Bank immediately if such requests are received
    • Do not reveal any personal or banking details (e.g., ATM/ Credit/ Debit Card numbers, login credentials, OTP) into suspicious websites or mobile apps.
    • Always read SMS alerts for your transaction details carefully.
    • Inform the Bank whenever contact details or mailing address get updated.

    What you should do :

    Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you;
    • If any of your credit or atm cards, banking login credentials or security devices have been lost or compromised;
    • You received an SMS or email alert for transactions which you did not perform; or
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of unsolicited calls, emails or SMS asking for your personal or banking information or credentials
    23 July 2018
    Threat: Phishing alert
    Severity: Medium

    Last week, SingHealth reported a data breach where patients’ data such as names, NRIC numbers, addresses and date of birth were stolen. The stolen information may be used by syndicates to conduct social engineering and phishing scams. They may use the stolen information to trick victims to believe these scams are real.

    Please be reminded to stay vigilant when you receive calls, emails and SMS from unfamiliar or unsolicited sources asking for your personal particulars, banking information and credentials.

    Please stay vigilant and take the necessary precautions.

    How to protect yourself:

    • Be on the alert for suspicious emails / SMS and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. You should report these immediately by contacting us.
    • OCBC Bank will not make unsolicited requests for your personal, financial, bank account or credit/debit card information, or unsolicited requests that you log in and verify account validity, through e-mail, mobile messages or on phone unless you have initiated the contact. Under no circumstances will the Bank ask you to reveal your PIN/Password.
    • Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
    • Stay vigilant before clicking on any links embedded in the SMSes or emails.
    • Always type the URL of the website directly into the address bar of the browser.
    • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
    • Update us immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.

    What you should do

    Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
    • You received an SMS or email alert for transactions which you did not perform; or
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of SMS linking to phishing websites asking for your credentials
    13 June 2018
    Threat: Phishing alert
    Severity: Medium

    The SMS may contain hyperlinks which redirect you to a webpage requesting for your Online Banking Access Code, PIN, ATM or credit card numbers, expiration date and even the 3-digit CVV number on the back of your card.

    The websites are intended to steal your information and use it for unauthorised transactions on your accounts or credit cards.

    Please stay vigilant and take the necessary precautions.

    How to protect yourself:

    • Always type the URL of the website directly into the address bar of the browser.
    • Stay vigilant before clicking on any links embedded in the SMSes or emails.
    • Be on the alert for suspicious emails / SMS and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. You should report these immediately by contacting us.
    • OCBC Bank will not make unsolicited requests for your personal, financial, bank account or credit/debit card information, or unsolicited requests that you log in and verify account validity, through e-mail, mobile messages or on phone unless you have initiated the contact. Under no circumstances will the Bank ask you to reveal your PIN/Password.
    • Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
    • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
    • Update us immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.

    What you should do

    Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
    • You received an SMS or email alert for transactions which you did not perform; or
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of emails linking to websites asking for your personal information
    7 May 2018
    Threat: Phishing alert
    Severity: Medium

    There has been an increase in phishing emails received by our customers on their accounts being placed on hold and were requested to confirm their card details.

    These emails may contain hyperlink(s) directing customers to a phishing website which will require customers to provide their personal / banking / card details. For example, full name, NRIC/ passport numbers, Bank account numbers, card numbers, expiry date, CVV number, Personal Identification Number (PIN), One Time Password (OTP) and even in some instances to provide the OTP generated from their hardware token. Once this is done, fraudulent transactions may be effected from your accounts.

    Example of phishing email

    To avoid any unauthorised access to your bank account(s) or transactions on your cards, please be mindful to never enter such information on to links to websites sent via emails. We advise you to stay vigilant and take the necessary precautions to protect yourself.

