Safeguard your transactions at your fingertips
Malware Threats
Learn to safeguard your financial data against malware attacks
Malware is a type of malicious software that cybercriminals use to infect their targets’ computers and mobile devices to perform criminal activities.
Once the device is infected, a cybercriminal may steal confidential data such as login credentials (including online banking access code, PIN and One-Time-Password (OTP) or Organisation ID, User ID, and Password) and use these details to conduct fraudulent money transfers from the victim's account. Others may gain remote control over the compromised device, spy on a person’s online activities, and/or perform other criminal acts like monetary transactions and fraud without the victim's knowledge or consent.
Understanding the different types of malware and how they work can help to protect your devices from threats.
Computer Virus
Capable of infecting a computer system or network, a computer virus can spread by replicating itself throughout a network – just like biological viruses. It attaches to existing programmes, which can then infect other programmes and files when a user executes it. Viruses can steal sensitive information, delete or modify files, and even launch attacks on other systems.
Ransomware
Ransomware is a type of malware used to encrypt personal files on a device or its operational system, locking the user out of their files or device. This results in the victim losing access to important and often confidential data or disruption to their business operations. Attackers will then threaten to publish the victim's data or permanently block their access unless a ransom is paid off (often in cryptocurrency) to restore access.
Spyware
Designed to collect information from a device without the user's knowledge or consent, spyware can be used to monitor a person’s online activities and steal sensitive information such as your login credentials and credit card information.
It can be installed on a device through various methods, such as clicking on a malicious link or email attachment, installing infected software or visiting a compromised website.
Scareware
Scareware, often disseminated via pop-up ads, is designed to trick users into believing that their device has been infected with malware and then duped to download or purchase malicious (but useless) software to fix the supposed issue.
In some cases, victims will be asked to enter their credit card details or other sensitive personal information when downloading the fake software, which criminals will then use for fraudulent purposes. Other times, the fake software is simply a way for criminals to install other types of malware into a victim's device.
Adware/Malvertising
Adware is designed to display advertisements on a user's device, typically in the form of pop-up ads, banners, etc. It can track a user's browsing behaviour and collect personal data about their online activities for targeted advertising purposes.
On the other hand, malvertising refers to the distribution of malware through online advertising platforms. They are often designed to look like legitimate ads, and can be used to direct users to phishing sites or other malicious websites.
Trojan
Short for Trojan horse, a Trojan is a type of malware that is often disguised as a legitimate programme or file, and may be distributed through phishing emails or software downloads. Once it’s downloaded, it can perform a variety of malicious activities, such as stealing financial information or installing additional malware.
From deceptive bargains to bogus QR codes, here are some malware-related scams to take note of.
Suspicious downloads on Android
Victims may come across favourable deals and be lured into contacting these fraudulent businesses through their social media or messaging platforms (e.g., WhatsApp). Subsequently, they will be sent a URL to download an Android Package Kit (APK) file which contains malware, potentially allowing scammers to access their devices remotely and steal their personal information and banking credentials.
Be sceptical of advertisements with exaggerated claims that seem too good to be true, and avoid downloading any dubious applications on your devices.
Malicious QR codes
As businesses increasingly adopt the use of QR codes, scammers are finding new ways to exploit the technology by pasting manipulated QR codes near authorised scan-to-pay signs in public spaces, such as shops and restaurants. Victims are then duped into scanning these codes, unknowingly downloading malware-infected apps that steal confidential and sensitive data.
Be especially wary of codes that may appear suspicious or tampered with, and check with the staff of the establishment to make sure it’s legitimate before scanning.
If you believe your computer or mobile device may be infected with malware, watch out for these warning signs:
-
On your device
- Look out for unfamiliar apps and icons that appear on your device which you did not install, an unusual change in the look-and-feel of your device's screen, or suspicious screen pop-ups that prompt you to install unknown apps or grant special permission to specific apps.
- Performance issues including applications, files and websites taking a long time to load, abnormal battery drainage, and problems shutting down or starting up your device due to malware running in the background.
- Device shutting down abruptly or getting locked up with the screen displaying the message 'System update in progress' even after it has force-restarted.
- Dropped calls or strange disruptions during a conversation which could likely be due to interference of mobile malware.
- Unusual phone/data bills as a result of malware sending SMS text messages to premium-rated numbers.
-
In your browser
- A redirection to a third-party website showing a fake overlay page resembling OCBC Bank’s login page, which may prompt you to enter your login credentials, OTP from your OCBC OneToken, or your ATM, debit or credit card details. The website may also feature a fake hotline number (a number that does not match the contact numbers on the Bank's official website).
- The URL shown on the fake website’s login page is different from OCBC’s official pages. Please be reminded of OCBC Malaysia’s official website URLs:
- Personal Banking: https://internet.ocbc.com.my/internet-banking
- Business Banking: https://velocity.ocbc.com/login.html
- You are prompted repeatedly for your login credentials despite entering them correctly, or get a delayed pop-up screen that says the system is not available and repeatedly asks you to enter OTP or use your OCBC OneToken to generate an OTP.
