UOB Security Alerts

Latest Online Threats

Phishing Scams or Fake emails

Scammer disguises as a bank and sends you an 'urgent email', which persuades you into opening an attached link.

Show moreShow less

Phone Scams

Scammers disguise themselves as banks authorities or someone you can trust and requested you to transfer funds to an unknown third party account.


Show moreShow less

SMS Scams

Victims will receive SMS messages about low interest rates offering from the bank for personal loans or other similar "offers". These SMS messages contain a phone contact for interested individuals to call.

Show moreShow less

Potential victims receive phishing emails claiming to be from UOB, informing them that someone has logged into their account.

How a phishing email might work

  • Potential victims would be asked to click on a link or button such as "Stop Request Now"
  • This redirects them to a fake website for disclosure of confidential information (e.g. user ID, password, One-Time Passwords,etc).
  • Once such confidential information is disclosed, the fraudsters would then use the information to transfer money out of the victims' bank account.

The victims would also receive SMS alerts notifying them of the successful fund transfers to unknown payees.

Here is how a phishing email could look like.









Tips to protect yourself from such phishing email scams

Browsers Security


  • Do not click on links or buttons in such emails
    By hovering your mouse pointer over the link or button, you are able to see the actual hyperlinked internet address, which is usually a fake website’s internet address. (Where emails are read on mobile phones, pressing and holding on the link for a while would reveal the actual internet address).

  • Always type the website URLs on the address bar.

  • Always confirm the Authenticity of the login page by clicking on the lock or key to ensure the web certificate is issued to either www.uobgroup.com or pib.uob.com.my.

  • Do not download or open any attachment in suspicious emails.

  • Do not provide your confidential information over email or phone
    Please note that the Bank will never ask you for confidential information(such as your user ID, password, One-Time Password, etc) through email or phone.

  • Never enter your password if you did not see your Secret Word when you try to login.

  • Change password and report immediately
    If you have inadvertently provided such information, immediately login to your Internet banking account to change your password. Should you suspect that your account has been compromised, please inform our 24-Hour Call Centre at 03-26128 121. You may also find our Call Centre numbers at the back of your UOB Card or in your monthly statement.



He "alerts" you of "missing money" or that your banking account has been compromised by possible scams. To rectify your losses or to prevent the "scams", he will instruct you to perform a banking transaction to a third-party account.

There also have been reports of phone scams where individuals have received automated voice calls requesting them to enter numbers on their phones which will then connect them to a "telephone operator" or "bank employee".

From there, the "telephone operator" or "bank employee" may request for personal information, and then transfer their call to another person who may claim to be a "police officer". Individuals may then be instructed to submit confidential information such as bank account numbers, internet banking usernames, passwords and One Time Passwords (OTPs) on a website.

Using the information acquired, the perpetrator will then initiate a funds transfer to an unknown third-party account.


Tips to protect yourself from such phone scams

  • Ask the caller to identify you personally and opt to call back to our UOB Call Centre.

  • Ignore unsolicited missed calls or text messages from unknown numbers.

  • Never give out personal information over the phone, unless you are making the call yourself.

  • Inform the bank. If you are unsure of the call you have received, or have inadvertently disclosed your personal or bank information, please inform our 24-Hour Call Centre at 03-26128 121 immediately. You may also find our Call Centre numbers at the back of your UOB Card or in your monthly statement.


Scammers will randomly send out SMS messages to the public offering low interest rates from the bank for personal loans or other similar "offers". These SMS messages contain a phone contact for interested individuals to call.

If the individual calls that number, the perpetrator will attempt to get him or her to disclose confidential information such as bank account numbers, internet banking usernames, passwords and One Time Passwords (OTPs), which will then be used to initiate a funds transfer out of the individual's bank account.

Some scammers will also request customer to transfer a minimal "processing fee" to an unknown third-party account.


We advise customers to do the following when they receive such SMS messages

  • Be alert. Do not provide any personal information, bank account information (including user ID, password and OTP) and credit card details on websites or to the callers.

  • Be safe. Do not transfer any money to any unknown party.

  • Inform the bank. If you are unsure of the SMS you have received, or have inadvertently disclosed your personal or bank information, please inform our 24-Hour Call Centre at 03-26128 121 immediately. You may also find our Call Centre numbers at the back of your UOB Card or in your monthly statement.


Security Alert: Malware "Dyreza"

A malware, Dyreza has been recently found spreading which may affect the legitimacy of banking websites.

Show moreShow less

Security Alert: OpenSSL Bug (HeartBleed)

A bug has recently been discovered in OpenSSL, a software that protects sensitive data online.

Show moreShow less

Spyware / Malware

Spyware often appears on websites with free music, movies, or games for download. Malware disguises as an email attachment like a document or photo file.

