Date: 7 July 2016
Threat Type: Malware/Phishing
Description: There is a malicious email campaign targeting customers of the Bank. The email(s) may come from fake email account(s) having an attachment containing a variant of banking malware , that exploits macros in Microsoft Office to infect the computer. If you (as the recipient of such email) click and open the document/ attachment, a macro embedded in the document/ attachment surreptitiously triggers a download of the such banking malware, enabling it to first steal banking credentials (like User ID, PIN, Secure PIN, SMS OTP and so on) and then initiate financial transactions on his/her behalf.
Who might be at risk?
Internet banking users.
How can you protect yourself from this?
- Be alert. Do not download or open attachments found in suspicious emails and do not reply to the sender either.
- Protect your computer by using an anti-virus software and anti-spyware software that are set to perform automatic updates daily.
- Do not reveal or provide your Internet banking username, password or token PIN to anyone.
Please inform our customer centre at 8001012553 or +65 67239009 (when calling from overseas) immediately if you notice unknown transactions appearing on your account. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.