The Association of Banks in Singapore is warning Internet banking customers to be on guard against a new spyware that could steal their online passwords.

The new spyware, called "SpyEye" is a Trojan horse malware that infects Web browsers and modifies Web pages to steal personal information. Customers who access their online bank from an infected computer are at risk from the malware which will create a false third party beneficiary addition and funds transfer. ABS also warns customers that the malware can spread via social networking sites as well as opening infected e-mails or downloading unknown files.

Users should be aware of the following symptoms an infected computer may have to protect their online banking identity.

  • The infected computer will ask for an SMS or token-based one-time password (OTP) on the login page. A legitimate internet banking website will only ask for the OTP after the password has been entered on the login page.
  • The login page will have an alert saying the transaction "may take 1-10 minutes to complete" or "security verification in process"
  • A web banner will pop-up asking for the user's permission to check the computer's security settings.
  • Customers may also receive an SMS alert giving them an OTP even if they didn't log in. The SMS alert may also notify users that they have "Added a Payee" or made a "funds transfer".

Users who experience any one of the symptoms should immediately close the browser and contact their banks. Users should not enter any token OTP for any transactions they did not initiate or request.

Customers should also be careful about their online activities. Do not visit any unknown or unsecured Web sites. When transacting their online banking activities, customers should verify the site before providing any login credentials. After completing an online transaction, users should always check their bank balance for any anomalous activities.

ABS has assured online users that the group is monitoring the situation and they will counter these new online threats.