Beware of scams. Avoid falling prey to fraud.

Scammers are constantly coming up with new ways to steal your money, data, and identity. Find out how to spot suspicious emails, SMS and voice calls and the best practices to deal with them.

Updated on 26 January 2022

There were recent reports of phishing cases where scammers will send fake SMSes to customers impersonating Bank of Singapore’s parent company, OCBC and/or Bank of Singapore, claiming issues with their account and asking them to click on an URL link.

DO NOT click on such phishing SMS link. The URL will lead you to a fake website which is controlled by the scammers. It will trick you to provide your online banking login details, card details or one-time passwords (“OTPs”).

Be vigilant against such phishing threats which may come in other forms such as emails, SMSes or voice calls. Please note that:

  1. We will never send an SMS with a link to reactivate your account.
  2. DO NOT click on links or open any attachments in SMSes or emails. Use OCBC’s or Bank of Singapore’s official mobile banking app or type or directly in your browser.
  3. DO NOT provide your log-in ID, password or OTPs (One-Time Passwords received via SMS) to anyone, or key these into unverified webpages.
  4. Call your Relationship Manager immediately if you did not make a certain transaction or suspect your bank accounts have been compromised.
  5. If in doubt, verify SMSes or emails received by contacting your Relationship Manager. DO NOT call any numbers provided in the suspicious SMSes.
  6. DO NOT provide sensitive personal information easily, in order to safeguard your own interests.
  7. If you are residing in Singapore, download the Scam Shield App (only available on iOS devices) which is a mobile app that blocks unsolicited messages and calls. Find out more at .

Phishing is a way of obtaining confidential information such as one’s banking account details, PIN, OTPs, credit card numbers, user ID or passwords through the Internet, in order to perform unauthorised banking transactions.

Email and SMS

  • Scammers send emails or SMSes impersonating reputable companies, banks or government agencies to victims.
  • These emails or SMSes include fake bank notifications, offers, lucky draws, investment schemes or COVID-19 related campaigns to lure recipients into clicking on an URL link.
  • Upon clicking on the URL link, the victim will be redirected to fraudulent or spoofed websites where they are tricked into providing their credit/debit card details, banking credentials, or OTP.


Voice-based Phishing (“Vishing”)

  • Scammers contact victims and impersonate as government officials, bank officers or technical support staff to trick victims into providing their banking credentials and OTP.
  • These calls could be automated through robocalls, requiring the victims to follow instructions in pressing the number before the scammer picks up the call in-person.
  • Scammers impersonating as technical support staff may request victim to download a remote access software for them to gain control of their computers/laptops/mobile devices.
  • The victims will be directed to provide their banking credentials and OTP and fraudulent transactions will take place.
  • Avoid simply relying on the incoming call display to establish the identity of the caller especially for calls that start with a “+” sign, which indicates they are originated overseas. If in doubt, verify SMSes or emails received by contacting your Relationship Manager. DO NOT call any numbers provided in the suspicious messages.

Stay Alert. Think twice before responding to an unsolicited contact

  • Verify that the caller or the sender of the SMS/e-mail is from the official OCBC and/or Bank of Singapore
  • Keep a look out for unusual sender e-mail address, spelling mistakes, suspicious logos or tones
  • Do not reply to any junk or chain email
  • Do not open any videos and attachments from strangers
  • Do not click on unknown links or questionable websites
  • Do not install any software or programs of unknown origin
  • Do not disclose any personal, financial or credit card information to suspicious websites
  • If you are in doubt about a communication sent by OCBC and/or Bank of Singapore, please contact your Relationship Manager immediately.


Keep Your Password Safe

  • Choose a password which is difficult to guess and of at least 8 characters in length, with at least 1 capital letter and 1 number. Your password should not use the same digit or character more than twice.
  • Do not choose your passwords based on your user ID, or other personal details like your name, birthday or telephone number
  • Do not record, write down or divulge your password to anyone
  • Do not use the same password for other websites or services
  • Change your password regularly
  • Disable your internet browser’s password storage function


Secure your OneToken and SMS OTP (One Time Password)

  • Do not allow anyone to use or tamper with your SMS OTP or OneToken approval or PIN
  • Do not reveal the SMS OTP or OneToken OTP to anyone
  • Do report if your mobile phone registered to receive SMS OTP or OneToken OTP is lost or stolen immediately.
  • Only use OCBC’s and/or Bank of Singapore’s official mobile applications to view or access your accounts on mobile devices


Check your account activities regularly

  • Check your last log-in time and date, account balances and transactions frequently. This will help you determine if authorised parties have accessed your account.
  • If you suspect any irregularities, please contact your Relationship Manager immediately.


Secure your devices (mobile devices, laptops, computers)

  • Remember to log out of the Service after you have finished your session
  • Scanning for viruses
  • Install anti-virus, firewall and anti-spyware software from reputable vendors and update the software regularly
  • Regularly scan your device for viruses


Keep your software up to date

  • Install updates and patches to your devices to fix security weaknesses
  • You should always install updates and patches through the website of the software vendor
  • If you are using Windows XP, enable the “Automatic Updates” feature
  • Ensure that you are running the latest version of your internet browser software
  • Accessing the Service from a secure terminal
  • Do try not to access the Service from public computer terminals like internet cafes, or computers which you are not certain is secure


Report suspicious fraudulent activities  

Please contact your Relationship Manager immediately if you notice any unusual activities in your account or if you believe your account has been compromised.