UOB Security Alerts

Always stay on the alert and ignore such scam attempts. We would like to reassure you that UOB Malaysia’s senior management and employees will never request you to disclose your account details or personal identification (PIN) numbers over phone calls, text messages, social media platforms or emails.

Tips to protect yourself from such scams

• Always ask the sender or the caller to identify themselves (for example, request for their names, employee identification number) and call UOB Call Centre for verification. If you receive calls asking for your banking information, you should hang up and call UOB Malaysia or the authorities immediately
• Ignore unsolicited missed calls or text messages from unknown numbers, Telegram, WhatsApp, Facebook and other social media platforms
• Do not call phone numbers, click on URL links, or scan QR codes in unsolicited emails, SMSes, or messages via other messaging applications;
• Never disclose your personal or internet banking details to anyone; and
• Report to the Bank or the relevant authorities immediately of any suspicious message and/or call received whereby the sender/caller is harassing or pressuring you to make a transaction, or investment
• If you are unsure of the message and/or call that you have received, or have inadvertently disclosed your personal or bank information, please inform our 24-Hour Call Centre at 03-26128 100 immediately. You may also find our Call Centre numbers at the back of your UOB Card or in your monthly statement

TAC (Transaction Authorisation Code), also known as OTP (One Time Password) is an online/mobile banking security feature to protect your account from unauthorised use. A TAC will be sent to you via SMS to your registered mobile phone number to verify that you are the rightful person performing the transaction.

Scammers will first try to get hold of the account holder's online banking username, password and contact details.

Once they have the above information, they will still require the TAC generated from the account holder's mobile phone to perform online transfer.

To get the TAC, the scammers would contact the genuine account holder and dupe him or her into revealing the TAC via phone call by convincing him or her that they have wrongly registered the genuine account holder’s mobile number as theirs.
The unsuspecting account holders would reveal the TAC to the scammers, who would then use it to start transferring money from the account.

Tips to protect yourself

• Never reveal your personal online banking details such as username, password or bank account information including your TAC to anyone anyone even if the party requesting for such information claims to be from financial institution, Bank Negara Malaysia or other authorities.
• Register for Mighty Secure and turn your smartphone into a digital security token to enjoy easy, secured and convenient authentication of Personal Internet Banking and UOB Mighty transactions without the need for SMS-OTP. For enhanced security, all open transactions of RM10,000 and above performed via Personal Internet Banking and UOB Mighty must be authenticated with Mighty Secure.
• Inform the bank. If you are unsure of the call you have received, or have inadvertently disclosed your personal or bank information, please inform our 24-Hour Call Centre at 03-26128 121 immediately. You may also find our Call Centre numbers at the back of your UOB Card or in your monthly statement.

How a phishing email might work

• Potential victims would be asked to click on a link or button such as "Stop Request Now"
• This redirects them to a fake website for disclosure of confidential information (e.g. user ID, password, One-Time Passwords,etc).
• Once such confidential information is disclosed, the fraudsters would then use the information to transfer money out of the victims' bank account.

The victims would also receive SMS alerts notifying them of the successful fund transfers to unknown payees.

Here is how a phishing email could look like.

Tips to protect yourself from such phishing email scams

• Do not click on links or buttons in such emails
By hovering your mouse pointer over the link or button, you are able to see the actual hyperlinked internet address, which is usually a fake website’s internet address. (Where emails are read on mobile phones, pressing and holding on the link for a while would reveal the actual internet address).

• Always type the website URLs on the address bar.
• Always confirm the Authenticity of the login page by clicking on the lock or key to ensure the web certificate is issued to either www.uobgroup.com or pib.uob.com.my.
• Do not download or open any attachment in suspicious emails.
• Do not provide your confidential information over email or phone
Please note that the Bank will never ask you for confidential information (such as your user ID, password, One-Time Password, etc) through email or phone.

• Never enter your password if you did not see your Secret Word when you try to login.
• Change password and report immediately
If you have inadvertently provided such information, immediately login to your Internet banking account to change your password. Should you suspect that your account has been compromised, please inform our 24-Hour Call Centre at 03-26128 121. You may also find our Call Centre numbers at the back of your UOB Card or in your monthly statement.

He "alerts" you of "missing money" or that your banking account has been compromised by possible scams. To rectify your losses or to prevent the "scams", he will instruct you to perform a banking transaction to a third-party account.

There also have been reports of phone scams where individuals have received automated voice calls requesting them to enter numbers on their phones which will then connect them to a "telephone operator" or "bank employee".

