How you can protect yourself

Always stay on the alert and ignore such scam attempts. We would like to reassure you that UOB Malaysia’s senior management and employees will never request you to disclose your account details or personal identification (PIN) numbers over phone calls, text messages, social media platforms or emails.

Tips to protect yourself from such scams

• Always ask the sender or the caller to identify themselves (for example, request for their names, employee identification number) and call UOB Call Centre for verification. If you receive calls asking for your banking information, you should hang up and call UOB Malaysia or the authorities immediately
  
  
• Ignore unsolicited missed calls or text messages from unknown numbers, Telegram, WhatsApp, Facebook and other social media platforms
  
  
• Do not call phone numbers, click on URL links, or scan QR codes in unsolicited emails, SMSes, or messages via other messaging applications;
  
  
• Never disclose your personal or internet banking details to anyone; and
  
  
• Report to the Bank or the relevant authorities immediately of any suspicious message and/or call received whereby the sender/caller is harassing or pressuring you to make a transaction, or investment
  
  
• If you are unsure of the message and/or call that you have received, or have inadvertently disclosed your personal or bank information, please inform our 24-Hour Call Centre at 03-26128 100 immediately. You may also find our Call Centre numbers at the back of your UOB Card or in your monthly statement

TAC (Transaction Authorisation Code), also known as OTP (One Time Password) is an online/mobile banking security feature to protect your account from unauthorised use. A TAC will be sent to you via SMS to your registered mobile phone number to verify that you are the rightful person performing the transaction.

Scammers will first try to get hold of the account holder's online banking username, password and contact details.

Once they have the above information, they will still require the TAC generated from the account holder's mobile phone to perform online transfer.

To get the TAC, the scammers would contact the genuine account holder and dupe him or her into revealing the TAC via phone call by convincing him or her that they have wrongly registered the genuine account holder’s mobile number as theirs.

The unsuspecting account holders would reveal the TAC to the scammers, who would then use it to start transferring money from the account.

How a phishing email might work

• Potential victims would be asked to click on a link or button such as "Stop Request Now"
• This redirects them to a fake website for disclosure of confidential information (e.g. user ID, password, One-Time Passwords,etc).
• Once such confidential information is disclosed, the fraudsters would then use the information to transfer money out of the victims' bank account.

The victims would also receive SMS alerts notifying them of the successful fund transfers to unknown payees.

Here is how a phishing email could look like.

Tips to protect yourself from such phishing email scams

Do not click on links or buttons in such emails By hovering your mouse pointer over the link or button, you are able to see the actual hyperlinked internet address, which is usually a fake website’s internet address. (Where emails are read on mobile phones, pressing and holding on the link for a while would reveal the actual internet address). Always type the website URLs on the address bar. Always confirm the Authenticity of the login page by clicking on the lock or key to ensure the web certificate is issued to either www.uobgroup.com or pib.uob.com.my. Do not download or open any attachment in suspicious emails. Do not provide your confidential information over email or phone Please note that the Bank will never ask you for confidential information(such as your user ID, password, One-Time Password, etc) through email or phone. Never enter your password if you did not see your Secret Word when you try to login.

He "alerts" you of "missing money" or that your banking account has been compromised by possible scams. To rectify your losses or to prevent the "scams", he will instruct you to perform a banking transaction to a third-party account.

There also have been reports of phone scams where individuals have received automated voice calls requesting them to enter numbers on their phones which will then connect them to a "telephone operator" or "bank employee".

From there, the "telephone operator" or "bank employee" may request for personal information, and then transfer their call to another person who may claim to be a "police officer". Individuals may then be instructed to submit confidential information such as bank account numbers, internet banking usernames, passwords and One Time Passwords (OTPs) on a website.

Using the information acquired, the perpetrator will then initiate a funds transfer to an unknown third-party account.

Scammers will randomly send out SMS messages to the public offering low interest rates from the bank for personal loans or other similar "offers". These SMS messages contain a phone contact for interested individuals to call.

If the individual calls that number, the perpetrator will attempt to get him or her to disclose confidential information such as bank account numbers, internet banking usernames, passwords and One Time Passwords (OTPs), which will then be used to initiate a funds transfer out of the individual's bank account.

Some scammers will also request customer to transfer a minimal "processing fee" to an unknown third-party account.

This malware is spread through phishing emails with malicious attachment. When the said malicious attachment is opened, the malware infects the customers' computers or devices.

Once customers' computers or devices are infected, the malware will attempt to steal the customers' login and authorisation credentials (such as User ID, Password, One Time Password) by altering the flow of logging on to the UOB website.

