Beware of phishing emails purportedly from UOB

There have been reports of people being tricked by phishing emails recently. Victims would receive phishing emails purportedly from the Bank, informing them that someone had logged into their account – please refer to sample of such an email below:

Victims would be asked to click on a link or button such as "Stop Request Now" which then redirects them to a fake website for disclosure of confidential information (e.g. user ID, password, One-Time Passwords, etc).

Once such confidential information is disclosed, the fraudsters would use the information to transfer money out of the victims' bank accounts. The victims would also receive SMS alerts notifying them of the successful fund transfers to unknown payees

To protect yourself:

  1. Do not click on the link or the button in the email. By hovering your mouse pointer over the link or button, you are able to see the actual hyperlinked internet address, which could be a fake website's internet address. (Where emails are read on mobile phones, pressing and holding on the link for a while would reveal the actual internet address).
  2. Do not download or open any attachment in the suspicious email.
  3. Do not provide your confidential information such as your user ID, password, One-Time Password, etc. Please note that the Bank will never ask you for confidential information through email or phone.
  4. If you have inadvertently provided such information, immediately login to your Internet banking account to change your password.

Should you suspect your account has been compromised, please contact your relationship manager or local branch.

How can I protect against Malware?

Customers should always

  • promptly check the relevant notifications and account statements/advice,
  • check the date and time of their last login to Internet Banking,
  • avoid compromising the mobile platforms (i.e. by jail-breaking or rooting), and take precautions when installing and updating mobile applications and operating systems of mobile platforms
  • notify the bank as soon as possible upon detection of unusual transactions or activity (e.g. suspicious pop-up screens or abnormal Internet Banking login steps)
Security Alert: Malware "Dyreza"

A malware, Dyreza has been recently found spreading which may affect the legitimacy of banking websites. This malware is spread through phishing emails with malicious attachment. When the said malicious attachment is opened, the malware infects the customers' computers or devices. Once customers' computers or devices are infected, the malware will attempt to steal the customers' login and authorisation credentials (such as User ID, Password, One Time Password) by altering the flow of logging on to the UOB website. After the first login page, it will show a message "We are currently processing your information, please wait...." which does not exist in the legitimate UOB website.

Symptoms that your computer could possibly be infected with Malware

  • Prompt to input your login credential multiple times even if your supplied information is correct
  • Sudden slowness in your computer and/or requests you to wait while the system is processing for an extended time.
  • Unusual logon/authorisation procedures and/or re-direct to the unfamiliar website.


How can I protect against Malware?

  • Always protect your computer by using an anti-virus/anti-malware software and keep it updated with the latest anti-virus. Scan your computers regularly.
  • Do not download or open attachments in suspicious emails.
  • Never reply to unsolicited emails.
  • Avoid accessing unknown and unsecured websites.
  • If you suspect that your computer has been infected by malware, please scan your computer with latest anti-virus/anti-malware software and refrain from using banking websites until your computer is cleaned.
  • Check your last login and transaction history regularly for any abnormal transactions.

UOB would like to assure you that our internet banking systems are secure.  Please contact UOB helpline immediately, if you notice unknown transactions appearing on your account.

Security Alert: Vulnerability in Secured Sockets Layer 3.0 (SSL 3.0
A vulnerability known as “POODLE” has recently been discovered on SSL 3.0 used by older versions of web browsers such as Internet Explorer 6.

In view of this vulnerability, we will not be supporting older versions of web browsers as of 21/11/14.

We recommend customers to download and install the latest versions of your web browsers to ensure optimal user experience.

UOB would like to encourage our customers to take the following steps to safeguard your passwords for a safe and secure online banking experience.

  • Use a username and password for your online banking account(s) that is different from other non-banking related accounts.
  • Select a password that is at least eight characters long, contains alphanumeric characters and does not have any repeated characters.
  • Change your passwords regularly, at least once every three months.
  • Disable the “Auto Complete” function on your web browser to avoid theft of information.
  • Do not disclose your username or password to anyone.
If you encounter any suspicious activity in relation to your account(s) or require any assistance, please contact your relationship manager or local branch.

Security Advisory: Internet Explorer
A security flaw has been discovered on Internet Explorer browsers versions 6 to 11 (IE6 to IE11).

If you are using these versions of Internet Explorer, you should consider using alternative browsers such as Google Chrome, Safari (for Mac users) or Mozilla Firefox to access the internet and UOB Business Internet Banking (BIB) service.

Please note that any patches to IE browsers are automatically updated if the automatic updating feature on the browser has been turned on. If you have previously disabled that feature, you can refer to the steps found on the Microsoft website – “Turn automatic updating on or off” to enable your computer to automatically update your browser.

For more information on the security flaw, you can find it on Microsoft's website or the Singapore Computer Emergency Response Team (SingCERT).

Java Alert
Please do not perform auto-update to the latest Java 7 Update 55 version or above.

Security Alert: OpenSSL Bug (HeartBleed)
A bug has recently been discovered in OpenSSL, a software that protects sensitive data online.

Please be assured that UOB's Business Internet Banking system is not affected by the OpenSSL bug.

UOB would like to use this opportunity to encourage our customers to adopt the following best practices to safeguard their passwords for a safe and secure online banking experience. Customers should:

  1. use a different username and password for their online banking accounts from other non-
    banking related accounts.
  2. select a password that is at least eight characters long, contains alphanumeric characters and does not repeat any character.
  3. change their passwords regularly, at least once every three months.
  4. not reveal their account username or password to anyone.
  5. disable the “Auto Complete” function on the browser to avoid theft of information

If you encounter any suspicious activity in relation to your account(s) or require any assistance, please contact your relationship manager or local branch.

Security Advisory: Malware
A malware stealing login and transaction authorisation information from internet and mobile banking websites and applications is circulating. Stay vigilant when accessing your account.



Copyright © 2018 United Overseas Bank Limited Co. Reg. No. 193500026Z. All Rights Reserved.