From there, the "telephone operator" or "bank employee" may request for personal information, and then transfer their call to another person who may claim to be a "police officer". Individuals may then be instructed to submit confidential information such as bank account numbers, internet banking usernames, passwords and One Time Passwords (OTPs) on a website.

Using the information acquired, the perpetrator will then initiate a funds transfer to an unknown third-party account.

Tips to protect yourself from such phone scams

• Ask the caller to identify you personally and opt to call back to our UOB Call Centre.
• Ignore unsolicited missed calls or text messages from unknown numbers.
• Never give out personal information over the phone, unless you are making the call yourself.
• Inform the bank. If you are unsure of the call you have received, or have inadvertently disclosed your personal or bank information, please inform our 24-Hour Call Centre at 03-26128 121 immediately. You may also find our Call Centre numbers at the back of your UOB Card or in your monthly statement.

Scammers will randomly send out SMS messages to the public offering low interest rates from the bank for personal loans or other similar "offers". These SMS messages contain a phone contact for interested individuals to call.

If the individual calls that number, the perpetrator will attempt to get him or her to disclose confidential information such as bank account numbers, internet banking usernames, passwords and One Time Passwords (OTPs), which will then be used to initiate a funds transfer out of the individual's bank account.

Some scammers will also request customer to transfer a minimal "processing fee" to an unknown third-party account.

We advise customers to do the following when they receive such SMS messages

• Be alert. Do not provide any personal information, bank account information (including user ID, password and OTP) and credit card details on websites or to the callers.
• Be safe. Do not transfer any money to any unknown party.
• Inform the bank. If you are unsure of the SMS you have received, or have inadvertently disclosed your personal or bank information, please inform our 24-Hour Call Centre at 03-26128 121 immediately. You may also find our Call Centre numbers at the back of your UOB Card or in your monthly statement.

This malware is spread through phishing emails with malicious attachment. When the said malicious attachment is opened, the malware infects the customers' computers or devices.

Once customers' computers or devices are infected, the malware will attempt to steal the customers' login and authorisation credentials (such as User ID, Password, One Time Password) by altering the flow of logging on to the UOB website.

After the first login page, it will show a message "We are currently processing your information, please wait...." which does not exist in the legitimate UOB website.

Symptoms that your computer could possibly be infected with Malware

• Prompt to input your login credential multiple times even if your supplied information is correct.
• Sudden slowness in your computer and/or requests you to wait while the system is processing for an extended time.
• Unusual logon/authorisation procedures and/or re-direct to the unfamiliar website.

 How can I protect against Malware?

• Always protect your computer by using an anti-virus/anti-malware software and keep it updated with the latest anti-virus. Scan your computers regularly.
• Do not download or open attachments in suspicious emails.
• Never reply to unsolicited emails.
• Avoid accessing unknown and unsecured websites.
• If you suspect that your computer has been infected by malware, please scan your computer with latest anti-virus/anti-malware software and refrain from using banking websites until your computer is cleaned.
  Check your last login and transaction history regularly for any abnormal transactions.

UOB would like to assure you that our internet banking systems are secure. Please contact our 24-Hour Call Centre at 03-26128 121 immediately, if you notice unknown transactions appearing on your account

Please be assured that UOB's Internet and Mobile Banking systems are not affected by the OpenSSL bug.

UOB would like to use this opportunity to encourage our customers to adopt the following best practices to safeguard their passwords for a safe and secure online banking experience. Customers should:

• Use a different username and password for their online banking accounts from other non-banking related accounts.
• Select a password that is at least eight characters long, contains alphanumeric characters and does not repeat any character.
• Change their passwords regularly, at least once every three months.
• Not reveal their account username or password to anyone.
• Disable the “Auto Complete” function on the browser to avoid theft of information.

If you encounter any suspicious activities in relation to your account(s), please contact our 24-Hour Call Centre at 03-26128 121 immediately. You may also find our Call Centre numbers at the back of your UOB Card or in your monthly statement.

Spyware often appears on websites with free music, movies, or games for download. Malware (such as a Trojan Horse) disguises as an email attachment like a document or photo file. It will then gain access to your personal information. Mobile device malwares are also on the rise, stealing information such as SMS OTP to complete banking transactions through Internet Banking or Credit Cards.

You know you have spyware on your computer/mobile device if:

• You see pop-up advertisements even when you're not connected to the Internet.
• The page your Web browser first opens to (your home page); or your browser search settings have changed without your knowledge.
• You notice a new toolbar in your browser that you didn't want, and find it difficult to get rid of.
• Your device takes longer than usual to complete certain tasks.
• You experience a sudden rise in crashes.

