Deposit accounts designed for all your banking needs

Back

Malware threats

Learn to safeguard your financial data against malware attacks.

WHAT IS MALWARE?

Malware is a type of malicious software that cybercriminals use to infect their victim’s computers and mobile devices to perform criminal activities.

Once the device is infected, a cybercriminal can steal confidential data such as login credentials (such as PINs, One-Time-Passwords (OTP) and User IDs) and use these details to conduct fraudulent activities from their victim’s account.

Cybercriminals can also gain remote control of the compromised device to spy on a person’s online activities or perform other criminal acts without their victim’s knowledge.

TYPES OF MALWARE

By understanding the different types of malware and how they work, you can help to protect your devices from threats.

Viruses
Ransomware
Scareware
Adware/Malvertising
Trojans
Spyware
Viruses

Viruses

A computer virus can of infecting a computer system, then spread by replicating itself throughout a network just like biological viruses. It attaches to existing programs, which can then infect other programs and files when a user executes it. Viruses are able to steal sensitive information, delete or modify files, and even launch attacks on other systems.

Ransomware

Ransomware

Ransomware is a type of malware used to encrypt files or the operating system on a device, locking the user out of their files or device. The victim loses access to important and often confidential data and faces disruption to their business. Attackers will then threaten to publish their victim’s data or permanently block their access unless a ransom is paid (often in cryptocurrency).

Scareware

Scareware

Scareware, often disseminated via pop-up ads, is designed to trick users into believing that their device has been infected with malware and then duped to download or purchase malicious (or useless) software to fix the supposed issue.

In some cases, victims will be asked to enter their credit card details or other sensitive information when downloading the fake software, which criminals will then use for fraudulent purposes. Other times, the fake software is simply a way for criminals to install other types of malware into a victim’s device.

Adware/Malvertising

Adware/Malvertising

Adware is designed to display advertisements on a user’s device, typically in the form of pop-up ads and banners. It can track a user’s browsing behaviour and collect personal data about their online activities for targeted advertising purposes.

On the other hand, malvertising refers to the distribution of malware through online advertising platforms. Seemingly legitimate ads will direct users to phishing sites or other malicious websites.

Trojans

Trojans

Short for Trojan horse, a Trojan is a type of malware that is often disguised as a legitimate program or file, and may be distributed through phishing emails or software downloads. Once it’s downloaded, it can perform a variety of malicious activities, such as stealing financial information or installing additional malware.

Spyware

Spyware

Designed to collect information from a device without the user’s knowledge or consent, spyware can be used to monitor a person’s online activities and steal sensitive information such as login credentials and credit card information.

It can be installed on a device through various methods, such as clicking on a malicious link or email attachment, installing infected software or visiting a compromised website.

HOW IS MALWARE SPREAD?
Phishing emails

Phishing emails

A common method is to send emails with attachments that may appear to originate from trusted sources or people you know. If you open the attachments, you may end up installing malware on your computer.

Suspicious websites

Suspicious websites

Visiting malicious websites may result in harmful software being installed on your device without your permission. These spoofed sites often resemble credible websites from established companies, but exist solely to inject malware and steal data.

Infected downloads

Infected downloads

Malware can be spread by downloading infected files, which are delivered through messaging services such as SMS, WhatsApp and Telegram. It can also be easily spread through fake software and mobile app downloads from non-official sources, or via removable drives once they are connected to a computer.

Malicious ads

Malicious ads

Cybercriminals can spread malware by injecting corrupted code into online ads, which are then distributed through legitimate advertising networks and displayed on various trusted websites. Victims do not even need to click on the ad; the malware is automatically installed once they visit the site.

LATEST SCAMS TO WATCH OUT FOR

From deceptive bargains to bogus QR codes, be wary of these malware-related scams.

Suspicious downloads on Android

Suspicious downloads on Android

Suspicious downloads on Android Victims may come across favourable deals and be lured into contacting these fraudulent businesses through their social media or messaging platforms (e.g., WhatsApp). Subsequently, they will be sent a URL to download an Android Package Kit (APK) file which contains malware, potentially allowing scammers to access their devices remotely and steal their personal information and banking credentials.

Be sceptical of advertisements with exaggerated claims that seem too good to be true, and avoid downloading any dubious applications on your devices.

Fake friend call scams

Fake friend call scams

Scammers may attempt to contact victims through calls or text messages, pretending to be a friend or acquaintance. Instead of directly asking for money, they may send victims malicious links on the pretext of seeking help with making a restaurant reservation or purchasing furniture, for example. The malicious links will lead the victims to either download an APK file and/or to phishing sites where they are tricked into entering their banking details. Scammers can then access the victims’ bank accounts to perform unauthorised transactions.