Show moreShow less

This malware is spread through phishing emails with malicious attachment. When the said malicious attachment is opened, the malware infects the customers' computers or devices.

Once customers' computers or devices are infected, the malware will attempt to steal the customers' login and authorisation credentials (such as User ID, Password, One Time Password) by altering the flow of logging on to the UOB website.

After the first login page, it will show a message "We are currently processing your information, please wait...." which does not exist in the legitimate UOB website.

Symptoms that your computer could possibly be infected with Malware

  • Prompt to input your login credential multiple times even if your supplied information is correct.

  • Sudden slowness in your computer and/or requests you to wait while the system is processing for an extended time.

  • Unusual logon/authorisation procedures and/or re-direct to the unfamiliar website.


How can I protect against Malware?

  • Always protect your computer by using an anti-virus/anti-malware software and keep it updated with the latest anti-virus. Scan your computers regularly.

  • Do not download or open attachments in suspicious emails.

  • Never reply to unsolicited emails.

  • Avoid accessing unknown and unsecured websites.

  • If you suspect that your computer has been infected by malware, please scan your computer with latest anti-virus/anti-malware software and refrain from using banking websites until your computer is cleaned.

  • Check your last login and transaction history regularly for any abnormal transactions.
UOB would like to assure you that our internet banking systems are secure. Please contact our 24-Hour Call Centre at 03-26128 121 immediately, if you notice unknown transactions appearing on your account.


Please be assured that UOB's Internet and Mobile Banking systems are not affected by the OpenSSL bug.

UOB would like to use this opportunity to encourage our customers to adopt the following best practices to safeguard their passwords for a safe and secure online banking experience. Customers should:

  • Use a different username and password for their online banking accounts from other non-banking related accounts.

  • Select a password that is at least eight characters long, contains alphanumeric characters and does not repeat any character.

  • Change their passwords regularly, at least once every three months.

  • Not reveal their account username or password to anyone.

  • Disable the “Auto Complete” function on the browser to avoid theft of information.

If you encounter any suspicious activities in relation to your account(s), please contact our 24-Hour Call Centre at 03-26128 121 immediately. You may also find our Call Centre numbers at the back of your UOB Card or in your monthly statement.


Spyware often appears on websites with free music, movies, or games for download. Malware (such as a Trojan Horse) disguises as an email attachment like a document or photo file. It will then gain access to your personal information. Mobile device malwares are also on the rise, stealing information such as SMS OTP to complete banking transactions through Internet Banking or Credit Cards.

You know you have spyware on your computer/mobile device if:

  • You see pop-up advertisements even when you're not connected to the Internet.

  • The page your Web browser first opens to (your home page); or your browser search settings have changed without your knowledge.

  • You notice a new toolbar in your browser that you didn't want, and find it difficult to get rid of.

  • Your device takes longer than usual to complete certain tasks.

  • You experience a sudden rise in crashes.

For the latest updates on spyware, malware and security threats, please visit MyCert (Malaysian Computer Emergency Response Team).


Tips to protect yourself from such phone scams

  • Update your computer systems regularly with the latest anti-virus software.

  • Know your Internet sources. Be wary of download requests from the Internet.

  • Keep separate IDs and Passwords for multiple online accounts and change your passwords regularly.

For mobile devices:

  • Verify an app's permission and the app's author or publisher before installing it.

  • Do not click on adware or suspicious URL sent through SMS/messaging services. Malware could be attached to collect user's information.

  • Addresses on mobile sites may appear differently from desktop browser, make sure to verify it first.

  • Always run a reputable anti-virus on your mobile devices, and keep it up to date regularly.

  • Do not use public Wi-Fi networks for bank transactions and turn off Bluetooth connection when not in use.

  • Update the operating system and applications on mobile devices, including the browser, in order to avoid any malicious exploits of security holes in out-dated versions.

  • Do not root or 'Jailbreak' your phone; avoid side loading (installing from non-official sources) when you can.


Credit Card & Personal Loan Scams

Credit Card Scams

Beware of Phone Scam

Show moreShow less

Personal Loan Scams

Scammers disguises as UOB agent to prey customers into applying Personal Loan

Show moreShow less

In most cases, customers either received SMS or telephone call requesting them to confirm a credit card transaction that has been charged to customer’s credit card. When customer calls the telephone number provided in the SMS or responds to the telephone call, the fraudsters will identify themselves as officer of the bank and inform them on the credit card transactions that has taken place. Then the fraudster will request customer to confirm on the transactions.


Should customer denied on the transaction or had no such credit card, the fraudster will start to sound concerned and advise customer to lodge a report to Bank Negara Malaysia by providing another phone number or offered to transfer the calls to another fraudster claimed to be a Bank Negara Malaysia officer.