For the latest updates on spyware, malware and security threats, please visit MyCERT (Malaysian Computer Emergency Response Team).

Tips to protect yourself from such phone scams

• Update your computer systems regularly with the latest anti-virus software.
• Know your Internet sources. Be wary of download requests from the Internet.
• Keep separate IDs and Passwords for multiple online accounts and change your passwords regularly.

 For mobile devices:

• Verify an app's permission and the app's author or publisher before installing it.
• Do not click on adware or suspicious URL sent through SMS/messaging services. Malware could be attached to collect user's information.
• Addresses on mobile sites may appear differently from desktop browser, make sure to verify it first.
• Always run a reputable anti-virus on your mobile devices, and keep it up to date regularly.
• Do not use public Wi-Fi networks for bank transactions and turn off Bluetooth connection when not in use.
• Update the operating system and applications on mobile devices, including the browser, in order to avoid any malicious exploits of security holes in out-dated versions.
• Do not root or 'Jailbreak' your phone; avoid side loading (installing from non-official sources) when you can

Some examples of online shopping scams are:

• Failure to deliver goods after payment has been received.
• In the place of the original products purchased, counterfeit products are delivered.
• Phishing websites and pop-up advertisement via social media and instant messaging platforms.

Be alert if

• The item’s price appears to be too good to be true.
• Only time-limited offers are available in the select.
• The seller requests immediate payment or a transfer of funds.

So what precautions can you take to avoid falling prey to this scam?

• Use only reputable and secure online source/platforms.
• Make payments through reputable online shopping platforms.
• Do not fall for low price offers or prices that seem too good to be true.
• Before doing business, read the testimonials and reviews on the seller’s profile.

 Use the PDRM CCID "Semakmule Portal" (https://ccid.mp.gov.my/semakmule/) to look up for the seller's bank account numbers.

If you have encountered suspicious online activities, please contact the nearest police station and file a police report immediately:

• https://semakmule.rmp.gov.my
• CCID Infoline: 013-211 1222 (WhatsApp)
• CCID Scam Response Centre: 03-2610 1559 / 1599
• Jabatan Siasatan Jenayah Komersil, Polis Diraja Malaysia

If you believe that your banking information is compromised or that there has been an unauthorised breach or transaction on your account, you should notify the Bank immediately.

Scammers will impersonate as members of well-known organisations & contact victim via phone calls, messages or email. Organisations that are often used by them includes (but not limited) government or law enforcement agencies & private corporations such as below;

• Police
• Court official
• LHDN (Income Tax)
• Telco Providers
• POS Laju
• Banks (including Bank Negara)
• Customs
• Malaysian Anti-Corruption Commission (MACC)

The scammers will then inform/accuse victims of being involved in;

• Crime Investigation (example: tax evasion, money laundering, drug trafficking etc.)
• Court hearing or appointment with an enforcement agency.
• Unpaid bills, loans or summonses.
• Suspicious activity on their bank/card accounts
• Pending parcel delivery or unclaimed items/money.

This is to mislead victims into revealing their personal & banking details such as account/credit card details & the One-Time Password (OTP)/Transaction Authentication Code (TAC).

Once the victim reveals these details, the scammers will be able to successfully validate the OTP/TAC to perform any online purchase via the victim’s credit card or transfer money from the victim’s account.

Tips to protect yourself

• ALWAYS be cautious of such calls, messages or emails from unknown caller/sender.
• Remain calm & DO NOT panic in regard to the claims put forth by the caller/sender.
• Do not reveal any information to the caller/sender.
• Do not call/message any contact that is given by the caller/sender.
• Always check with the genuine organization via its official contact.
• ALERT THE BANK. If you are unsure of the call, SMS or email that you’ve received, or have inadvertently revealed your personal or UOB bank information, please inform our 24-hour Contact Centre at 03-26128 121 immediately. You may also find our Contact Center numbers on the back of your UOB Card or in the monthly statement.

Tips to protect your-self from personal loan scams

• Note that UOB DOES NOT require customers to pay any “Processing Fees” for personal loan applications.
• DO NOT transfer your money into any unknown third party account if requested by such agents/staff for any such processing fees.

Scammers will disguise as UOB agents or staff to mislead/con/cheat unsuspecting customers into applying for a Personal Loan with United Overseas Bank (Malaysia) Bhd and will subsequently request customers to transfer money into a personal account as a processing fee.

