UOB Security Alerts

Latest Online Threats

TAC Scams

Scammers would usually call the victim and say that they registered the wrong mobile number and that their TAC (Transaction Authorisation Code), also known as OTP (One Time Password) was accidentally sent to the victim instead.

Show moreShow less

Phishing Scams or Fake emails

Scammer disguises as a bank and sends you an 'urgent email', which persuades you into opening an attached link.

Show moreShow less

Phone Scams

Scammers disguise themselves as banks authorities or someone you can trust and requested you to transfer funds to an unknown third party account.


Show moreShow less

TAC (Transaction Authorisation Code), also known as OTP (One Time Password) is an online/mobile banking security feature to protect your account from unauthorised use. A TAC will be sent to you via SMS to your registered mobile phone number to verify that you are the rightful person performing the transaction.

Scammers will first try to get hold of the account holder's online banking username, password and contact details.

Once they have the above information, they will still require the TAC generated from the account holder's mobile phone to perform online transfer.

To get the TAC, the scammers would contact the genuine account holder and dupe him or her into revealing the TAC via phone call by convincing him or her that they have wrongly registered the genuine account holder’s mobile number as theirs.

The unsuspecting account holders would reveal the TAC to the scammers, who would then use it to start transferring money from the account.


Tips to protect yourself

  • Never reveal your personal online banking details such as username, password or bank account information including your TAC to anyone anyone even if the party requesting for such information claims to be from financial institution, Bank Negara Malaysia or other authorities.

  • Register for Mighty Secure and turn your smartphone into a digital security token to enjoy easy, secured and convenient authentication of Personal Internet Banking and UOB Mighty transactions without the need for SMS-OTP. For enhanced security, all open transactions of RM10,000 and above performed via Personal Internet Banking and UOB Mighty must be authenticated with Mighty Secure.

  • Inform the bank. If you are unsure of the call you have received, or have inadvertently disclosed your personal or bank information, please inform our 24-Hour Call Centre at 03-26128 121 immediately. You may also find our Call Centre numbers at the back of your UOB Card or in your monthly statement.



How a phishing email might work

  • Potential victims would be asked to click on a link or button such as "Stop Request Now"
  • This redirects them to a fake website for disclosure of confidential information (e.g. user ID, password, One-Time Passwords,etc).
  • Once such confidential information is disclosed, the fraudsters would then use the information to transfer money out of the victims' bank account.

The victims would also receive SMS alerts notifying them of the successful fund transfers to unknown payees.

Here is how a phishing email could look like.









Tips to protect yourself from such phishing email scams

Browsers Security


  • Do not click on links or buttons in such emails
    By hovering your mouse pointer over the link or button, you are able to see the actual hyperlinked internet address, which is usually a fake website’s internet address. (Where emails are read on mobile phones, pressing and holding on the link for a while would reveal the actual internet address).

  • Always type the website URLs on the address bar.

  • Always confirm the Authenticity of the login page by clicking on the lock or key to ensure the web certificate is issued to either www.uobgroup.com or pib.uob.com.my.

  • Do not download or open any attachment in suspicious emails.

  • Do not provide your confidential information over email or phone
    Please note that the Bank will never ask you for confidential information(such as your user ID, password, One-Time Password, etc) through email or phone.

  • Never enter your password if you did not see your Secret Word when you try to login.

  • Change password and report immediately
    If you have inadvertently provided such information, immediately login to your Internet banking account to change your password. Should you suspect that your account has been compromised, please inform our 24-Hour Call Centre at 03-26128 121. You may also find our Call Centre numbers at the back of your UOB Card or in your monthly statement.



He "alerts" you of "missing money" or that your banking account has been compromised by possible scams. To rectify your losses or to prevent the "scams", he will instruct you to perform a banking transaction to a third-party account.

There also have been reports of phone scams where individuals have received automated voice calls requesting them to enter numbers on their phones which will then connect them to a "telephone operator" or "bank employee".

From there, the "telephone operator" or "bank employee" may request for personal information, and then transfer their call to another person who may claim to be a "police officer". Individuals may then be instructed to submit confidential information such as bank account numbers, internet banking usernames, passwords and One Time Passwords (OTPs) on a website.

Using the information acquired, the perpetrator will then initiate a funds transfer to an unknown third-party account.


Tips to protect yourself from such phone scams

  • Ask the caller to identify you personally and opt to call back to our UOB Call Centre.

  • Ignore unsolicited missed calls or text messages from unknown numbers.

  • Never give out personal information over the phone, unless you are making the call yourself.