After the first login page, it will show a message "We are currently processing your information, please wait...." which does not exist in the legitimate UOB website.

Symptoms that your computer could possibly be infected with Malware

• Prompt to input your login credential multiple times even if your supplied information is correct.
  
  
• Sudden slowness in your computer and/or requests you to wait while the system is processing for an extended time.
  
  
• Unusual logon/authorisation procedures and/or re-direct to the unfamiliar website.
  
  
  

Please be assured that UOB's Internet and Mobile Banking systems are not affected by the OpenSSL bug.

UOB would like to use this opportunity to encourage our customers to adopt the following best practices to safeguard their passwords for a safe and secure online banking experience. Customers should:

• Use a different username and password for their online banking accounts from other non-banking related accounts.
  
  
• Select a password that is at least eight characters long, contains alphanumeric characters and does not repeat any character.
  
  
• Change their passwords regularly, at least once every three months.
  
  
• Not reveal their account username or password to anyone.
  
  
• Disable the “Auto Complete” function on the browser to avoid theft of information.

If you encounter any suspicious activities in relation to your account(s), please contact our 24-Hour Call Centre at 03-26128 121 immediately. You may also find our Call Centre numbers at the back of your UOB Card or in your monthly statement.

Spyware often appears on websites with free music, movies, or games for download. Malware (such as a Trojan Horse) disguises as an email attachment like a document or photo file. It will then gain access to your personal information. Mobile device malwares are also on the rise, stealing information such as SMS OTP to complete banking transactions through Internet Banking or Credit Cards.

You know you have spyware on your computer/mobile device if:

• You see pop-up advertisements even when you're not connected to the Internet.
  
  
• The page your Web browser first opens to (your home page); or your browser search settings have changed without your knowledge.
  
  
• You notice a new toolbar in your browser that you didn't want, and find it difficult to get rid of.
  
  
• Your device takes longer than usual to complete certain tasks.
  
  
• You experience a sudden rise in crashes.

For the latest updates on spyware, malware and security threats, please visit MyCert (Malaysian Computer Emergency Response Team).

For more information, visit here.

A “Love Scam” is a type of scam potentially conducted through social media where scammers use romantic words and false promises to deceive and ensnare victims.

Ways to spot the love scam are:

• They live in another country or far from you.
• Their profiles appear to be too good to be true.
• They would be in trouble and would come to you for help, requesting money to help them get through their alleged misery.
• They avoid meeting you in person.
• They frequently use sweet talks and false promises to make you believe they care and then demand money as proof of your love.
• They often trick victims into paying for the release of the never-existing luxury gifts package that would be ‘detained’ by custody.
  
  

Should any member of the public find themselves to have fallen victim to such a scam, please contact the nearest police station and file a police report immediately:

• https://semakmule.rmp.gov.my • National Scam Response Centre at 997 (8am - 8pm, daily) • Jabatan Siasatan Jenayah Komersil, Polis Diraja Malaysia

Some examples of online shopping scams are:

• Failure to deliver goods after payment has been received.
• In the place of the original products purchased, counterfeit products are delivered.
• Phishing websites and pop-up advertisement via social media and instant messaging platforms.
  
  

Be alert if

• The item’s price appears to be too good to be true.
• Only time-limited offers are available in the select.
• The seller requests immediate payment or a transfer of funds.
  
  

So what precautions can you take to avoid falling prey to this scam?

• Use only reputable and secure online source/platforms.
• Make payments through reputable online shopping platforms.
• Do not fall for low price offers or prices that seem too good to be true.
• Before doing business, read the testimonials and reviews on the seller’s profile.
  
  

Use the PDRM CCID "Semakmule Portal"(https://ccid.mp.gov.my/semakmule/) to look up for the seller's bank account numbers.

If you have encountered suspicious online activities, please contact the nearest police station and file a police report immediately:

• https://semakmule.rmp.gov.my • National Scam Response Centre at 997 (8am - 8pm, daily) • Jabatan Siasatan Jenayah Komersil, Polis Diraja Malaysia

In the first campaign, cybercriminals impersonate Law Enforcement Agency (LEA) and regulators informing victims that they have arrears for their company or are subjected to crime and need to freeze their financial account. Victim are then instructed to pay a sum of money to unfreeze the account and download a malicious android application to complete payment.

In the second campaign, the cybercriminals attempt to steal financial credentials using fake websites that pose as legitimate services such as pet store or cleaning services. Victims will be asked to download an android malware from a malicious website to complete the purchase.

