Phishing is a way of obtaining confidential information such as one’s bank account details, personal identification number (PIN), one-time password (OTP), credit card number, user ID or password through the Internet, in order to perform unauthorised banking transactions.

Email and SMS

Scammers send emails or SMSes to victims impersonating reputable companies, banks or government agencies. These emails or SMSes include fake bank notifications, offers, lucky draws, investment schemes or COVID-19 related campaigns to lure recipients into clicking on a URL link.

Upon clicking on the URL link, victims are redirected to a fraudulent or spoofed website where they are tricked into providing their credit card or debit card details, banking credentials, or one-time password (OTP).

Voice phishing or vishing

Scammers contact victims and impersonate government officials, bank officers or technical support staff to trick victims into providing their banking credentials and OTPs. These calls are either automated through robocalls or conducted by the scammers themselves.

Scammers impersonating technical support staff could also ask victims to download remote access software to gain control of their computers, laptops or mobile devices. The victims are directed to provide their banking credentials and OTPs, and fraudulent transactions will then take place.

1. Stay alert. Think twice before responding to an unsolicited contact

• Verify that the caller or the sender of the SMS or email is from the official OCBC and/or Bank of Singapore. We will never send an SMS with a link to reactivate your account.
• Keep a lookout for unusual sender e-mail addresses, spelling mistakes, suspicious logos or tones.
• Do not reply to junk or chain emails.
• Do not call any numbers provided in suspicious SMSes.
• Do not click on links or open any attachments in SMSes or emails.
• Do not click on unknown links or questionable websites.
• Do not install software or programmes of unknown origin.
• Do not disclose personal, financial or credit card information to suspicious websites.
• Do not provide your login ID, password or one-time passwords (OTPs) to anyone or input these into unverified websites.
• Contact your Relationship Manager if you are in doubt about a communication sent by OCBC and/or Bank of Singapore.

2. Keep your password safe

• Choose a strong password – at least eight characters long, with at least one capital letter and one number. Your password should not contain the same digit or character more than once.
• Do not choose your passwords based on your user ID, or other personal details like your name, birthday or telephone number.
• Do not record, write down or divulge your password to anyone.
• Do not use the same password for other websites or services.
• Change your password regularly.
• Disable your internet browser’s password storage function.

3. Secure your Digital Token OTP and SMS OTP

Our Digital Services app uses Digital Token to verify your identity and online transactions.

• Do not allow anyone to use or tamper with your SMS OTP, PIN, or Digital Token approval.
• Do not reveal the SMS OTP or Digital Token OTP to anyone.
• Report immediately if your mobile phone registered to receive SMS OTP or Digital Token OTP is lost or stolen.
• Use the official mobile applications of OCBC and/or Bank of Singapore only to view or access your accounts on mobile devices.

4. Check your account activities regularly

• Check your last login date and time, account balances and transactions frequently. This will help you determine if unauthorised parties have accessed your account.
• Contact your Relationship Manager immediately if you suspect any irregularities.

5. Protect your devices (mobile devices, laptops, or computers)

• Remember to log out of our Digital Services app once you have completed your session.
• Access our Digital Services app from a secure environment.
• Do not access the Digital Services app on public networks.
• Install anti-virus, firewall and anti-spyware software from reputable vendors and update the software regularly.
• Scan your device regularly for viruses.
• Download the ScamShield App to block unsolicited messages and calls if you live in Singapore.

6. Keep your software up to date

• Update regularly your device's operating systems to the latest version.
• Install updates (for example, critical updates or security patches) through the official websites of the software you use.
• Enable the ‘Automatic Updates’ feature if you use Windows XP.
• Ensure that you are using the latest internet browser version.

7. Report suspicious fraudulent activities

Contact your Relationship Manager immediately if you notice any unusual activities in your account, or suspect your account has been compromised.

8. Keep an eye out for our security alerts

Keep your account safe by referring to our security alert notices.