    How to protect yourself:

    • Be on the alert for suspicious emails and websites or mobile messages, purporting to be from the Bank asking for your OCBC Online Banking login credentials such as PIN/OTP etc. You should report these immediately by contacting us.
    • OCBC Bank will not make unsolicited requests for your personal, financial, bank account or credit/debit card information, or unsolicited requests that you log in and verify account validity, through e-mail, mobile messages or on phone unless you have initiated the contact. Under no circumstances will the Bank ask you to reveal your PIN/Password.
    • Be mindful not to reveal your personal or banking details such as ATM/Credit/Debit Card numbers, PINs, Online Banking Access Code, PIN and OTP into websites or mobile apps.
    • Always read the SMS alerts sent to your mobile phone for your transactions carefully.
    • Update us immediately when there is a change in your contact details such as mobile number or email address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities.

    What you should do

    Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
    • You received a SMS or an e-mail alert for transactions which you did not perform; or
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

  • Beware of emails or SMS linking to websites asking for your personal information
    17 January 2018
    Threat: Phishing alert
    Severity: Medium

    Reports on phishing attacks had increased over the last few weeks. Generally, phishing attacks use emails or SMS (purportedly from a trusted organisation such as OCBC) with links to fictitious websites or to download apps. Such emails or SMS typically use fear tactics and may threaten to disable an account or delay services until you update certain information.

    Example of phishing email and sms

    The links will direct you to a website or app that looks legit, as below. The intent is to gain unauthorised access to your bank accounts once you provide the information they request for such as:

    • Personal information - NRIC/ passport number, mailing address, email address
    • Banking credentials - bank account numbers, card numbers, expiry date, CVV number, Personal Identification Number (PIN), One Time Password (OTP) and in some instances to provide the OTP generated from your hardware token.
    Example of how a phishing website or app login may look like

    How to protect yourself:

    • Know that OCBC Bank will not make unsolicited requests for your personal, financial, bank account or credit/debit card information, or unsolicited requests that you log in and verify account validity, through e-mail, mobile messages or on phone unless you have initiated the contact. Under no circumstances will the Bank ask you to reveal your PIN/Password.
    • Do not use links in an email or instant message to connect to the Bank's website unless you are certain they are authentic. If you need to get to the Bank’s webpage, open your browser and type the URL directly into the address bar.
    • Do not respond to emails asking for confidential information, e.g: your financial or personal information. Phishers like to use fear tactics and may threaten to disable an account or delay services until you update certain information.
    • Never reveal to anyone or key in your personal banking details such as ATM, Credit Card Numbers, their PINs, Online Banking Access codes, PIN and OTP into websites or mobile apps.
    • Beware of anyone who may request that you install software on your device.
    • Always ensure that you download information or apps from official source only.
    • Protect your computer with firewall, spam filters, anti-virus and anti-spyware software. Ensure you are getting the most up-to-date software and update them regularly to ensure that you are protected against new viruses and spyware.
    • Always keep your contact information with the bank updated so that we may send you:
      • Instant alerts on transactions performed on your bank accounts.
      • Instant notifications on account activities such as adding a beneficiary or change of contact particulars
    • Always read the SMS alerts sent to your mobile phone for your transactions carefully.

    What you should do

    Please call the bank immediately at 1800 363 3333 or +65 6363 3333 (when calling from overseas) if:

    • You are aware of any suspected fraud or transactions not performed by you including any compromise or loss of your security device or security details; or
    • You received a SMS or an e-mail alert for transactions which you did not perform; or
    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform.

    Learn more about Phishing, Malware and Online Banking security.

Important notices

The above is for general information only and provided solely as a convenience to you. No representation or warranty (whether on adequacy or usefulness or otherwise) is given by OCBC. You confirm that you are responsible for the security of your computer and mobile devices and OCBC assumes no responsibility to you in relation thereto. We refer you to our online banking safe security practices at Safeguarding Your Online Banking Access. Your usage of our OCBC Online Banking Service is subject at all times to the terms and conditions governing Electronic Banking and the terms and conditions governing Deposit Accounts.