• Online Security and Fraud

We view your security with utmost importance. That's why we've provided you with some security tips to protect yourself from online security threats.  

View Details »

The CIMB Clicks security device provides you the enhanced protection for your online transactions by generating an OTP that is unique to the transaction information. 

View Details »

Protect yourself and your computer/mobile devices!

At CIMB Bank, we are committed to protect your online security and peace of mind. We use multiple layers of security to ensure that your Online Banking sessions are protected by a high level of security. However, you also play an important role in safeguarding your computer/mobile devices and your online information. Below are some recommendations on how to stay safe online below.

Install anti-virus and anti-malware software

Protect your devices from virus and malware by installing anti-virus and anti-malware software. To maximise your protection, update them regularly to ensuremake sure you always have the latest virus definition.

Avoid rooting or jailbreaking your mobile devices

It is not advisable to install or access CIMB Clicks Mobile App on a rooted or jailbroken mobile device as it poses potential risks to viruses and malicious software, making it vulnerable to fraudulent attacks. You are advised to download your Mobile Banking application only from authorized sources such as Apple App Store or Google Play Store.

Install a personal firewall

Firewall software and/or hardware helps provide a protective shield between your computer/mobile device and the Internet. This barrier can help prevent unauthorised people gaining access to your computer/mobile device, reading information from it or placing viruses on it while you are connected to the Internet.

Install anti-spyware software

Spyware is a general term for hidden programs on your computer/mobile devices that track what you are doing on your computer/mobile devices. Spyware is often bundled together with file sharing, email virus checking or browser accelerator programs, and it is installed on your computer/mobile devices without your knowledge to intercept information about you and your computer/mobile devices. The type of information gathered can include personal Internet usage, and in some instances, confidential data such as passwords. You can download and run a specialist program designed to help identify and remove threats from spyware. Like an anti-virus program, it also needs to be regularly updated in order to recognise the latest threats.


Keep your browser and operating system up-to-date

From time to time security weaknesses or bugs are found in browsers and operating systems. Usually 'Service Packs' are issued by the software company to make sure these are fixed as quickly as possible. You should make regular checks on your software vendor's website and apply any new security patches as soon as possible to ensure you have the most updated security features available.

Avoid running programs or opening email attachments from any source you do not know or trust

You should avoid installing software or running programmes of unknown origin and avoid opening email attachments from any source you do not know or trust. We also recommend that you scan all email attachments for viruses and delete junk and chain emails on a regular basis. Also, never call a number appearing on an email you suspect is fraudulent. A phony telephone number may be used in the email.

Important note: The bank will never ask you to disclose, change or update your personal banking information via emails, phone or SMS. You could be coaxed into entering a bogus website that may look fraudulently identical to the bank’s site. If you have received any unauthorized request, please call us immediately at (65) 6333 7777 or email to AtYourService@cimb.com

Avoid using public or shared computer/networks

You should never access online services or perform financial transactions from a publicly shared computer /network that cannot be trusted. (e.g internet kiosk at airport, internet café, library etc). It is not advisable to access your bank account via Wi-Fi connection, especially in public places like airports, hotels or shopping malls.

Scams

There are many forms of scams and they usually involve some form of impersonation, be it a government official, public servant or even a representative of an organisation like a bank or financial institution. Here are some more common ones.

Investment Scam

There may be instances when you receive unsolicited messages from persons claiming to be stock brokers, employees of banks or financial companies. Fraudsters will ask for your personal details such as NRIC and passport number, supposedly for an investment form. Scammers will then ask you to transfer monies to banks, and pay administrative fees, security fees and taxes in order to receive the profits and returns.

Be cautious of promise of high returns. Always check with a licensed financial advisor before engaging in any investments. Be wary when asked to send money overseas. Do not provide your name, identification number, passport details, contact details, bank account or credit card details to someone whom you do not know well.