  • Inform the bank. If you are unsure of the call you have received, or have inadvertently disclosed your personal or bank information, please inform our 24-Hour Call Centre at 03-26128 121 immediately. You may also find our Call Centre numbers at the back of your UOB Card or in your monthly statement.


SMS Scams

Victims will receive SMS messages about low interest rates offering from the bank for personal loans or other similar "offers". These SMS messages contain a phone contact for interested individuals to call.

Show moreShow less

Money Game Scam

Show moreShow less

Security Alert: Malware "Dyreza"

A malware, Dyreza has been recently found spreading which may affect the legitimacy of banking websites.

Show moreShow less

Scammers will randomly send out SMS messages to the public offering low interest rates from the bank for personal loans or other similar "offers". These SMS messages contain a phone contact for interested individuals to call.

If the individual calls that number, the perpetrator will attempt to get him or her to disclose confidential information such as bank account numbers, internet banking usernames, passwords and One Time Passwords (OTPs), which will then be used to initiate a funds transfer out of the individual's bank account.

Some scammers will also request customer to transfer a minimal "processing fee" to an unknown third-party account.


We advise customers to do the following when they receive such SMS messages

  • Be alert. Do not provide any personal information, bank account information (including user ID, password and OTP) and credit card details on websites or to the callers.

  • Be safe. Do not transfer any money to any unknown party.

  • Inform the bank. If you are unsure of the SMS you have received, or have inadvertently disclosed your personal or bank information, please inform our 24-Hour Call Centre at 03-26128 121 immediately. You may also find our Call Centre numbers at the back of your UOB Card or in your monthly statement.


Be wary of schemes that promise unrealistic and abnormally high returns. Remember, if it sounds too good to be true, it probably is.





For more information, visit here.


This malware is spread through phishing emails with malicious attachment. When the said malicious attachment is opened, the malware infects the customers' computers or devices.

Once customers' computers or devices are infected, the malware will attempt to steal the customers' login and authorisation credentials (such as User ID, Password, One Time Password) by altering the flow of logging on to the UOB website.

After the first login page, it will show a message "We are currently processing your information, please wait...." which does not exist in the legitimate UOB website.

Symptoms that your computer could possibly be infected with Malware

  • Prompt to input your login credential multiple times even if your supplied information is correct.

  • Sudden slowness in your computer and/or requests you to wait while the system is processing for an extended time.

  • Unusual logon/authorisation procedures and/or re-direct to the unfamiliar website.


How can I protect against Malware?

  • Always protect your computer by using an anti-virus/anti-malware software and keep it updated with the latest anti-virus. Scan your computers regularly.

  • Do not download or open attachments in suspicious emails.

  • Never reply to unsolicited emails.

  • Avoid accessing unknown and unsecured websites.

  • If you suspect that your computer has been infected by malware, please scan your computer with latest anti-virus/anti-malware software and refrain from using banking websites until your computer is cleaned.

  • Check your last login and transaction history regularly for any abnormal transactions.
UOB would like to assure you that our internet banking systems are secure. Please contact our 24-Hour Call Centre at 03-26128 121 immediately, if you notice unknown transactions appearing on your account.


Security Alert: OpenSSL Bug (HeartBleed)

A bug has recently been discovered in OpenSSL, a software that protects sensitive data online.

Show moreShow less

Spyware / Malware

Spyware often appears on websites with free music, movies, or games for download. Malware disguises as an email attachment like a document or photo file.

Show moreShow less
Safety Tips for Online Banking

Safety Tips for Online Banking

Always practice safety while performing online transactions

Show moreShow less

Please be assured that UOB's Internet and Mobile Banking systems are not affected by the OpenSSL bug.

UOB would like to use this opportunity to encourage our customers to adopt the following best practices to safeguard their passwords for a safe and secure online banking experience. Customers should:

  • Use a different username and password for their online banking accounts from other non-banking related accounts.

  • Select a password that is at least eight characters long, contains alphanumeric characters and does not repeat any character.

  • Change their passwords regularly, at least once every three months.

  • Not reveal their account username or password to anyone.

  • Disable the “Auto Complete” function on the browser to avoid theft of information.

If you encounter any suspicious activities in relation to your account(s), please contact our 24-Hour Call Centre at 03-26128 121 immediately. You may also find our Call Centre numbers at the back of your UOB Card or in your monthly statement.


Spyware often appears on websites with free music, movies, or games for download. Malware (such as a Trojan Horse) disguises as an email attachment like a document or photo file. It will then gain access to your personal information. Mobile device malwares are also on the rise, stealing information such as SMS OTP to complete banking transactions through Internet Banking or Credit Cards.