Scammers will also provide either a fake letter of offer, fake cheque (purportedly issued by UOB) as proof of loan approval, or fake UOB business card in order to appear legitimate.

Scammers will impersonate as E-wallet merchants (BIGPAY, BOOST, Shopee, Lazada, Touch N Go etc.) to obtain victim’s credit card details & the One-Time Password (OTP)/Transaction Authentication Code (TAC) in order to defraud them.

Scammers will deceive victims via phone calls, SMS or emails by claiming that;

• Victim had won a lucky draw/contest with a gift/cash reward.
• Victim is required or entitled to replace/renew/upgrade their e-wallet accounts
• Victim is required to verify/update their latest personal details
• Victim’s e-wallet account is suspected to have been defrauded.

The scammer will then request the victim to disclose their banking details such as account/credit card details and the One-Time Password (OTP)/Transaction Authentication Code (TAC) as a verification process.

Once the victim reveals these details, the scammers will be able to successfully validate the OTP/TAC to perform any online purchase via the victim’s credit card.

Tips to protect yourself

• DO NOT be tempted by any offers from such calls, messages or emails.
• DO NOT disclose any banking information (i.e. account/card numbers, OTP/TAC, etc.) to an unsolicited & unverified caller/sender.
• ALWAYS verify with the genuine organization if you have received such calls, messages or emails.
• ALERT THE BANK. If you are unsure of the call, SMS or email that you’ve received, or have inadvertently revealed your personal or UOB bank information, please inform our 24-hour Contact Centre at 03-26128 121 immediately. You may also find our Contact Center numbers on the back of your UOB Card or in the monthly statement.

Scammers will use popular social media platforms such as Facebook, Instagram, WhatsApp, WeChat, etc. to obtain victim’s personal & banking information such as account/card numbers & One-Time Password (OTP)/Transaction Authentication Code (TAC).

Scammers will use these social media platforms to;

• Post bogus job offers.
• Advertise fake online contests/campaigns or investment schemes.
• Promote malware applications or phishing sites.
• Impersonate as victim’s friend/relative to obtain information.

Once the victim reveals these details, the scammers will be able to successfully validate the OTP/TAC to perform any online purchase via the victim’s credit card or transfer money to the scammer’s account.

Tips to protect yourself

• DO NOT be tempted by any offers/advertisements on social media.
• DO NOT disclose any banking information (i.e. account & card numbers, OTP/TAC, etc.) to another person.
• ALWAYS verify with the genuine organisation, friend or relatives if you have received such messages from their respective social media account.
• ALERT THE BANK. If you are unsure of the call, SMS or email that you’ve received, or have inadvertently revealed your personal or UOB bank information, please inform our 24-hour Contact Centre at 03-26128 121 immediately. You may also find our Contact Center numbers on the back of your UOB Card or in the monthly statement.

• Keep your cards & PIN safe and secure always.
Keep your cards and PIN safe and secure at all times including your place of residence. Do not leave your cards unattended.
• Do not lend your card to anyone.

Do not lend your card and PIN to anyone as your card and PIN is exclusively for your own usage.
• Don’t forget the unused cards.

As you may have more than one card, REMEMBER to keep your unused card(s) in a secure place.
• Sign your card

Upon receipt of your card, immediately sign on the signature panel using a non- erasable ballpoint pen.
• Tampered package
In the event the sealed package containing your credit/debit card has been tampered with or compromised, please contact UOBM Call Centre immediately.
• Don’t leave your valuables in the car

Never leave your card in your wallet or handbag unattended in your car when you go jogging, swimming, hiking, etc. even if your car is locked or armed with security alarm and especially when your car is parked outside the compound of the house.
• Destroy your card properly

Destroy your card properly by cutting across the magnetic stripe and the chip in the event you wish to cancel your card.
• Call the bank

If you suspect your card is lost/stolen/misplaced, immediately call the bank to put a STOP status. You may call the bank later to release the STOP status if you have found your card or you may request the bank to issue you a replacement card once you have confirmed your card is lost or stolen.
• Never compromise your PIN

Your credit/debit card PIN is to be used only for face-to-face purchases, cash withdrawals, and UOB Personal Internet Banking registration or reset password. Do not use the same PIN for any other third-party websites that require your credit/debit card PIN for validation. This is to prevent your PIN from being compromised.

• Check slip details.
Check the details on the transaction slip before signing to prevent any unauthorised charges.
• Is that your card?.

Ensure that it is your credit/debit card that is returned to you after a purchase
• At petrol kiosks.