Be cautious when receiving unusual phone calls or messages from individuals claiming to be someone you know. Verify their identity through alternative means such as meeting them in person or using previously established contact details, before engaging in any transactions or divulging sensitive information.

Malicious QR codes

Malicious QR codes

As businesses increasingly use QR codes, scammers are finding new ways to exploit this technology by pasting manipulated QR codes near authorised scan-to-pay signs in shops and restaurants. Victims are duped into scanning the fraudulent codes, unknowingly downloading malware-infected apps that steal confidential and sensitive data.

Be especially wary of QR codes that may appear suspicious or tampered with, and check with the staff to make sure it is legitimate before scanning.

Suspicious downloads on Android
Fake friend call scams
Malicious QR codes
HOW TO DETECT MALWARE

Be alert for these warning signs, which can indicate that your computer or mobile device has been infected by malware:

  • On your device
    Look out for:

    • Unfamiliar apps that you did not install, an unusual change in the look or feel of your device’s screen, or suspicious screen pop-ups that prompt you to install unknown apps or grant special permission to specific apps
    • Performance issues including slow applications, files and websites that take too long to load, abnormal battery drainage, and problems shutting down or starting up your device due to malware running in the background
    • Device shutting down abruptly or freezing with a message such as ‘System update in progress’ even after a forced reboot
    • Dropped calls or strange disruptions during a conversation which could likely be due to interference by malware
    • Unusual phone/data bills as a result of malware sending SMS text messages to premium-rated numbers
  • In your browser
    Look out for:

    • Redirection to a third-party website showing a fake overlay page resembling the bank’s login page, prompting you to enter your login credentials, OTP from your security token, or your ATM, debit or credit card details. The website may also feature a fake hotline number (a number that does not match the contact numbers on the bank’s official website).
    • The address of a fake website is different from that of the official pages
    • Being prompted repeatedly for your login credentials despite entering them correctly, or a delayed pop-up screen that saying the system is not available and repeatedly asking you to enter OTP
    • Receiving SMS text messages with OTPs you did not generate, or with prompts to authorise transactions that you have not initiated
HOW TO PROTECT YOURSELF AGAINST MALWARE

To ensure that your online security and account information are not compromised via your devices, please adopt the following OCBC Online Banking security measures:

Secure your devices

Secure your devices

Keep your devices secure and up to date with trusted security solutions.

  • Install antivirus programs, keep them up-to-date and run regular scans to help detect unauthorised software.
  • Ensure that your operating system is updated to the latest version.
  • Do not use jailbroken or rooted phones to access OCBC Mobile Banking services.
  • Secure your device with biometrics, a strong password or other relevant mechanism.
  • Check your devices for unknown apps that may appear at random.
  • Inform OCBC immediately in the event of loss/theft of your mobile device, and/or if you suspect there is unauthorised access to your account.
  • Never leave your devices unattended in public places.

Safeguard your online browsing experience

Safeguard your online browsing experience

Practice safe browsing habits to limit your device’s vulnerability to malware.

  • Personally enter the domain name in your browser to log in to OCBC Online Banking.
  • Ensure that the website you are visiting belongs to OCBC.
  • Do not allow your web browser or devices to store your login credentials.
  • Log off once a session is finished and lock your computer screen when not in use.
  • Do not use public devices or connect to unsecured/publicly available Wi-Fi to access Online Banking.
  • Remove file and printer sharing in computers.
  • Never click on links in pop-ups when browsing the internet.

Beware of downloads

Beware of downloads

Always be cautious when downloading any files or attachments from unknown sources.

  • Do not install software or run programmes of unknown origin.
  • Only download mobile apps (including the OCBC app and OCBC Business apps) from official app stores.
  • Do not open, run or install any attachments or click on any links in suspicious or unsolicited emails and messages.

Review app permissions

/iwov-resources/hk/ocbc/personal/img/security/secure-banking-ways/malware-threats/icon-reviewpermissions.png

Be aware of what your apps can access on your devices.

  • Read and understand the permissions an app requires before you install it.
  • Consider whether the requested permissions are necessary for the app’s intended functionalities.
  • Avoid granting dangerous permissions that may compromise your privacy, especially apps that request access to your camera, microphone, location, contacts and similar sensitive information.

You are leaving our website

This hyperlink may allow you to leave OCBC Bank (Hong Kong) Limited website. The website accessed through this hyperlink may not provide you with any regulatory protections. All the information you provided will be subject to the terms and personal data policy of the third-party website. OCBC Bank (Hong Kong) Limited is not liable for your use of the hyperlink website.

CancelUnderstood