You know you have spyware on your computer/mobile device if:

  • You see pop-up advertisements even when you're not connected to the Internet.

  • The page your Web browser first opens to (your home page); or your browser search settings have changed without your knowledge.

  • You notice a new toolbar in your browser that you didn't want, and find it difficult to get rid of.

  • Your device takes longer than usual to complete certain tasks.

  • You experience a sudden rise in crashes.

For the latest updates on spyware, malware and security threats, please visit MyCert (Malaysian Computer Emergency Response Team).


Tips to protect yourself from such phone scams

  • Update your computer systems regularly with the latest anti-virus software.

  • Know your Internet sources. Be wary of download requests from the Internet.

  • Keep separate IDs and Passwords for multiple online accounts and change your passwords regularly.

For mobile devices:

  • Verify an app's permission and the app's author or publisher before installing it.

  • Do not click on adware or suspicious URL sent through SMS/messaging services. Malware could be attached to collect user's information.

  • Addresses on mobile sites may appear differently from desktop browser, make sure to verify it first.

  • Always run a reputable anti-virus on your mobile devices, and keep it up to date regularly.

  • Do not use public Wi-Fi networks for bank transactions and turn off Bluetooth connection when not in use.

  • Update the operating system and applications on mobile devices, including the browser, in order to avoid any malicious exploits of security holes in out-dated versions.

  • Do not root or 'Jailbreak' your phone; avoid side loading (installing from non-official sources) when you can.


Mule Account

Mule Account

Be vigilant and do not fall victim to mule account scams.

Show moreShow less

For more information, visit here.


Credit Card & Personal Loan Scams

Credit Card Scams

Beware of Phone Scam

Show moreShow less

Personal Loan Scams

Scammers disguises as UOB agent to prey customers into applying Personal Loan

Show moreShow less
E-Wallet Scams

E-Wallet Scams

Scammers disguise as e-wallets representatives to mislead victims into revealing their account/card details & OTP/TACs.

Show moreShow less

In most cases, customers either received SMS or telephone call requesting them to confirm a credit card transaction that has been charged to customer’s credit card. When customer calls the telephone number provided in the SMS or responds to the telephone call, the fraudsters will identify themselves as officer of the bank and inform them on the credit card transactions that has taken place. Then the fraudster will request customer to confirm on the transactions.


Should customer denied on the transaction or had no such credit card, the fraudster will start to sound concerned and advise customer to lodge a report to Bank Negara Malaysia by providing another phone number or offered to transfer the calls to another fraudster claimed to be a Bank Negara Malaysia officer.


This ‘BNM officer’ impostor will request for customer’s banking information such as credit cards accounts, savings accounts, NRIC number and pretend to be lodging a complaint on behalf of the customer. The impostor will then advise customer to withdraw their available credit limit from his/her existing credit card account as cash advance and subsequently transfer to a third party account  in order to prevent any unauthorized charge or future transfer.  


Tips to protect yourself from phone scam:

  1. Do not respond to SMS or call from unknown person asking for your credit card details.
  2. Be sceptical, the bank or Bank Negara Malaysia will never ask you to provide your credit/debit card details through phone.
  3. Do not transfer money to any unknown party.

Tips to protect your-self from personal loan scams

  • Note that UOB DOES NOT require customers to pay any “Processing Fees” for personal loan applications.
  • DO NOT transfer your money into any unknown third party account if requested by such agents/staff for any such processing fees

Scammers will disguise as UOB agents or staff to mislead/con /cheat unsuspecting customers into applying for a Personal Loan with United Overseas Bank (Malaysia) Bhd and will subsequently request customers to transfer money into a personal account as a processing fee.

Scammers will also provide either a fake letter of offer, fake cheque (purportedly issued by UOB) as proof of loan approval, or fake UOB business card in order to appear legitimate.




Scammers will randomly send out messages via SMS or other mobile messenger platforms (etc Whatsapp, Wechat, Facebook, Instagram) to the public informing that they’ve won a prize/contest for an e-wallet app (example Boost, Bigpay, Touch & Go, Shopee) with a cash/rebate reward.


The scammer will request the victim to disclose their banking details such as account/credit card details and the One-Time Password (OTP)/Transaction Authentication Code (TAC) in order to redeem the prize.

Once the victim reveals the account/credit card details, the scammers will use it make online purchases & the OTP/TACs will be generated to customer’s hand-phone. 


