Last Updated : 1 March 2018
Notice on latest malware threat targeting internet banking and online trading users.
We have discovered different variants of Spyeye malware. This malware is designed to steal customer's information by altering the "look" and "feel" of existing internet trading websites. For instance, if the malware infects the customer's computer, the website may look different and ask the customer to key in his user ID, login password and trading password or one-time pin from his token all at same time, instead of the usual login method. If you see the following message after you have logged in your computer may be inflected with this malware.
"We are checking your security settings. Every step can take 1-10 minutes…."
You can prevent this from happening to yourself.
How it works
Such emails trick the recipient into thinking that they are responding to a genuine request because they are usual convincing looking and are phrased to give the appearance that they were sent by the recipient's banker. These emails usually tell the recipients that they are required to "update" or "validate" certain information via a hyperlink provided in the email. Unknowingly, they are directed to a web site that looks like the bank's, but is actually control by the fraudsters. Sensitive, account information such as credit card information and User ID's, Passwords and PINS entered on these are therefore revealed to the fraudsters. This is often referred to as "phishing". For more information, just use any search engine and search for "phishing" or "email bank scams".
Preventive Measures You SHOULD Take
- NEVER reveal your password to anyone. Be suspicious of any email asking you to provide sensitive account information.
- If you receive such emails, please verify with the sender but use a contact number that is known to be genuine. Do not reply or click on the links in the email.
- Disregard and delete spam, chain, and junk emails.
- Always type www.dbsvitrade.com into your browser address bar or use favorites/bookmarks to access our site.
- Act quickly and contact our Online Trading teams at (66) 2857 7799 if you think you have been tricked.
Keep your password safe
Creating Your Password
- Do NOT use special characters and space.
- Do NOT use 3 or more consecutive identical characters e.g. "333", "aaa", etc.
- Do NOT use sequential characters e.g. "123", "abc" etc.
- Do NOT use you User ID as your password.
- Do NOT use obvious passwords, such as initials, family names, company name, your date of birth, telephone number or other numbers/letters that could guess or insecure.
- Do NOT use passwords from other Internet sites.
- Don't disclose your password to anyone, including the DBS Vickers staff.
- Don't allow anyone else to use your password.
- Don't write down or record the password without disguising it, as this can easily lead to discovery and compromise.
- Don't associate your password with your initials, family names, birthdays, telephone number or numbers as your password.
- Change your password periodically, e.g. within 90 days or 3 months and the new password should be different from the previous passwords.
- Always remember to log off when you have completed your online activities.
- Report to us immediately any actual or suspected of your password and ensure that such password changed without delay.
- Beware of common social engineering attacks e.g. people pretending to be a police or Bank staff to ask you to tell them your password.
- Make sure no one is looking over your shoulder as you are typing your password.