To avoid falling victim to such fraud, users of smartphone/mobile devices are advised to:

• Verify an application permission and the application author or publisher before installing it
• Avoid side loading (installing from non-official sources) when you can. If you do need to install Android software from a source other than the trusted marketplace, be sure that it is coming from a reputable source
• Do not click on adware or suspicious URL sent through SMS/messaging services as malicious program could be attached to collect user's information
• Always run a reputable anti-virus on your smartphone/mobile devices, and keep it up to date regularly
• Update the operating system and applications on smartphone/tablet, including the browser, in order to avoid any malicious exploits of security holes in out-dates versions
• Do not root or 'Jailbreak' your phone
  
  

For more information on this threat, please visit MyCERT’s website.

Scammers will impersonate as members of well-known organizations & contact victim via phone calls, messages or email.  Organizations that are often used by them includes (but not limited) government or law enforcement agencies & private corporations such as below;

• Police
• Court official
• LHDN (Income Tax)
• Telco Providers
• POS Laju
• Banks (including Bank Negara)
• Customs
• Malaysian Anti-Corruption Commission (MACC)

The scammers will then inform/accuse victims of being involved in;

• Crime Investigation (example: tax evasion, money laundering, drug trafficking etc.)
• Court hearing or appointment with an enforcement agency.
• Unpaid bills, loans or summonses.
• Suspicious activity on their bank/card accounts
• Pending parcel delivery or unclaimed items/money.

This is to mislead victims into revealing their personal & banking details such as account/credit card details & the One-Time Password (OTP)/Transaction Authentication Code (TAC).

Once the victim reveals these details, the scammers will be able to successfully validate the OTP/TAC to perform any online purchase via the victim’s credit card or transfer money from the victim’s account.

Tips to protect yourself

1. ALWAYS be cautious of such calls, messages or emails from unknown caller/sender.
2. Remain calm & DO NOT panic in regard to the claims put forth by the caller/sender.
3. Do not reveal any information to the caller / sender.
4. Do not call/message any contact that is given by the caller/sender.
5. Always check with the genuine organization via its official contact.
6. ALERT THE BANK. If you are unsure of the call, SMS or email that you’ve received, or have inadvertently revealed your personal or UOB bank information, please inform our 24-hour Contact Centre at 03- 26128 121 immediately. You may also find our Contact Center numbers on the back of your UOB Card or in the monthly statement.

Tips to protect your-self from personal loan scams

• Note that UOB DOES NOT require customers to pay any “Processing Fees” for personal loan applications.
• DO NOT transfer your money into any unknown third party account if requested by such agents/staff for any such processing fees

Scammers will disguise as UOB agents or staff to mislead/con /cheat unsuspecting customers into applying for a Personal Loan with United Overseas Bank (Malaysia) Bhd and will subsequently request customers to transfer money into a personal account as a processing fee.

Scammers will also provide either a fake letter of offer, fake cheque (purportedly issued by UOB) as proof of loan approval, or fake UOB business card in order to appear legitimate.

Scammers will impersonate as E-wallet merchants (BIGPAY, BOOST, Shopee, Lazada, Touch N Go etc.) to obtain victim’s credit card details & the One-Time Password (OTP)/Transaction Authentication Code (TAC) in order to defraud them.

Scammers will deceive victims via phone calls, SMS or emails by claiming that;

• Victim had won a lucky draw/contest with a gift/cash reward.
• Victim is required or entitled to replace /renew / upgrade their e-wallet accounts
• Victim is required to verify /update their latest personal details
• Victim’s e-wallet account is suspected to have been defrauded.

The scammer will then request the victim to disclose their banking details such as account/credit card details and the One-Time Password (OTP)/Transaction Authentication Code (TAC) as a verification process.

Once the victim reveals these details, the scammers will be able to successfully validate the OTP/TAC to perform any online purchase via the victim’s credit card.

Tips to protect yourself

• DO NOT be tempted by any offers from such calls, messages or emails.
• DO NOT disclose any banking information (i.e. account/card numbers, OTP/TAC, etc) to an unsolicited & unverified caller / sender.
• ALWAYS verify with the genuine organization if you have received such calls, messages or emails.
• ALERT THE BANK. If you are unsure of the call,SMS or email that you’ve received, or have inadvertently revealed your personal or UOB bank information, please inform our 24-hour Contact Centre at 03- 26128 121 immediately. You may also find our Contact Center numbers on the back of your UOB Card or in the monthly statement.

Scammers will use popular social media platforms such as Facebook, Instagram, Whatsapp, WeChat, etc to obtain victim’s personal & banking information such as account/ card numbers & One-Time Password (OTP)/Transaction Authentication Code (TAC).