The scammer will then mislead the victim by stating that the OTP/TACs are for validating the prize money transfer into the victim’s account. Once the victim reveals the OTP/TAC, the scammer will be able to successfully validate the transactions & complete the purchase.


We advise customers to be ALERT when receiving such SMSes.

  • DO NOT be tempted or misled by any offers from an unsolicited & unverified caller / sender.
  • DO NOT respond to any contact numbers or website links provided in such SMSes.
  • DO NOT disclose any banking information (etc account/card numbers, OTP/TAC) to an unknown caller / sender.
  • ALERT THE BANK. If you are unsure of the SMSes that you’ve received, or have inadvertently revealed your personal or bank information, please inform our 24-hour Contact Centre at 03- 26128 121 immediately. You may also find our Contact Center numbers on the back of your UOB Card or in the monthly statement.


Safeguard your credit/debit card

How to safeguard your credit/debit card and PIN

Show moreShow less

At the point of transaction

Show moreShow less

At the ATM

Show moreShow less
  • Keep your cards & PIN safe and secure always.
    Keep your cards and PIN safe and secure at all times including your place of residence. Do not leave your cards unattended.
  • Do not lend your card to anyone.
    Do not lend your card and PIN to anyone as your card and PIN is exclusively for your own usage.
  • Don’t forget the unused cards.
    As you may have more than one card, REMEMBER to keep your unused card(s) in a secure place.
  • Sign your card
    Upon receipt of your card, immediately sign on the signature panel using a non- erasable ballpoint pen.
  • Tampered package
    In the event the sealed package containing your credit/debit card has been tampered with or compromised, please contact UOBM Call Centre immediately.
  • Don’t leave your valuables in the car
    Never leave your card in your wallet or handbag unattended in your car when you go jogging, swimming, hiking, etc even if your car is locked or armed with security alarm and especially when your car is parked outside the compound of the house.
  • Destroy your card properly
    Destroy your card properly by cutting across the magnetic stripe and the chip in the event you wish to cancel your card.
  • Call the bank
    If you suspect your card is lost/stolen/misplaced, immediately call the bank to put a STOP status. You may call the bank later to release the STOP status if you have found your card or you may request the bank to issue you a replacement card once you have confirmed your card is lost or stolen.
  • Never compromised your PIN
    Your credit / debit card PIN is to be used only for face-to-face purchases, cash withdrawals, and UOB Personal Internet Banking registration or reset password. Do not use the same PIN for any other third-party websites that require your credit / debit card PIN for validation. This is to prevent your PIN from being compromised.
  • Check slip details
    Check the details on the transaction slip before signing to prevent any unauthorised charges.
  • Is that your card?
    Ensure that it is your credit/debit card that is returned to you after a purchase.
  • At petrol kiosks
    REMEMBER to take your credit/debit card back after you have completed a transaction at a Self-Service Petrol Kiosk.
  • Don’t leave your card behind
    DO NOT leave your credit/debit card to the cashier at drinking places (i.e. bar and pubs) for running bills, as unauthorised transactions may take place.
  • Be careful online
    Never reveal or input your credit/debit card information in an unsecured website.
  • Pay attention to bank SMS alerts
    Pay special attention to transaction SMS alerts from the bank. Immediately report to the bank when you receive an SMS alert for a transaction that is not authorised by you.
  • Don’t sign on blank slips
    DO NOT sign on a blank transaction slip to prevent unauthorised billings.
  • Destroy mutilated sales draft
    Destroy any altered or mutilated sales drafts before throwing them away.
  • Use cards responsibly
    Never use your cards for any unlawful activity
  • Keep your receipts
    Keep your receipts and use them to check entries against your bank statement/passbook regularly.
  • Be alert at any ATM
    Be alert and vigilant when conducting transactions at any ATM, and be sure not to be distracted by strangers.
  • Be mindful
    Be mindful when entering your PIN in the presence of others near the ATM.
  • Memorise your PIN
    Memorise your PIN, and then destroy the PIN notification.
  • Change your PIN
    Change your PIN periodically.
  • Never give your card to anyone
    Never give your card to anyone or allow a third party to transact on your behalf.
  • Watch out for foreign devices
    DO NOT use the ATM if you see unusual or foreign devices attached to the machine or suspicious persons loitering near your ATM location. Report such incidences to the bank immediately.
  • If card is withheld by ATM
    If your card is withheld by the ATM, report it immediately to our UOBM Contact Centre or our branch stuff.
  • Call our helpline
    DO NOT accept any offers of assistance with the ATM from strangers. If you need help, use the phone located at the ATM machines to contact our helpline.
  • Remember your card
    REMEMBER to take back your credit/debit card after you have completed a transaction.

