-
IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here. The OTHER forum is HERE so please stop asking.
Chitchat See everyone ? Same as giving account lumber to stranger's
- Thread starter sweetiepie
- Start date
Young couple lost $120k in fake text message scam targeting OCBC Bank customers
The victims who reportedly fell victim to phishing scams involving OCBC Bank lost around $8.5 million in total. PHOTO: ST FILE
David Sun
PUBLISHED
6 HOURS AGO
FacebookWhatsApp
SINGAPORE - It took a man and his wife five years to save about $120,000, but in just 30 minutes, scammers using a fake text message stole the money they had kept in their OCBC Bank joint savings account.
The couple in their 20s were among at least 469 people who reportedly fell victim to phishing scams involving OCBC Bank in the last two weeks of December last year.
The victims lost around $8.5 million in total.
Speaking to The Straits Times, the couple, who declined to be identified, said they had been saving up to start a family. They have not been able to get their money back.
The husband works in the e-commerce sector while she is in the hospitality industry. The man said he received the phishing message with a link at around noon on Dec 21 last year.
It claimed that an unknown payee had been added to their account, and instructed him to click on the link if it was not approved by him.
"The SMS looked like it came from OCBC and entered the usual SMS chat history from OCBC used for authentic banking services," he said.
"The link took me to a site that looks exactly like the OCBC login page."
He then entered his account details, unwittingly handing over control of the whole account to scammers.
They realised they had been scammed only when the man received SMSes from the bank informing him of changes and transactions involving the account that had taken place earlier that afternoon.
He showed ST his text message history. According to the timestamp, the bank sent him the alert at about 2pm, only for him to receive it past 6pm.
"Had we received the notifications on time, we would have been able to react faster, and perhaps been able to reach the relevant teams during the same business day to stop the transactions," said the man.
After news broke that others had also been scammed, the couple decided to start a group for victims in an attempt to collectively seek answers.
Theirs was not the largest sum stolen.
MORE ON THIS TOPIC
Nearly 470 people lose $8.5m in phishing scams involving OCBC Bank
OCBC cautions about SMS scams after customers lose $140k in 10 days
A 38-year-old software engineer who fell prey to the same scam on Dec 28 told ST that he lost about $250,000 he had been saving since 2010.
The father of a young child with special needs said the loss has been devastating, and he has been hiding it from his family.
"It's a horrible situation that impacts my whole life," he said.
"I didn't know there was a scam going around... how would I have known?"
Eight victims have contacted ST to share their frustration.
Responding to queries from ST, Mr Francisco Celio, head of group corporate security at OCBC Bank, said it has been assisting those affected.
"The recent SMS phishing scam impersonated OCBC and preyed on the fears of consumers about their personal bank accounts," he said.
"It is particularly aggressive and highly sophisticated in duping consumers into disclosing their personal banking details despite repeated bank warnings to be alert and not to do so."
The bank said it has since halted its plans to phase out physical hardware tokens by the end of March this year, and has also stopped sending SMSes with links in them in the light of the spate of phishing incidents.
MORE ON THIS TOPIC
OCBC continues with physical tokens, reversing plan to phase them out
OCBC's scam detection helped customers save $10m this year
OCBC launched its fraud surveillance system in 2016, and uses machine learning to assist in detecting and immediately flagging fraudulent transactions which are then reviewed by a fraud analyst.
It also implemented its anti-financial malware system in 2019. It is able to identify what device its banking services are accessed from.
Mr Celio added that OCBC's banking systems remain safe and secure and have not been hacked.
A group of victims issued a statement to ST, alleging that the bank had not responded fast enough, failed to ensure the security of its SMS channel, and that remediation for customers was lacking.
"While the attack may have been particularly aggressive, it is OCBC's duty to their customers to be ready for this," they said.
Cyber security expert Anthony Lim, who is also a fellow at the Singapore University of Social Sciences, said scammers have advanced software enabling them to spoof telecommunications services and send SMSes that appear in the same threads used by real organisations.
He added that even if victims did not provide their one-time passwords (OTP), they would have sealed their fate when they entered other bank details on the fraudulent sites.
"Once the victim unwittingly responds by entering the bank account credentials, the hackers' technologies can divert and capture a copy of the SMS OTP issued by the bank," he said.
He also said there is a limit to how much a consumer can be protected, and that consumers need to be aware and protect themselves.
"Quite unfortunately, with regard to such message scams, there is only so much technology can do (to protect consumers)," he said.
"The best way to avoid falling prey to these is still awareness, and the accompanying scepticism."
