UOB Security Alerts

Secret Word


Secret Word What is a Secret Word?

A Secret Word is an additional security measure to verify that you are logging into an authentic UOB Personal Internet Banking site.

Once you have entered a validated User ID, your Secret Word will be displayed. If you do not see the Secret Word you created, it is either you have entered the wrong User ID or you have entered a fake website.
Secret Word

Create Your Secret Word

Your Secret Word can contain:
• Between 5 – 25 characters (including spacing)
• Alphanumeric, special characters, completely made out of alphabets, numbers or special characters
• No restrictions on upper and lowercase alphabets
• A single spacing between words is allowed
• Your Secret Word must not start or end with a space


Allowed Characters Not allowed Characters Reasons not allowed
Minions! 8  Tomato 8 Spacing before and after the word
!@#$%^&*() 10 !@#$%^&*()!@#$%^&*()!@#$%^&*() 32 More than 25 characters
Ba Ba Black Sheep 18 Black   Sheep 13 More than 1 spacing between word
123456789 9 Me! 3 Less than 3 characters
123+ minions! 13      
elviskingofrocknroll 20      
Secret Word

Tips to safeguard your Personal Internet Banking:

• Create a catchy and unique secret phrase which is meaningful only to you
• Do not use your User ID or Password as your Secret Word
• Always ensure the correct Secret Word is displayed before entering your password
• Confirm your Secret Word before entering your password
• Do not enter your Password if the Secret Word is not yours
• Do not enter your Password if you do not see your Secret Word

The Phisher

The Phisher - Fake Email

He disguises as a bank and sends you an ‘urgent email’, which persuades you into opening an attached link. The “phishing links” will bring you to an identical fake website that requires your personal information which he can use for malicious purposes.

Date: 4 August 2010

Date: 23 August 2010

We wish to highlight that UOB will never send emails to customers to request, provide, update or verify User ID, Password, PIN, TAC, account, card or personal information.

  1. Never respond to unsolicited emails requesting for personal information.
  2. Never login with your personal information via any email links, attachments or pop-ups.
  3. Always type the website URLs on the address bar.
  4. Confirm the Authenticity of the login page by clicking on the lock or key to ensure the web certificate is issued to www.uob.com.my

The Trojan Horse

The Trojan Horse - Spyware/Malware

Spyware often appears on websites with free music, movies, or games for download. Malware (such as a Trojan Horse) disguises as an email attachment like a document or photo file. It will then gain access to your personal information. Mobile device malwares are also on the rise, stealing information such as SMS OTP to complete banking transactions through Internet Banking or Credit Cards.

You know you have spyware on your computer/mobile device if:

  • You see pop-up advertisements even when you're not connected to the Internet.
  • The page your Web browser first opens to (your home page); or your browser search settings have changed without your knowledge.
  • You notice a new toolbar in your browser that you didn't want, and find it difficult to get rid of.
  • Your device takes longer than usual to complete certain tasks.
  • You experience a sudden rise in crashes.
For the latest updates on spyware, malware and security threats, please visit MyCert (Malaysian Computer Emergency Response Team).
  1. Update your computer systems regularly with the latest anti-virus software.
  2. Know your Internet sources. Be wary of download requests from the Internet.
  3. Keep separate IDs and Passwords for multiple online accounts and change your passwords regularly.

For mobile devices:

  1. Verify an app's permission and the app's author or publisher before installing it.
  2. Do not click on adware or suspicious URL sent through SMS/messaging services. Malware could be attached to collect user's information.
  3. Addresses on mobile sites may appear differently from desktop browser, make sure to verify it first.
  4. Always run a reputable anti-virus on your mobile devices, and keep it up to date regularly.
  5. Do not use public Wi-Fi networks for bank transactions and turn off Bluetooth connection when not in use.
  6. Update the operating system and applications on mobile devices, including the browser, in order to avoid any malicious exploits of security holes in out-dated versions.
  7. Do not root or 'Jailbreak' your phone; avoid side loading (installing from non-official sources) when you can.

The Phoney

The Phoney - Scam Calls
The Phoney diguises as a “UOB Staff” or someone you can trust and calls you. He “alerts” you of “missing money” or that your banking account has been compromised by possible scams. To rectify your losses or to prevent the “scams”, he will instruct you to perform a bank transaction to a third-party account.
  1. Ask the caller to identify you personally and opt to call back to our UOB Call Centre.
  2. Ignore unsolicited missed calls or text messages from unknown numbers.
  3. Never give out personal information over the phone, unless you are making the call yourself.

Stay Safe Online

  1. Create unique password that are alphanumerical and cannot be easily guessed. For example, a weak password is a combination of your name and birthday.
  2. Always type the link/URL address when you are visiting your banking website or any Internet account. Do not simply click on email links.
  3. If you are logging into a secure site (ie. Internet Banking account site), the website address will change from “http://” to https://. You should also look out for the security icon which is a lock or a key.

  4. Keep your computer systems up-to-date with the latest anti-virus software.
  5. Avoid using public computers at libraries or cyber cafes for your Internet Banking needs.
  6. Never reveal your personal or financial information in an email, even if the recipient is someone close to you.
  7. Avoid software claiming to “auto-complete” your online forms. These kinds of software give scammers a chance to easily access your personal and sensitive information.
  8. Always ensure that you only key in TAC for your intended transaction(s).
  9. Always contact the Bank if you discover any irregular/suspicious activities in your account(s).
  10. Always log out when you have finished your banking session and clear your cache immediately.

If you believe that your banking information is compromised or that there has been an unauthorised breach or transaction on your account, you should notify the Bank immediately by calling our 24-Hour UOB Call Centre at:

  • Kuala Lumpur
(03 - 26128 121)
  • Pulau Pinang
(04 - 2401 121)
  • Johor Bahru
(07 - 2881 121)
  • Kuching
(082 - 287 121)
  • Kota Kinabalu
(088 - 477 121)

You may also find our Call Centre numbers at the back of your UOB Card or in your monthly statement.