Check your monthly statements & update your details

Show moreShow less
  • Check your monthly statement
    Check your monthly credit/debit card statement and reconcile it with your transaction slips. If you discover any discrepancy, contact our UOBM Contact Centre immediately.
  • Update us with your latest contact details
    Notify the bank of any changes in address or contact number to allow us to contact you promptly for verification of transactions.
  • Remember UOBM Contact Centre numbers
    Keep UOBM Contact Centre contact numbers for emergency reporting like lost/stolen/misplaced cards or unauthorized transactions.
  • If your personal information is compromised.
    If your personal information has been compromised, please contact the bank immediately.

Stay Safe Online

Secret Word

What is a Secret Word?

Show moreShow less

Create Your Secret Word

Show moreShow less

Tips to safeguard your Personal Internet Banking

Show moreShow less

A Secret Word is an additional security measure to verify that you are logging into an authentic UOB Personal Internet Banking site.

Once you have entered a validated User ID, your Secret Word will be displayed. If you do not see the Secret Word you created, it is either you have entered the wrong User ID or you have entered a fake website.


Your Secret Word can contain: 

  • Between 5 - 25 characters (including spacing) 
  • Alphanumeric, special characters, completely made out of alphabets, numbers or special characters
  • No restrictions on upper and lowercase alphabets
  • A single spacing between words is allowed
  • Your Secret Word must not start or end with a space




Not Allowed


Reasons Not Allowed





Spacing before and after the word





More than 25 characters

Ba Ba Black Sheep


Black   Sheep


More than 1 spacing between word

123456789 9 Me! 3 Less than 3 characters
123+ minions! 13      
elviskingofrocknroll 20      



  • Create a catchy and unique secret phrase which is meaningful only to you
  • Do not use your User ID or Password as your Secret Word
  • Always ensure the correct Secret Word is displayed before entering your password
  • Confirm your Secret Word before entering your password
  • Do not enter your Password if the Secret Word is not yours
  • Do not enter your Password if you do not see your Secret Word


Good practices to protect yourself online

Show moreShow less

Steps to clear your browsing history and cache

Show moreShow less
  1. Create unique password that are alphanumerical and cannot be easily guessed. For example, a weak password is a combination of your name and birthday.
  2. Always type the link/URL address when you are visiting your banking website or any Internet account. Do not simply click on email links.
  3. If you are logging into a secure site (ie. Internet Banking account site), the website address will change from "http://" to https://. You should also look out for the security icon which is a lock or a key.
  4. Keep your computer systems up-to-date with the latest anti-virus software.
  5. Avoid using public computers at libraries or cyber cafes for your Internet Banking needs.
  6. Never reveal your personal or financial information in an email, even if the recipient is someone close to you.
  7. Avoid software claiming to "auto-complete" your online forms. These kinds of software give scammers a chance to easily access your personal and sensitive information.
  8. Always ensure that you only key in TAC for your intended transaction(s).
  9. Always contact the Bank if you discover any irregular/suspicious activities in your account(s).
  10. Always log out when you have finished your banking session and clear your cache immediately.


For Internet Explorer 10 and above

  • Select 'Tools' in the upper right-hand corner.
  • Select 'Safety' followed by 'Delete Browsing History'
  • In the 'Delete Browsing History' click the following checkbox for:
    • Temporary Internet files
    • Cookies
  • Make sure to uncheck 'Preserve Favorites website data'
  • Click 'Delete' button.


For Google Chrome 50 and above

  • On your browser toolbar, click 'More Tools' followed by 'Clear browsing data'
  • In the 'Clear browsing data' box, click the following checkbox for:
    • Cookies and other site and plugin data
    • Cached images and files
  • Use the menu at the top to select the amount of data that you want to delete. Choose 'the beginning of time'
  • Click 'Clear browsing data'


For Safari 10 and above

  • Select 'History' followed by 'Clear history'
  • Under 'clear', select 'all history'
  • Click 'Clear History'


24-Hour UOB Contact Centre

If you believe that your banking information is compromised or that there has been an unauthorised breach or transaction on your account, you should notify the Bank immediately by calling our 24-Hour UOB Contact Centre.

  • Kuala Lumpur
(03 - 26128 121)
  • Pulau Pinang
(04 - 2401 121)
  • Johor Bahru
(07 - 2881 121)
  • Kuching
(082 - 287 121)
  • Kota Kinabalu
(088 - 477 121)

You may also find our Contact Centre numbers at the back of your UOB Card or in your monthly statement.