Phishing Scams Targeting Customers of Singapore Banks

There has been a recent spate of phishing scams targeting customers of Singapore banks. These phishing scams, in the form of emails that were purportedly sent by the banks, were designed to trick victims into accessing fake websites. Victims would then be asked to give their sensitive personal information such as internet banking user ID, PIN code, one-time password (OTP) and credit card details.

What should you do to protect yourself from such phishing emails?

  • Do not open or download any attachments from an unsolicited email.
  • Do not click on email links or URLs within the email without verifying the sender of the email.
  • Move your mouse over the email link or URL to check the actual internet address. To do this on your mobile phone, tap and hold the link to display the actual internet address. If the actual internet address looks suspicious, do not click on it.
  • To access UOB's website, always type the URL: directly into the address bar of your browser.
  • If you suspect that your account may have been compromised, please inform us immediately at 1800 226 6121 (from Singapore) or +65 6226 6121 (from Overseas).

Example of a phishing email

Beware of phishing emails purportedly from UOB

There have been reports of people being tricked by phishing emails recently. Victims would receive phishing emails purportedly from the Bank, informing them that someone had logged into their account – please refer to sample of such an email below:

Victims would be asked to click on a link or button such as "Stop Request Now" which then redirects them to a fake website for disclosure of confidential information (e.g. user ID, password, One-Time Passwords, etc).

Once such confidential information is disclosed, the fraudsters would use the information to transfer money out of the victims' bank accounts. The victims would also receive SMS alerts notifying them of the successful fund transfers to unknown payees

To protect yourself:

  1. Do not click on the link or the button in the email. By hovering your mouse pointer over the link or button, you are able to see the actual hyperlinked internet address, which could be a fake website's internet address. (Where emails are read on mobile phones, pressing and holding on the link for a while would reveal the actual internet address).
  2. Do not download or open any attachment in the suspicious email.
  3. Do not provide your confidential information such as your user ID, password, One-Time Password, etc. Please note that the Bank will never ask you for confidential information through email or phone.
  4. If you have inadvertently provided such information, immediately login to your Internet banking account to change your password.

Should you suspect that your account has been compromised, please contact us at 1800 226 6121 (from Singapore) or +65 6226 6121 (from Overseas).

How can I protect against Malware?

As part of UOB's commitment to provide a secure online banking environment, the Bank has partnered IBM® to provide our customers with free download of IBM® Security Trusteer Rapport™ to protect you against malware when using BIB and BIBPlus. Please click here to download.

Customers should always

  • promptly check the relevant notifications and account statements/advice,
  • check the date and time of their last login to Internet Banking,
  • avoid compromising the mobile platforms (i.e. by jail-breaking or rooting), and take precautions when installing and updating mobile applications and operating systems of mobile platforms
  • notify the bank as soon as possible upon detection of unusual transactions or activity (e.g. suspicious pop-up screens or abnormal Internet Banking login steps)
Security Alert: Malware "Dyreza"

A malware, Dyreza has been recently found spreading which may affect the legitimacy of banking websites. This malware is spread through phishing emails with malicious attachment. When the said malicious attachment is opened, the malware infects the customers' computers or devices. Once customers' computers or devices are infected, the malware will attempt to steal the customers' login and authorisation credentials (such as User ID, Password, One Time Password) by altering the flow of logging on to the UOB website. After the first login page, it will show a message "We are currently processing your information, please wait...." which does not exist in the legitimate UOB website.

Symptoms that your computer could possibly be infected with Malware

  • Prompt to input your login credential multiple times even if your supplied information is correct
  • Sudden slowness in your computer and/or requests you to wait while the system is processing for an extended time.
  • Unusual logon/authorisation procedures and/or re-direct to the unfamiliar website.

How can I protect against Malware?

  • Always protect your computer by using an anti-virus/anti-malware software and keep it updated with the latest anti-virus. Scan your computers regularly.
  • Do not download or open attachments in suspicious emails.
  • Never reply to unsolicited emails.
  • Avoid accessing unknown and unsecured websites.
  • If you suspect that your computer has been infected by malware, please scan your computer with latest anti-virus/anti-malware software and refrain from using banking websites until your computer is cleaned.
  • Check your last login and transaction history regularly for any abnormal transactions.

UOB would like to assure you that our internet banking systems are secure.  Please contact UOB helpline immediately, if you notice unknown transactions appearing on your account.

Security Alert: Vulnerability in Secured Sockets Layer 3.0 (SSL 3.0
A vulnerability known as “POODLE” has recently been discovered on SSL 3.0 used by older versions of web browsers such as Internet Explorer 6.

In view of this vulnerability, we will not be supporting older versions of web browsers as of 21/11/14.

We recommend customers to download and install the latest versions of your web browsers to ensure optimal user experience.

UOB would like to encourage our customers to take the following steps to safeguard your passwords for a safe and secure online banking experience.

  • Use a username and password for your online banking account(s) that is different from other non-banking related accounts.
  • Select a password that is at least eight characters long, contains alphanumeric characters and does not have any repeated characters.
  • Change your passwords regularly, at least once every three months.
  • Disable the “Auto Complete” function on your web browser to avoid theft of information.
  • Do not disclose your username or password to anyone.
If you encounter any suspicious activity in relation to your account(s) or require assistance, please contact us at 1800 226 6121 or +65 6226 6121.

Security Advisory: Internet Explorer
A security flaw has been discovered on Internet Explorer browsers versions 6 to 11 (IE6 to IE11).

If you are using these versions of Internet Explorer, you should consider using alternative browsers such as Google Chrome, Safari (for Mac users) or Mozilla Firefox to access the internet and UOB Business Internet Banking (BIB) service.

Please note that any patches to IE browsers are automatically updated if the automatic updating feature on the browser has been turned on. If you have previously disabled that feature, you can refer to the steps found on the Microsoft website – “Turn automatic updating on or off” to enable your computer to automatically update your browser.

For more information on the security flaw, you can find it on Microsoft's website or the Singapore Computer Emergency Response Team (SingCERT).

Java Alert

Please do not perform auto-update to the latest Java 7 Update 55 version or above. For assistance, kindly contact us at 1800 226 6121 or +65 226 6121.

Security Alert: OpenSSL Bug (HeartBleed)
A bug has recently been discovered in OpenSSL, a software that protects sensitive data online.

Please be assured that UOB's Business Internet Banking system is not affected by the OpenSSL bug.

UOB would like to use this opportunity to encourage our customers to adopt the following best practices to safeguard their passwords for a safe and secure online banking experience. Customers should:

  1. use a different username and password for their online banking accounts from other non-
    banking related accounts.
  2. select a password that is at least eight characters long, contains alphanumeric characters and does not repeat any character.
  3. change their passwords regularly, at least once every three months.
  4. not reveal their account username or password to anyone.
  5. disable the “Auto Complete” function on the browser to avoid theft of information

If you encounter any suspicious activity in relation to your account(s) or require assistance, please contact us at 1800 226 6121 or +65 6226 6121.

Security Advisory: Malware
A malware stealing login and transaction authorisation information from internet and mobile banking websites and applications is circulating. Stay vigilant when accessing your account.

Copyright © 2017 United Overseas Bank Limited Co. Reg. No. 193500026Z. All Rights Reserved.