Phishing Scam

What is 'Phishing'? 'Phishing' is a type of identity theft where criminals blast emails to a mass audience in their malicious attempt to bait you into fake websites. You will then be asked to disclose confidential financial and personal information, passwords, credit card numbers along with any other highly confidential questions.

The most common type of phishing scam is an email threatening serious consequences if you do not log in and take immediate action. A bogus link is usually provided in that email which leads to a fake website identical to the bank’s website.

Note: The bank will never ask you to disclose, change or update your personal banking information via email, phone or SMS. If you suspect that you have been coaxed into entering a bogus bank site or contacted by a caller posing to be a CIMB Bank staff, please call us immediately at (65) 6333 7777 or email AtYourService@cimb.com.

Money Muling Scam

For fraudsters, transferring stolen funds directly into their accounts would make their whereabouts and activities easily traced by law enforcement agencies. In an effort to stay under the radar, money mules are recruited or used to help facilitate the movement of funds to the criminals. In other words, money mules are used specifically to receive and transfer out stolen money.

Fraudsters will try to recruit customers to use their personal banking account as intermediary accounts by promising them rewards. Recruitment will normally be promoted via social media, chat sessions or even newspaper ads offering work-from-home job offers.

For more information on scams, kindly visit www.scamalert.sg

Stagefright Bug

A vulnerability is found on Android devices affecting almost 95% of its users. Attackers can exploit this bug through MMS (a type of message which can include text, sound, images and video) which allows them to take control of such devices.

Tips to prevent being attacked:

  • Ensure you have the latest Android upgrade/patch installed
  • Disable auto-retrieval of MMS

Ransomware

What is ransomware?
Ransomware is a type of malicious software designed to block access to a victim's computer or files and locks it/them until a sum of money is paid (hence the name ransomware).

A well-known variant of ransomware is called WannaCry (aka WCry) that presents itself through a large-scale cyberattack. It targets vulnerable Microsoft Windows systems and encrypt data files on infected computers. Users are demanded to pay a US$300 ransom in bitcoin to decrypt their files. The ransom amount is doubled after three days. If payment is not made after seven days, the encrypted files will be deleted.

How do you get infected:
You can be infected when you unknowingly download ransomware from compromised websites, spammed emails or other malware.

Best practices to avoid malware infection:
1. Always exercise caution when visiting new or unfamiliar websites.
2. Never download an App that hasn't been verified by an official store, and read reviews before installing programs.
3. Be cautious when you receive an email with an attachment from unknown senders that contain suspicious subjects. Be careful when opening files such as MS Word and Adobe PDF as they may not be real documents but malware.

Protect your data:
Having a regularly updated backup is an effective control to mitigate the loss of data due to ransomware.

DYRE Malware

A new variant of malware known as 'DYRE' is targeting online banking customers. The malware started from phishing emails. Hence, please do not respond or click on any hyperlink in an email to access to your Online Banking websites. Phishing email aims to steal your Online Banking User ID and Password.

These may be some of the signs that your computer could be infected by ‘DYRE’:

  • You are prompted to enter your User ID and Password repeatedly
  • Your computer seems to be running very slowly compared to usual
  • Unfamiliar screen after you login to your Online Banking site

Dridex Malware

Dridex operates by first arriving on a user's computer as a malicious spam email with a Microsoft Word document attached to the email. If the user opens the document, a macro embedded in the document will trigger a download of the Dridex banking malware, enabling it to first steal banking credentials and then attempt to generate fraudulent financial transactions. 

 

Security Tips

It is advisable to download the latest anti-virus and scan your devices regularly. This is to ensure that your online financial transactions are not performed using infected devices. Please stay vigilant when banking online. Please call us immediately at +65 6333 7777 or email to AtYourService@cimb.com when you suspect something is amiss. 

Call Our Consumer Contact Centre:
Personal Banking Hotline
Mon - Sun (9.00am - 9.00pm)
+65 6333 7777