Customers could be tricked into revealing their passwords
THE big local banks - DBS, OCBC (left) and UOB - have once again been targeted by the latest trojan horse computer program. -- PHOTO: REUTERS
THE big local banks - DBS, OCBC and UOB - have once again been targeted by the latest trojan horse computer program, which tricks customers into revealing their Internet banking passwords.
Late last month, banks were alerted to the trojan, which could gain scammers access to customers' accounts.
UOB Bank warned on its website that scammers may be able to 'make unauthorised funds transfers within a short period of time'.
DBS Bank had reportedly more than a million Internet banking customers as of last month. The other two banks declined to reveal how many they had.
The three banks last came under attack by trojans - computer programs infiltrating users' computers - in December, but this latest incarnation can steal Internet banking log-in information even before the bank's website can encrypt it.
What happens: At the log-in page, which resembles the real Web page in nearly every aspect, customers will be prompted to enter a third field besides the usual user name and PIN fields - a one-time generated PIN from the bank.
The browser will appear to hang, and the customer is prompted to re-enter the log-in information multiple times, when the trojan will grab it.
On the real site, the customer is prompted for the one-time PIN only after getting past the user name and PIN stage.
Scammers can sell the account information to other hackers at cyber crime forums to use for mischief, said a spokesman from Web security firm Trendlabs.
Not all banking customers will encounter the trojan, only those whose computers are infected.
Source: Trojans strike bank sites
Linear Mode
