Learn more about Malware and Online Banking security
Alert on Mobile Malware
Malware targeting mobile phones (especially Android phones) has been on the rise.
Such malware can infect your mobile phones when you click on hyperlinks, attachments in your emails
or mobile messages (e.g. SMS, WhatsApp) from unknown sources, or when you download mobile apps
from untrusted app stores (other than Google Play store or Apple App Store).
Once your mobile phone is infected with mobile malware,
the malware will prompt for excessive or unusual permissions to be granted in order to
obtain privileged access rights to your phone. If you grant such permissions, the malware
can take control of your mobile phone and perform actions such as stealing or intercepting
your SMS messages, showing fake overlay login screens on top of the Bank's website/mobile app
to ask for your banking login credentials or credit/debit card information.
Overlay screens caused by mobile malware that asked for login credentials
What is a malware? How does it affect my online banking?
Malware targets customers' computers/mobile devices to steal their login credentials.
For example: Your Online Banking Login ID, Password and One-Time-Password (OTP).
Your computer/mobile device can be infected by malwares when you click on email attachments
or hyperlinks from unknown sources.
Computers which are not well protected by anti-virus software are vulnerable to risk of malware
Malwares redirect you to a fake webpage that looks similar to the Bank's login page.
It may prompt you to enter Password or OTP from your hardware token and tries to access your account
to create fraudulent transactions for your approval.
How do I know if my computer/mobile device is compromised by malware?
Watch out for these warning signs :
The URL showing on the login page is different from the official OCBC Online Banking
website which is
OCBC Online Banking login screen looks different.
The legitimate OCBC login is done in two separate screens - First Screen:
Enter Login ID & Password, Second Screen: Enter One-Time-Password (OTP)
Prompted repeatedly for Password or OTP even though you have entered
the login credentials correctly
- A delayed pop-up screen that says the system is not available
and repeatedly ask you to enter OTP or use your hardware token to generate an OTP
- Prompted to authorise transactions which you have not initiated using OTP
generated through your hardware token. For example: While trying to login,
you are prompted to enter a 6-digit number shown on your computer screen into your hardware token.
Then you are asked to press the "Sign" button on the token and key in the OTP generated
from the hardware token into the computer screen.
Your Password is visible when you type in the Password field - it should be masked
You receive SMS messages on OTP or transactions which you did not initiate
A redirection to a third-party website, which may feature a hotline number or an unsolicited request
You receive a call purportedly from a staff in OCBC asking you to verbally
reveal your Online Banking Login ID, Password, OTP or hardware token details
(Note: OCBC Bank will never ask a customer to reveal his Password or OTP)
Mobile Device Behaviour
Bad Battery Life: Whether malware is hiding in plain sight, pretending to be a regular application,
or trying to stay hidden from the user, abnormal battery drainage can often give away the presence
of an infection. This could be due to malware utilising the system resources to perform its actions
(e.g., communicating with a command and control server) in the background.
Dropped Calls and Disruptions: Mobile malware can affect outgoing and incoming calls.
Dropped calls or strange disruptions during a conversation could be the interference of mobile malware.
Call your service provider to determine if the dropped calls are its fault. If it’s not, it is possible that
someone or something is trying to eavesdrop on conversations or perform other suspicious activities.
Unusual Phone/Data Bills: Android malware often infects devices and starts sending SMS text messages
to premium-rated numbers. Some malware may send an SMS message just once a month to avoid suspicions,
or they may uninstall themselves after punching a serious hole in your budget. Malware can also smuggle
data from your device to a third-party. Significant changes in your download or upload patterns could
be a sign that someone or something has control over your device.
Clogged Performance: Malware infestation may cause serious performance
problems as it tries to read, write or broadcast data from your smartphone.
Checking RAM (Random Access Memory) use or CPU load could reveal the presence of malware
that's actively running on the device.
Suspicious Applications: If you notice an unusual change in the look-and-feel of
your smartphone (such as new icons or applications), malware may have infected your phone.
What should I do if I think my computer/mobile device has been compromised?
Take a screenshot or picture of the suspicious screen
Cancel any suspicious-looking transaction, logout the Online Banking session, close the browser
Do not enter your Online Banking Login ID, Password or One-Time-Password (OTP)
and do not attempt to login again
Inform the Bank immediately by calling us at 03-8317 5000
What can I do to protect myself?
Install and maintain the latest anti-virus software on your computer/mobile devices
Do not click on email attachment and hyperlinks from unknown sources
Make sure the OCBC Online Banking login page is
Do not share your Online Banking Login ID, Password,
One-Time-Password (OTP) or hardware token details to anyone
Look for the SSL encrypted connection, indicated as https:// or a padlock, as
well as to check OCBC Bank's name in its digital certificate.
Update us on your latest mobile number to receive One-time Password (OTP) and
register for SMS alerts
Adopt the recommended security practices.
on safeguarding your internet banking access.
Do not "root" or "jailbreak" the smartphone, as this could compromise smartphone security.
Only install applications from trusted sources such as "Google Play", or other reputable app stores,
and avoid downloading pirated applications from unauthorised/illegitimate app stores,
or random download locations on the internet as the latter could be laced with malware
The screenshots below are samples of how consumers were prompted to perform "application updates",
which had resulted in their smartphones being infected by the malware.
If you notice any unusual activities, please log off immediately and
call us at 03-8317 5000
Is OCBC Online Banking service secure?
Yes, we would like to assure you that OCBC Online Banking service is secured.
All of our banking systems are integrated with the most advanced security technologies available today.
We advise you to stay vigilant and take the necessary precautions.
You play a part to protect yourself from online fraud by adopting the recommended security practices.
Terms and conditions
for Electronic Banking Services apply.