Security Alert : Phishing Website for UOB Personal Internet Banking

There have been recent reports of malware infection that captures user’s login credentials such as userid, passwords and one-time passwords. This could occur if the user’s computer is infected with the SpyEye Trojan virus.

Signs of infection:
You may experience some or all of the following if you have accessed your internet banking from an infected computer:

• You are re-directed to another page asking for your mobile number for security verification.
• You have to wait 1 to 10 minutes, or the system may hang for a short period of time.
• You are required to enter the one-time password repeatedly for verification (as shown in the screen below).
• There are errors while loading the login page.

In addition, you could receive SMS notifications for transactions you did not perform, e.g. the addition of a third-party payee.

Figure 1 - Fake one-time password page

The UOB Token-OTP page does not display any advertisement banner. Below is how the UOB Token-OTP appears.

Figure 2 – UOB one-time password (OTP) page

How to protect your computer:

• Install a reputable anti-virus software, and ensure regular updates with the latest virus signatures.
• Scan your computer regularly.
• Always read your SMS notifications carefully. Do NOT enter any token or SMS OTP (one-time password) for transactions that you did not initiate or request.
• When visiting UOB Personal Internet Banking, always type the URL manually (https://pib.uob.com.sg).
• Verify the internet banking website before providing your login credentials.

Please contact Customer Service at 1800-2222-121 if you encounter any suspicious activities in relation to your account(s).