To ensure that your online security and account information are not compromised via your devices, please adopt the following OCBC Online Banking security measures:
Secure your devices
Keep your devices secure and up to date with trusted security solutions.
- Install antivirus programmes, keep them up-to-date and run regular scans to help detect unauthorised software
- Ensure that your operating system is updated to the latest version
- Ensure that your OCBC Malaysia Mobile Banking app is kept updated with the latest security features
- Do not use jailbroken or rooted phones to access OCBC Malaysia Mobile Banking services
- Secure your device with biometrics, a strong password or other relevant mechanism
- Check your devices regularly for unknown apps that may appear at random
- Inform OCBC immediately in event of loss/theft of your mobile device, and/or if you suspect there is unauthorised access to your account
- Never leave your devices unattended in public places
Keep your devices secure and up to date with trusted security solutions.
- Install antivirus programmes, keep them up-to-date and run regular scans to help detect unauthorised software
- Ensure that your operating system is updated to the latest version
- Ensure that your OCBC Malaysia Mobile Banking app is kept updated with the latest security features
- Do not use jailbroken or rooted phones to access OCBC Malaysia Mobile Banking services
- Secure your device with biometrics, a strong password or other relevant mechanism
- Check your devices regularly for unknown apps that may appear at random
- Inform OCBC immediately in event of loss/theft of your mobile device, and/or if you suspect there is unauthorised access to your account
- Never leave your devices unattended in public places
Safeguard your online browsing experience
Practise safe browsing habits to limit your device’s vulnerability to malware.
- Personally enter the domain name in your browser to log in to OCBC Online Banking
- Ensure that the website you are visiting belongs to OCBC Personal Banking or Business Banking
- Do not allow your web browser or devices to store your login credentials
- Log off once session is finished and lock your computer screen when not in use
- Do not use public devices or connect to unsecured/publicly available Wi-Fi to access Online Banking
- Remove file and printer sharing in computers
- Never click on links in pop-ups when browsing the internet
Practise safe browsing habits to limit your device’s vulnerability to malware.
- Personally enter the domain name in your browser to log in to OCBC Online Banking
- Ensure that the website you are visiting belongs to OCBC Personal Banking or Business Banking
- Do not allow your web browser or devices to store your login credentials
- Log off once session is finished and lock your computer screen when not in use
- Do not use public devices or connect to unsecured/publicly available Wi-Fi to access Online Banking
- Remove file and printer sharing in computers
- Never click on links in pop-ups when browsing the internet
Beware of downloads
Always be cautious when downloading any files or attachments from unknown sources.
- Do not install software or run programmes of unknown origin
- Only download mobile apps (including the OCBC Malaysia Mobile Banking app and OCBC Business apps) from official app stores (Apple App Store, Google Play Store or Huawei AppGallery)
- Do not open, run or install any attachments or click on any links in suspicious or unsolicited emails and messages
Always be cautious when downloading any files or attachments from unknown sources.
- Do not install software or run programmes of unknown origin
- Only download mobile apps (including the OCBC Malaysia Mobile Banking app and OCBC Business apps) from official app stores (Apple App Store, Google Play Store or Huawei AppGallery)
- Do not open, run or install any attachments or click on any links in suspicious or unsolicited emails and messages
Review app permissions
Be aware of what your apps can access on your devices.
- Read and understand the permissions an app requires before you install it
- Consider whether the requested permissions are necessary for the app’s intended functionalities
- Avoid granting excessive permissions that may compromise your privacy, especially apps that request access to your camera, microphone, location, contacts and similar sensitive information
Be aware of what your apps can access on your devices.
- Read and understand the permissions an app requires before you install it
- Consider whether the requested permissions are necessary for the app’s intended functionalities
- Avoid granting excessive permissions that may compromise your privacy, especially apps that request access to your camera, microphone, location, contacts and similar sensitive information
Detect and address malware
These are some suggested steps to take if you suspect your device has been infected with malware:
- Turn on ‘flight mode’ to prevent data from being transmitted into or out of your device
- Check that Wi-Fi is switched off and do not switch it on
- Look for and uninstall any suspicious apps found in your device immediately
- Run a scan on your phone using a reputable anti-virus or anti-malware software
- Use another device to check your bank accounts etc. for any unauthorised transaction(s)
- Report any unauthorised transaction(s) to the Bank, the relevant authorities, and lodge a Police report
- If, after completing the above steps, you believe your device is not infected with malware, you may continue using it. As a further precaution, consider doing a “factory reset” of your phone and changing important passwords
These are some suggested steps to take if you suspect your device has been infected with malware:
- Turn on ‘flight mode’ to prevent data from being transmitted into or out of your device
- Check that Wi-Fi is switched off and do not switch it on
- Look for and uninstall any suspicious apps found in your device immediately
- Run a scan on your phone using a reputable anti-virus or anti-malware software
- Use another device to check your bank accounts etc. for any unauthorised transaction(s)
- Report any unauthorised transaction(s) to the Bank, the relevant authorities, and lodge a Police report
- If, after completing the above steps, you believe your device is not infected with malware, you may continue using it. As a further precaution, consider doing a “factory reset” of your phone and changing important passwords