Scammers will use these social media platforms to;

• Post bogus job offers.
• Advertise fake online contests/campaigns or investment schemes.
• Promote malware applications or phishing sites.
• Impersonate as victim’s friend/relative to obtain information.

Once the victim reveals these details, the scammers will be able to successfully validate the OTP/TAC to perform any online purchase via the victim’s credit card or transfer money to the scammer’s account.

Tips to protect yourself

• DO NOT be tempted by any offers/advertisements on social media.
• DO NOT disclose any banking information (i.e. account & card numbers, OTP/TAC, etc.) to another person.
• ALWAYS verify with the genuine organization, friend or relatives if you have received such messages from their respective social media account.
• ALERT THE BANK. If you are unsure of the call, SMS or email that you’ve received, or have inadvertently revealed your personal or UOB bank information, please inform our 24-hour Contact Centre at 03- 26128 121 immediately. You may also find our Contact Center numbers on the back of your UOB Card or in the monthly statement.

• Keep your cards & PIN safe and secure always.
  Keep your cards and PIN safe and secure at all times including your place of residence. Do not leave your cards unattended.

• Do not lend your card to anyone.
  Do not lend your card and PIN to anyone as your card and PIN is exclusively for your own usage.

• Don’t forget the unused cards.
  As you may have more than one card, REMEMBER to keep your unused card(s) in a secure place.

• Sign your card
  Upon receipt of your card, immediately sign on the signature panel using a non- erasable ballpoint pen.

• Tampered package
  In the event the sealed package containing your credit/debit card has been tampered with or compromised, please contact UOBM Call Centre immediately.

• Don’t leave your valuables in the car
  Never leave your card in your wallet or handbag unattended in your car when you go jogging, swimming, hiking, etc even if your car is locked or armed with security alarm and especially when your car is parked outside the compound of the house.

• Destroy your card properly
  Destroy your card properly by cutting across the magnetic stripe and the chip in the event you wish to cancel your card.

• Call the bank
  If you suspect your card is lost/stolen/misplaced, immediately call the bank to put a STOP status. You may call the bank later to release the STOP status if you have found your card or you may request the bank to issue you a replacement card once you have confirmed your card is lost or stolen.

• Never compromised your PIN
  Your credit / debit card PIN is to be used only for face-to-face purchases, cash withdrawals, and UOB Personal Internet Banking registration or reset password. Do not use the same PIN for any other third-party websites that require your credit / debit card PIN for validation. This is to prevent your PIN from being compromised.

• Check slip details
  Check the details on the transaction slip before signing to prevent any unauthorised charges.

• Is that your card?
  Ensure that it is your credit/debit card that is returned to you after a purchase.

• At petrol kiosks
  REMEMBER to take your credit/debit card back after you have completed a transaction at a Self-Service Petrol Kiosk.

• Don’t leave your card behind
  DO NOT leave your credit/debit card to the cashier at drinking places (i.e. bar and pubs) for running bills, as unauthorised transactions may take place.

• Be careful online
  Never reveal or input your credit/debit card information in an unsecured website.

• Pay attention to bank SMS alerts
  Pay special attention to transaction SMS alerts from the bank. Immediately report to the bank when you receive an SMS alert for a transaction that is not authorised by you.

• Don’t sign on blank slips
  DO NOT sign on a blank transaction slip to prevent unauthorised billings.

• Destroy mutilated sales draft
  Destroy any altered or mutilated sales drafts before throwing them away.

• Use cards responsibly
  Never use your cards for any unlawful activity

• Keep your receipts
  Keep your receipts and use them to check entries against your bank statement/passbook regularly.

• Be alert at any ATM
  Be alert and vigilant when conducting transactions at any ATM, and be sure not to be distracted by strangers.

• Be mindful
  Be mindful when entering your PIN in the presence of others near the ATM.

• Memorise your PIN      
  Memorise your PIN, and then destroy the PIN notification.      

• Change your PIN
  Change your PIN periodically.

• Never give your card to anyone
  Never give your card to anyone or allow a third party to transact on your behalf.

• Watch out for foreign devices
  DO NOT use the ATM if you see unusual or foreign devices attached to the machine or suspicious persons loitering near your ATM location. Report such incidences to the bank immediately.

• If card is withheld by ATM
  If your card is withheld by the ATM, report it immediately to our UOBM Contact Centre or our branch stuff.

• Call our helpline
  DO NOT accept any offers of assistance with the ATM from strangers. If you need help, use the phone located at the ATM machines to contact our helpline.

