New security measures to combat malware scams
DBS and UOB, two of the largest banks in Singapore, have announced new security measures to protect their customers from malware scams that target users of Android devices. The new measures will restrict customers from accessing the banks’ digital services on their phones if apps from unverified app stores, also known as sideloaded apps, are detected. These apps may have risky permissions enabled that could allow scammers to access customers’ banking information or take control of their devices.
The new security measures will also prevent customers from using the banks’ apps if screen-sharing on other apps or tools is detected on their phones. This will prevent customers from sharing their mobile screens with scammers unknowingly, hence allowing scammers to compromise their banking accounts.
Both banks said their new anti-malware security measures do not monitor phone activities, collect or store personal data.
DBS’s updates have gone live
DBS said its new anti-malware tool for Android phones seeks to prevent scammers from fraudulently logging into customers’ accounts by restricting app access if it detects potential risks. One such security risk is the presence of malware or malicious applications on customers’ phones.
This new function has gone live, the bank’s head of legal and compliance Lam Chee Kin told CNA. From early October, the presence of sideloaded apps with accessibility permission enabled, and detection of ongoing screen-sharing or mirroring detected on devices will also trigger restricted access to DBS’ banking app.
DBS said customers will not be able to access its banking app until they have taken the necessary steps to secure their phones. Customers may be asked, via an in-app pop-up, to secure their mobile device before accessing its online banking services. The bank explained on its website that this is a precautionary measure and that users who see this have likely had their phones’ security compromised.
UOB rolling out measures from Wednesday
UOB announced that it will be rolling out new anti-malware security features on its banking app progressively from Wednesday. The new security update will restrict customers’ access to the bank’s app when it detects apps downloaded from third-party or unauthorised sites and have risky permissions enabled. An error message will be sent highlighting the name of the potentially risky app.
Customers will have to uninstall or switch off accessibility permissions for the mentioned app to continue using UOB’s digital services. Customers are strongly recommended to uninstall the mentioned apps, UOB’s head of group compliance Daniel Ng said. These apps with risky permissions settings can be exploited by scammers to compromise customers’ mobile devices and banking apps.
Customers will also not be able to access UOB’s banking app if screen-sharing on other apps or tools is detected on their phones. UOB said this will prevent customers from sharing their mobile screens with scammers unknowingly, hence allowing scammers to take control of their devices and compromise banking information. Customers will be able to continue using the bank’s app once they turn off screen sharing.
Other banks have implemented similar measures
OCBC was the first to roll out new anti-malware security measures last month, followed by Citibank on Sep 15. Both banks also restrict customers’ access to their banking apps if sideloaded apps with risky permissions are detected on their phones.
The new security measures by the banks come amid a spate of malware scams targeting users of Android devices in Singapore. According to the police, there were 218 cases of such scams reported between January and August this year, involving losses of more than S$1 million.
The police advised members of the public to only download mobile applications from official app stores such as Google Play Store or Apple App Store, and not to grant unnecessary permissions to any app.