This ‘BNM officer’ impostor will request for customer’s banking information such as credit cards accounts, savings accounts, NRIC number and pretend to be lodging a complaint on behalf of the customer. The impostor will then advise customer to withdraw their available credit limit from his/her existing credit card account as cash advance and subsequently transfer to a third party account  in order to prevent any unauthorized charge or future transfer.  


Tips to protect yourself from phone scam:

  1. Do not respond to SMS or call from unknown person asking for your credit card details.
  2. Be skeptical, the bank or Bank Negara Malaysia will never ask you to provide your credit/debit card details through phone.
  3. Do not transfer money to any unknown party.

Scammers will disguises as UOB agent and trick unsuspecting customers into applying for a Personal Loan with United Overseas Bank (Malaysia) Bhd and will subsequently request customers to transfer money into a personal account as processing fee.


Scammers will also provide a fake letter of offer and fake cheque (purportedly issued by UOB) as proof of loan approval.



Tips to protect yourself from personal loan scams:

  • UOB do not require customers to pay any “Processing Fees” for Personal Loan application.
  • Never transfer fund into any unknown third party account

Safeguard your credit/debit card

How to safeguard your credit/debit card and PIN

Show moreShow less

At the point of transaction

Show moreShow less

At the ATM

Show moreShow less
  • Keep your cards & PIN safe and secure always.
    Keep your cards and PIN safe and secure at all times including your place of residence. Do not leave your cards unattended.
  • Do not lend your card to anyone.
    Do not lend your card and PIN to anyone as your card and PIN is exclusively for your own usage.
  • Don’t forget the unused cards.
    As you may have more than one card, REMEMBER to keep your unused card(s) in a secure place.
  • Sign your card
    Upon receipt of your card, immediately sign on the signature panel using a non- erasable ballpoint pen.
  • Tampered package
    In the event the sealed package containing your credit/debit card has been tampered with or compromised, please contact UOBM Call Centre immediately.
  • Don’t leave your valuables in the car
    Never leave your card in your wallet or handbag unattended in your car when you go jogging, swimming, hiking, etc even if your car is locked or armed with security alarm and especially when your car is parked outside the compound of the house.
  • Destroy your card properly
    Destroy your card properly by cutting across the magnetic stripe and the chip in the event you wish to cancel your card.
  • Call the bank
    If you suspect your card is lost/stolen/misplaced, immediately call the bank to put a STOP status. You may call the bank later to release the STOP status if you have found your card or you may request the bank to issue you a replacement card once you have confirmed your card is lost or stolen.
  • Never compromised your PIN
    Your credit/debit card PIN is to be used for face-to-face purchases and cash withdrawal only. Do not use the same PIN for any website that require your credit/debit card PIN for validation. This is to prevent your PIN from being compromised.
  • Check slip details
    Check the details on the transaction slip before signing to prevent any unauthorised charges.
  • Is that your card?
    Ensure that it is your credit/debit card that is returned to you after a purchase.
  • At petrol kiosks
    REMEMBER to take your credit/debit card back after you have completed a transaction at a Self-Service Petrol Kiosk.
  • Don’t leave your card behind
    DO NOT leave your credit/debit card to the cashier at drinking places (i.e. bar and pubs) for running bills, as unauthorised transactions may take place.
  • Be careful online
    Never reveal or input your credit/debit card information in an unsecured website.
  • Pay attention to bank SMS alerts
    Pay special attention to transaction SMS alerts from the bank. Immediately report to the bank when you receive an SMS alert for a transaction that is not authorised by you.
  • Don’t sign on blank slips
    DO NOT sign on a blank transaction slip to prevent unauthorised billings.
  • Destroy mutilated sales draft
    Destroy any altered or mutilated sales drafts before throwing them away.
  • Use cards responsibly
    Never use your cards for any unlawful activity
  • Keep your receipts
    Keep your receipts and use them to check entries against your bank statement/passbook regularly.
  • Be alert at any ATM
    Be alert and vigilant when conducting transactions at any ATM, and be sure not to be distracted by strangers.
  • Be mindful
    Be mindful when entering your PIN in the presence of others near the ATM.
  • Memorise your PIN
    Memorise your PIN, and then destroy the PIN notification.
  • Change your PIN
    Change your PIN periodically.
  • Never give your card to anyone
    Never give your card to anyone or allow a third party to transact on your behalf.
  • Watch out for foreign devices
    DO NOT use the ATM if you see unusual or foreign devices attached to the machine or suspicious persons loitering near your ATM location. Report such incidences to the bank immediately.
  • If card is withheld by ATM
    If your card is withheld by the ATM, report it immediately to our UOBM Call Centre or our branch stuff.
  • Call our helpline
    DO NOT accept any offers of assistance with the ATM from strangers. If you need help, use the phone located at the ATM machines to contact our helpline.
  • Remember your card
    REMEMBER to take back your credit/debit card after you have completed a transaction.