• Remember your card
  REMEMBER to take back your credit/debit card after you have completed a transaction.

• Check your monthly statement
  Check your monthly credit/debit card statement and reconcile it with your transaction slips. If you discover any discrepancy, contact our UOBM Contact Centre immediately.

• Update us with your latest contact details
  Notify the bank of any changes in address or contact number to allow us to contact you promptly for verification of transactions.

• Remember UOBM Contact Centre numbers
  Keep UOBM Contact Centre contact numbers for emergency reporting like lost/stolen/misplaced cards or unauthorized transactions.

• If your personal information is compromised.
  If your personal information has been compromised, please contact the bank immediately.

A Secret Word is an additional security measure to verify that you are logging into an authentic UOB Personal Internet Banking site.

Once you have entered a validated User ID, your Secret Word will be displayed. If you do not see the Secret Word you created, it is either you have entered the wrong User ID or you have entered a fake website.

A Secret Word is an additional security measure to verify that you are logging into an authentic UOB Personal Internet Banking site. Once you have entered a validated User ID, your Secret Word will be displayed. If you do not see the Secret Word you created, it is either you have entered the wrong User ID or you have entered a fake website.

How to Create Your Secret Word:

• Use between 5 to 25 characters, including spaces.
• Combine alphabets, numbers, and special characters (e.g. !@#$%^&*).
• You may use both uppercase and lowercase letters.
• You can include spaces, but only single spacing between words is allowed.
• Make sure the Secret Word does not begin or end with a space.
  
  

Example:

Tips:

• Choose a Secret Word that is unique and easy for you to recognise
• Do not use your User ID or password as your Secret Word
• Always check that your Secret Word appears and is correct before entering your password
• Never enter your password if the Secret Word is missing or incorrect

• Create a catchy and unique secret phrase which is meaningful only to you
• Do not use your User ID or Password as your Secret Word
• Always ensure the correct Secret Word is displayed before entering your password
• Confirm your Secret Word before entering your password
• Do not enter your Password if the Secret Word is not yours
• Do not enter your Password if you do not see your Secret Word

• Choose a strong and unique Secret Word or password that only you would know. Avoid using your User ID or password as your Secret Word. Each time you log in, check that the correct Secret Word is displayed before entering your password. If it looks unfamiliar or is missing, do not proceed.
• When creating your password, use a combination of letters and numbers to make it hard to guess. Avoid personal details like your name or birthdate.
• To access UOB Personal Internet Banking, always type the full website address directly into your browser. Do not click on links in emails or messages. Before logging in, check that the site is secure by looking for “https://” and a padlock icon in the browser bar.
• Protect your device by installing reputable antivirus software and keeping it up to date. Avoid using public or shared computers to access your banking account, as they may not be secure.
• Never share your personal or banking details via email, even with someone you trust. To reduce risk, disable your browser’s auto-complete feature so your credentials are not saved.

After each session, remember to log out and clear your browser cache. If you notice any suspicious or unauthorised activity in your account, contact the bank immediately.

We recommend that you use the latest supported web browsers version to ensure that you are protected against potential cyber threats, as an outdated browser will not receive any security updates from the respective web browser providers.

As such, you may need to update your web browser to the latest version for a seamless and uninterrupted banking experience. No action is required if your browser version is already up to date.

To find out more, please click here

In line with industry-wide efforts to combat fraud and scam cases, there are 3 enhanced security features that we have introduced to safeguard your personal details. You may experience any one of these features if our security system detects unusual online transactions or suspicious activities in your account.

• On-screen alerts to review and validate your online banking requests like fund transfers. This is to ensure you are transferring money to the right person.
• Additional authentication via email One-Time Password (OTP) to prevent fraudsters from impersonating you to perform unauthorised transactions.
• Rejection of transaction or log in request if we detect any suspicious online transaction or account activities If you experience this, kindly follow the instructions on your screen and contact UOB 24-Hour Fraud Hotline immediately for assistance.

Click here to find out more.

The increase in scam cases reveals how scammers are able to hijack your banking account and perform unauthorised transactions when they access your phone or when they use scare tactics to convince victims to make authorised payments under duress.

From 1 July 2024 onwards, any increase to your transaction limits for online banking will only be effective after 12 hours (12-hour cooling off period). This serves as an extra layer of security to prevent large sums of money being transferred out from your account(s) immediately if the transaction limit increase was performed by fraudsters. However, if you are looking to reduce your existing transaction limits, it will take effect immediately.

You will still be able to perform transactions that are within your existing transaction limits during the 12-hour cooling off period. Click here to find out more.