Dear Valued Customer,

Security Alert: Dridex Malware (22 December 2014)
Dear customers,
We would like to bring your attention to recent reports of Dridex Banking Malware (Dridex)
targeting internet banking websites. This malware steals customers’ login information e.g.
Organisation ID, User ID, Password and One-Time-Password or Security Code.
If you have any further queries, please contact us at 1300 88 7000 (within Malaysia) or 603-8317
5200 (outside Malaysia).
How Dridex Works

Hackers send phishing emails that may appear to originate from trusted companies. The
email may appear to the unsuspecting user to be an invoice or an accounting document. The
Dridex malware is hidden in a macro embedded in a Microsoft Word document attached to
the email.

If the malicious Microsoft Word document is opened by the user, the user is prompted to
enable macros. If the user does so, Dridex will be downloaded onto the computer.

If the macro feature was already enabled prior to opening the document, the attack
automatically starts once the document is opened.

Once Dridex is downloaded, it searches for files or activity related to online banking,
extracting usernames and passwords. Users will also be prompted to provide additional
information through a fake web page or pop-up window.
If your computer is infected, these are some ways a malware will attempt to steal your login and
authorisation information:

you may receive multiple prompts to login even when you have already entered your login
information

you may be asked to enter all your login information on one page, instead of two. E.g. the
fraudulent website will ask for your Organisation ID, User ID, Password and One-TimePassword or Security Code all on a single page. On the legitimate Velocity@ocbc website,
the login process is done over two pages

First page: Organisation ID, User ID, Password

Second page: One-Time-Password or Security Code

you may be prompted to enter the One-Time-Password or Security Code from your hardware
token even if you did not perform any online transactions from your account.
If you experience the above while on your internet banking site, please DO NOT proceed with
your online banking activities and follow the steps below:
1.
2.
3.
4.
Close the browser.
Ensure that your anti-virus software is up to date.
Run your anti-virus software and scan the files on all devices (eg. laptops, desktops).that you
use to access online banking.
If your computer is not installed with an anti-virus software, please install with an up-to-date
version immediately and perform a scan on your devices.
221214
OCBC Bank. All Rights Reserved
Page 1 of 2
5.
6.
Restart your computer and login to Velocity@ocbc again. You should not encounter the same
bogus site again if the malware has been completely removed.
Change your password immediately in Velocity@ocbc before performing your internet
banking transactions.
If you suspect that the malware has not been successfully removed, please do not use the
same computer for any online banking transactions. Login to Velocity@ocbc using an
uninfected computer to change your password.
We would like to assure you that our internet banking websites remain secure. You are reminded
to stay vigilant when banking online. The following are some tips that you can take note of to
protect your computer from being infected with such malware:
•
•
•
•
•
•
•
•
Cancel any suspicious looking transaction/s in Velocity@ocbc
Install anti-virus software in your electronic devices (laptops, desktops), ensure regular
updates with the latest virus signatures and scan your devices regularly.
Change the password to your email accounts and Velocity@ocbc login, after ensuring that
your electronic devices had been scanned.
Differentiate passwords, especially for your Velocity@ocbc login and email account from
other online accounts [eg. subscription based sites, online merchants, social media, etc]
If you need to perform a transaction through Velocity@ocbc, please use an uninfected
laptop/desktop.
Do not enter any One-Time-Password or Security Code for transactions that you did not
initiate or request.
Avoid visiting unknown and unsecured websites.
Do not open unknown or suspicious attachments, even if they are from senders you know.
At OCBC Bank, protecting your information is our priority. For more about online security and how
to protect yourself from fraud, please visit: http://www.ocbc.com.my/business-banking/help-andsupport/tips-and-notices.html
221214
OCBC Bank. All Rights Reserved
Page 2 of 2