Check your monthly statements & update your details

Show moreShow less
  • Check your monthly statement
    Check your monthly credit/debit card statement and reconcile it with your transaction slips. If you discover any discrepancy, contact our UOBM Call Centre immediately.
  • Update us with your latest contact details
    Notify the bank of any changes in address or contact number to allow us to contact you promptly for verification of transactions.
  • Remember UOBM Call Centre numbers
    Keep UOBM Call Centre contact numbers for emergency reporting like lost/stolen/misplaced cards or unauthorized transactions.
  • If your personal information is compromised.
    If your personal information has been compromised, please contact the bank immediately.

Stay Safe Online

Secret Word

What is a Secret Word?

Show moreShow less

Create Your Secret Word

Show moreShow less

Tips to safeguard your Personal Internet Banking

Show moreShow less

A Secret Word is an additional security measure to verify that you are logging into an authentic UOB Personal Internet Banking site.

Once you have entered a validated User ID, your Secret Word will be displayed. If you do not see the Secret Word you created, it is either you have entered the wrong User ID or you have entered a fake website.


Your Secret Word can contain: 

  • Between 5 - 25 characters (including spacing) 
  • Alphanumeric, special characters, completely made out of alphabets, numbers or special characters
  • No restrictions on upper and lowercase alphabets
  • A single spacing between words is allowed
  • Your Secret Word must not start or end with a space




Not Allowed


Reasons Not Allowed





Spacing before and after the word





More than 25 characters

Ba Ba Black Sheep


Black   Sheep


More than 1 spacing between word

123456789 9 Me! 3 Less than 3 characters
123+ minions! 13      
elviskingofrocknroll 20      



  • Create a catchy and unique secret phrase which is meaningful only to you
  • Do not use your User ID or Password as your Secret Word
  • Always ensure the correct Secret Word is displayed before entering your password
  • Confirm your Secret Word before entering your password
  • Do not enter your Password if the Secret Word is not yours
  • Do not enter your Password if you do not see your Secret Word


Good practices to protect yourself online

Show moreShow less

Steps to clear your browsing history and cache

Show moreShow less
  1. Create unique password that are alphanumerical and cannot be easily guessed. For example, a weak password is a combination of your name and birthday.
  2. Always type the link/URL address when you are visiting your banking website or any Internet account. Do not simply click on email links.
  3. If you are logging into a secure site (ie. Internet Banking account site), the website address will change from "http://" to https://. You should also look out for the security icon which is a lock or a key.
  4. Keep your computer systems up-to-date with the latest anti-virus software.
  5. Avoid using public computers at libraries or cyber cafes for your Internet Banking needs.
  6. Never reveal your personal or financial information in an email, even if the recipient is someone close to you.
  7. Avoid software claiming to "auto-complete" your online forms. These kinds of software give scammers a chance to easily access your personal and sensitive information.
  8. Always ensure that you only key in TAC for your intended transaction(s).
  9. Always contact the Bank if you discover any irregular/suspicious activities in your account(s).
  10. Always log out when you have finished your banking session and clear your cache immediately.


For Internet Explorer 10 and above

  • Select 'Tools' in the upper right-hand corner.
  • Select 'Safety' followed by 'Delete Browsing History'
  • In the 'Delete Browsing History' click the following checkbox for:
    • Temporary Internet files
    • Cookies
  • Make sure to uncheck 'Preserve Favorites website data'
  • Click 'Delete' button.


For Google Chrome 50 and above

  • On your browser toolbar, click 'More Tools' followed by 'Clear browsing data'
  • In the 'Clear browsing data' box, click the following checkbox for:
    • Cookies and other site and plugin data
    • Cached images and files
  • Use the menu at the top to select the amount of data that you want to delete. Choose 'the beginning of time'
  • Click 'Clear browsing data'


For Safari 10 and above

  • Select 'History' followed by 'Clear history'
  • Under 'clear', select 'all history'
  • Click 'Clear History'


24-Hour UOB Call Centre

If you believe that your banking information is compromised or that there has been an unauthorised breach or transaction on your account, you should notify the Bank immediately by calling our 24-Hour UOB Call Centre.

  • Kuala Lumpur
(03 - 26128 121)
  • Pulau Pinang
(04 - 2401 121)
  • Johor Bahru
(07 - 2881 121)
  • Kuching
(082 - 287 121)
  • Kota Kinabalu
(088 - 477 121)

You may also find our Call Centre numbers at the back of your UOB Card or in your monthly statement.