Always stay on the alert and ignore such scam attempts. We would like to reassure you that UOB Malaysia’s senior management and employees will never request you to disclose your account details or personal identification (PIN) numbers over phone calls, text messages, social media platforms or emails.
Tips to protect yourself from such scams
- Always ask the sender or the caller to identify themselves (for example, request for their names, employee identification number) and call UOB Call Centre for verification. If you receive calls asking for your banking information, you should hang up and call UOB Malaysia or the authorities immediately
- Ignore unsolicited missed calls or text messages from unknown numbers, Telegram, WhatsApp, Facebook and other social media platforms
- Do not call phone numbers, click on URL links, or scan QR codes in unsolicited emails, SMSes, or messages via other messaging applications;
- Never disclose your personal or internet banking details to anyone; and
- Report to the Bank or the relevant authorities immediately of any suspicious message and/or call received whereby the sender/caller is harassing or pressuring you to make a transaction, or investment
- If you are unsure of the message and/or call that you have received, or have inadvertently disclosed your personal or bank information, please inform our 24-Hour Call Centre at 03-26128 100 immediately. You may also find our Call Centre numbers at the back of your UOB Card or in your monthly statement
TAC (Transaction Authorisation Code), also known as OTP (One Time Password) is an online/mobile banking security feature to protect your account from unauthorised use. A TAC will be sent to you via SMS to your registered mobile phone number to verify that you are the rightful person performing the transaction.
Scammers will first try to get hold of the account holder's online banking username, password and contact details.
Once they have the above information, they will still require the TAC generated from the account holder's mobile phone to perform online transfer.
To get the TAC, the scammers would contact the genuine account holder and dupe him or her into revealing the TAC via phone call by convincing him or her that they have wrongly registered the genuine account holder’s mobile number as theirs.
The unsuspecting account holders would reveal the TAC to the scammers, who would then use it to start transferring money from the account.
Tips to protect yourself |
|
How a phishing email might work
- Potential victims would be asked to click on a link or button such as "Stop Request Now"
- This redirects them to a fake website for disclosure of confidential information (e.g. user ID, password, One-Time Passwords,etc).
- Once such confidential information is disclosed, the fraudsters would then use the information to transfer money out of the victims' bank account.
The victims would also receive SMS alerts notifying them of the successful fund transfers to unknown payees.
Here is how a phishing email could look like.
Tips to protect yourself from such phishing email scams |
|
He "alerts" you of "missing money" or that your banking account has been compromised by possible scams. To rectify your losses or to prevent the "scams", he will instruct you to perform a banking transaction to a third-party account.
There also have been reports of phone scams where individuals have received automated voice calls requesting them to enter numbers on their phones which will then connect them to a "telephone operator" or "bank employee".
From there, the "telephone operator" or "bank employee" may request for personal information, and then transfer their call to another person who may claim to be a "police officer". Individuals may then be instructed to submit confidential information such as bank account numbers, internet banking usernames, passwords and One Time Passwords (OTPs) on a website.
Using the information acquired, the perpetrator will then initiate a funds transfer to an unknown third-party account.
Tips to protect yourself from such phone scams |
|
Scammers will randomly send out SMS messages to the public offering low interest rates from the bank for personal loans or other similar "offers". These SMS messages contain a phone contact for interested individuals to call.
If the individual calls that number, the perpetrator will attempt to get him or her to disclose confidential information such as bank account numbers, internet banking usernames, passwords and One Time Passwords (OTPs), which will then be used to initiate a funds transfer out of the individual's bank account.
Some scammers will also request customer to transfer a minimal "processing fee" to an unknown third-party account.
We advise customers to do the following when they receive such SMS messages |
|
This malware is spread through phishing emails with malicious attachment. When the said malicious attachment is opened, the malware infects the customers' computers or devices.
Once customers' computers or devices are infected, the malware will attempt to steal the customers' login and authorisation credentials (such as User ID, Password, One Time Password) by altering the flow of logging on to the UOB website.
After the first login page, it will show a message "We are currently processing your information, please wait...." which does not exist in the legitimate UOB website.
Symptoms that your computer could possibly be infected with Malware
- Prompt to input your login credential multiple times even if your supplied information is correct.
- Sudden slowness in your computer and/or requests you to wait while the system is processing for an extended time.
- Unusual logon/authorisation procedures and/or re-direct to the unfamiliar website.
How can I protect against Malware? |
|
Please be assured that UOB's Internet and Mobile Banking systems are not affected by the OpenSSL bug.
UOB would like to use this opportunity to encourage our customers to adopt the following best practices to safeguard their passwords for a safe and secure online banking experience. Customers should:
- Use a different username and password for their online banking accounts from other non-banking related accounts.
- Select a password that is at least eight characters long, contains alphanumeric characters and does not repeat any character.
- Change their passwords regularly, at least once every three months.
- Not reveal their account username or password to anyone.
- Disable the “Auto Complete” function on the browser to avoid theft of information.
If you encounter any suspicious activities in relation to your account(s), please contact our 24-Hour Call Centre at 03-26128 121 immediately. You may also find our Call Centre numbers at the back of your UOB Card or in your monthly statement.
Spyware often appears on websites with free music, movies, or games for download. Malware (such as a Trojan Horse) disguises as an email attachment like a document or photo file. It will then gain access to your personal information. Mobile device malwares are also on the rise, stealing information such as SMS OTP to complete banking transactions through Internet Banking or Credit Cards.
You know you have spyware on your computer/mobile device if:
- You see pop-up advertisements even when you're not connected to the Internet.
- The page your Web browser first opens to (your home page); or your browser search settings have changed without your knowledge.
- You notice a new toolbar in your browser that you didn't want, and find it difficult to get rid of.
- Your device takes longer than usual to complete certain tasks.
- You experience a sudden rise in crashes.
For the latest updates on spyware, malware and security threats, please visit MyCERT (Malaysian Computer Emergency Response Team).
Tips to protect yourself from such phone scams |
For mobile devices:
|
Some examples of online shopping scams are:
- Failure to deliver goods after payment has been received.
- In the place of the original products purchased, counterfeit products are delivered.
- Phishing websites and pop-up advertisement via social media and instant messaging platforms.
Be alert if
- The item’s price appears to be too good to be true.
- Only time-limited offers are available in the select.
- The seller requests immediate payment or a transfer of funds.
So what precautions can you take to avoid falling prey to this scam?
- Use only reputable and secure online source/platforms.
- Make payments through reputable online shopping platforms.
- Do not fall for low price offers or prices that seem too good to be true.
- Before doing business, read the testimonials and reviews on the seller’s profile.
Use the PDRM CCID "Semakmule Portal"(https://ccid.mp.gov.my/semakmule/) to look up for the seller's bank account numbers.
If you have encountered suspicious online activities, please contact the nearest police station and file a police report immediately:
• https://semakmule.rmp.gov.my • CCID Infoline: 013-211 1222 (WhatsApp) • CCID Scam Response Centre: 03-2610 1559 / 1599 • Jabatan Siasatan Jenayah Komersil, Polis Diraja Malaysia |
If you believe that your banking information is compromised or that there has been an unauthorized breach or transaction on your account, you should notify the Bank immediately.