You Are Here: HOME > Customer Service > Announcement
Malware Alert
 

Dear Customer,

Mobile Phone Malware Alert

We have received information pertaining to a phishing website (IP address 144.48.6.3) that targets ICBC customers. The phishing website will attempt to solicit your ICBC Internet Banking credentials for further fraudulent activities.

ICBC would like to clarify that this mobile phone website is NOT published by ICBC and advise customers NOT to click on any links in the website. Customers who have visited the website or clicked on any link on the website are advised to change their passwords immediately, by directly logging into www.icbc.com.sg. ICBC would like to remind all customers NOT to reveal or disclose passwords to anyone at any time online or on the telephone.

Always verify the internet banking website before providing your login credentials and type the ICBC website URL directly into the address bar of your browser (www.icbc.com.sg).


Malware Distribution
Malware distribution can be done via attachment downloads. If you click on the attachment, the malware will attempt to infect your PC or computing device.

Behaviour of the Malware
Once your personal computer or computing device has been infected, it will stay dormant until you access your online banking account. Upon successful authentication of your login credentials (user  ID, PIN and a one time password) by the bank and sent to the C&C server. The attacker uses the stolen information for various fraudulent activities such as performing transactions and selling/using stolen credit cards.

Precautionary Measures You Can Take
a.Perform a full scan of your PC or computing device using your anti-virus software 
b.Update your anti-virus signature file to the latest release. 
c.If you received any suspicious email with a zip file, verify with the sender if he/she has sent the email before opening the email. The Bank will never send you emails asking for your personal information or login credentials. If you receive a fake icbcsg@sg.icbc.com.cn mail requiring you to provide personal information or provide you with unofficial internet banking login link , Please do not click, if you have any doubt, please contact us as soon as possible.
d.Delete the email immediately if the sender cannot be verified. 
e.Scan your email attachments regularly. 
f.Do not enter any login credentials if the website looks suspicious. 
g.Do not attempt to perform any further transactions if you experience difficulties accessing your account after you have entered your login credentials. 
h.If you have received any SMS notification for transactions not made by you, do inform the Bank immediately.

Should you have any further queries, please feel free to contact us on (65)6769 5588 (9am – 6pm, Mon - Fri) or (65) 6369 5588 (24hrs).