In the first month since its launch on 5 August 2023, OCBC’s anti-malware security feature has prevented scammers from making away with more than $2m in savings, from more than 30 customers’ OCBC bank accounts. The security feature was first rolled out in version 18.1 of the OCBC Digital app for Android. Since then, no losses from malware scams have been reported by OCBC customers using this version of the app and above.
Between 5 August and 5 September, OCBC received reports from more than 30 customers about their Android mobile phones having been compromised by sideloaded apps – apps from sources outside of official app stores – that contained malware. Scammers used the malware to take full control of these customers’ phones. Nonetheless, there were no losses from the customers’ OCBC bank accounts as the anti-malware security feature in the OCBC Digital app had blocked access upon detection of these malicious apps on the phone. This effectively prevented the scammers who had taken control of customers’ mobile phones from making fund transfers through the OCBC Digital app.
Beaver Chua, Head of Anti-Fraud, Group Financial Crime Compliance, OCBC, said: “Malware scams targeting Android mobile phone users have increased significantly in the past few months. There was therefore an urgent need for a much stronger defence. We are heartened that since 5 August, none of our customers using version 18.1 of the OCBC Digital app and above have reported losses arising from malware scams.”
How OCBC prevents scammers from succeeding
The anti-malware security feature also prevents scammers from logging into OCBC internet banking via web browser to access customers’ bank accounts. A physical hard token, or digital token that is within the OCBC Digital app, is required to log into OCBC internet banking. The blocking of the OCBC Digital app by the anti-malware security feature therefore prevents the scammers from using the digital token. The anti-malware security feature will block access to OCBC bank accounts if the mobile phone has other sideload apps or have the ‘Accessibility’ permission turned on.