REMEMBER to take your credit/debit card back after you have completed a transaction at a Self-Service Petrol Kiosk.
• Don’t leave your card behind

DO NOT leave your credit/debit card to the cashier at drinking places (i.e. bar and pubs) for running bills, as unauthorised transactions may take place.
• Be careful online
Never reveal or input your credit/debit card information in an unsecured website.
• Pay attention to bank SMS alerts

Pay special attention to transaction SMS alerts from the bank. Immediately report to the bank when you receive an SMS alert for a transaction that is not authorised by you.
• Don’t sign on blank slips

DO NOT sign on a blank transaction slip to prevent unauthorised billings.
• Destroy mutilated sales draft

Destroy any altered or mutilated sales drafts before throwing them away.
• Use cards responsibly

Never use your cards for any unlawful activity.

• Keep your receipts.
Keep your receipts and use them to check entries against your bank statement/passbook regularly.
• Be alert at any ATM.

Be alert and vigilant when conducting transactions at any ATM, and be sure not to be distracted by strangers.
• Be mindful.

Be mindful when entering your PIN in the presence of others near the ATM.
• Memorise your PIN

Memorise your PIN, and then destroy the PIN notification.
• Change your PIN
Change your PIN periodically
• Never give your card to anyone

Never give your card to anyone or allow a third party to transact on your behalf
• Watch out for foreign devices

DO NOT use the ATM if you see unusual or foreign devices attached to the machine or suspicious persons loitering near your ATM location. Report such incidences to the bank immediately.
• If card is withheld by ATM

If your card is withheld by the ATM, report it immediately to our UOBM Contact Centre or our branch stuff.
• Call our helpline

DO NOT accept any offers of assistance with the ATM from strangers. If you need help, use the phone located at the ATM machines to contact our helpline.
• Remember your card

REMEMBER to take back your credit/debit card after you have completed a transaction.

• Check your monthly statement
Check your monthly credit/debit card statement and reconcile it with your transaction slips. If you discover any discrepancy, contact our UOBM Contact Centre immediately.
• Update us with your latest contact details
Notify the bank of any changes in address or contact number to allow us to contact you promptly for verification of transactions.
• Remember UOBM Contact Centre numbers
Keep UOBM Contact Centre contact numbers for emergency reporting like lost/stolen/misplaced cards or unauthorised transactions.
• If your personal information is compromised

If your personal information has been compromised, please contact the bank immediately.

A Security Phrase is an additional security measure to verify that you are logging into an authentic UOB Business Internet Banking site. Once you have entered a validated User ID, your Security Phrase will be displayed. If you do not see the Security Phrase you created, it is either you have entered the wrong User ID or you have entered a fake website.

• Create a catchy and unique Security Phrase which is meaningful only to you.
• Do not use your User ID or Password as your Security Phrase.
• Always ensure the correct Security Phrase is displayed before entering your password.
• Confirm your Security Phrase before entering your password.
• Do not enter your Password if the Security Phrase is not yours.
• Do not enter your Password if you do not see your Security Phrase.

1. Create unique password that are alphanumerical and cannot be easily guessed. For example, a weak password is a combination of your name and birthday.
2. Always type the link/URL address when you are visiting your banking website or any Internet account. Do not simply click on email links.
3. If you are logging into a secure site (ie. Internet Banking account site), the website address will change from "http://" to https://. You should also look out for the security icon which is a lock or a key.

1. Keep your computer systems up-to-date with the latest anti-virus software.
2. Avoid using public computers at libraries or cyber cafes for your Internet Banking needs.
3. Never reveal your personal or financial information in an email, even if the recipient is someone close to you.
4. Avoid software claiming to "auto-complete" your online forms. These kinds of software give scammers a chance to easily access your personal and sensitive information.
5. Always ensure that you only key in OTP generated from digital token or physical token for your intended transaction(s).
6. Always contact the Bank if you discover any irregular/suspicious activities in your account(s).
7. Always log out when you have finished your banking session and clear your cache immediately.

For Google Chrome 50 and above

• On your browser toolbar, click 'More Tools' followed by 'Clear browsing data'
• In the 'Clear browsing data' box, click the following checkbox for:
  • Cookies and other site and plugin data
  • Cached images and files
• Use the menu at the top to select the amount of data that you want to delete. Choose 'the beginning of time'
• Click 'Clear browsing data'

For Safari 10 and above

• Select 'History' followed by 'Clear history'
• Under 'clear', select 'all history'
• Click 'Clear History'