MORE ON THIS TOPIC
New variant of phishing scam emerges, victims lost $1m from Jan to May
Banks and police work to thwart scams targeting customers
Cyber security expert Anthony Lim said consumers should take the following precautions when dealing with online transactions and banking details:
• Do not act in a hurry or under duress
• Do not respond to messages asking for personal credentials, passwords or PINs
• Be suspicious of messages sent via SMS or WhatsApp asking for personal details
• Never click on links in such messages
• Never download any attached file in such messages, however interesting or attractive it may be made out to be
Separately, OCBC Bank advises consumers not to access their bank accounts through SMS links.
Mobile access to bank accounts should always be done using the official banking or payment app, or by keying in the bank's URL directly into the browser.
MORE ON THIS TOPIC
Is the customer or bank responsible for fraudulent transactions in Singapore?
Get unlimited access to all stories at $0.99/month
* Terms and conditions apply
Join ST's Telegram channel here and get the latest breaking news delivered to you.
FacebookWhatsApp
YOU MAY LIKE
00:20
Ad
Spend smart with the Smart Credit CardStandard Chartered Bank
00:15
Ad
Get a dose of critical illness coverDBS
Driver dies in blaze after rental car catches fire following carpark crash
iPhones and iPads
Available in
Google Play
Sign up for our daily newsletter
Sign up
More newsletters
By registering, you agree to our T&C and Privacy Policy.
MCI (P) 031/10/2021, MCI (P) 032/10/2021. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2021 SPH Media Limited. All rights reserved.
The victims who reportedly fell victim to phishing scams involving OCBC Bank lost around $8.5 million in total. PHOTO: ST FILE
David Sun
PUBLISHED
6 HOURS AGO
FacebookWhatsApp
SINGAPORE - It took a man and his wife five years to save about $120,000, but in just 30 minutes, scammers using a fake text message stole the money they had kept in their OCBC Bank joint savings account.
The couple in their 20s were among at least 469 people who reportedly fell victim to phishing scams involving OCBC Bank in the last two weeks of December last year.
The victims lost around $8.5 million in total.
Speaking to The Straits Times, the couple, who declined to be identified, said they had been saving up to start a family. They have not been able to get their money back.
The husband works in the e-commerce sector while she is in the hospitality industry. The man said he received the phishing message with a link at around noon on Dec 21 last year.
It claimed that an unknown payee had been added to their account, and instructed him to click on the link if it was not approved by him.
"The SMS looked like it came from OCBC and entered the usual SMS chat history from OCBC used for authentic banking services," he said.
"The link took me to a site that looks exactly like the OCBC login page."
He then entered his account details, unwittingly handing over control of the whole account to scammers.
They realised they had been scammed only when the man received SMSes from the bank informing him of changes and transactions involving the account that had taken place earlier that afternoon.
He showed ST his text message history. According to the timestamp, the bank sent him the alert at about 2pm, only for him to receive it past 6pm.
"Had we received the notifications on time, we would have been able to react faster, and perhaps been able to reach the relevant teams during the same business day to stop the transactions," said the man.
After news broke that others had also been scammed, the couple decided to start a group for victims in an attempt to collectively seek answers.
Theirs was not the largest sum stolen.
Nearly 470 people lose $8.5m in phishing scams involving OCBC Bank
OCBC cautions about SMS scams after customers lose $140k in 10 days
A 38-year-old software engineer who fell prey to the same scam on Dec 28 told ST that he lost about $250,000 he had been saving since 2010.
The father of a young child with special needs said the loss has been devastating, and he has been hiding it from his family.
"It's a horrible situation that impacts my whole life," he said.
"I didn't know there was a scam going around... how would I have known?"
Eight victims have contacted ST to share their frustration.
Responding to queries from ST, Mr Francisco Celio, head of group corporate security at OCBC Bank, said it has been assisting those affected.
"The recent SMS phishing scam impersonated OCBC and preyed on the fears of consumers about their personal bank accounts," he said.
"It is particularly aggressive and highly sophisticated in duping consumers into disclosing their personal banking details despite repeated bank warnings to be alert and not to do so."
The bank said it has since halted its plans to phase out physical hardware tokens by the end of March this year, and has also stopped sending SMSes with links in them in the light of the spate of phishing incidents.
OCBC continues with physical tokens, reversing plan to phase them out
OCBC's scam detection helped customers save $10m this year
OCBC launched its fraud surveillance system in 2016, and uses machine learning to assist in detecting and immediately flagging fraudulent transactions which are then reviewed by a fraud analyst.
It also implemented its anti-financial malware system in 2019. It is able to identify what device its banking services are accessed from.
Mr Celio added that OCBC's banking systems remain safe and secure and have not been hacked.
A group of victims issued a statement to ST, alleging that the bank had not responded fast enough, failed to ensure the security of its SMS channel, and that remediation for customers was lacking.
"While the attack may have been particularly aggressive, it is OCBC's duty to their customers to be ready for this," they said.
Cyber security expert Anthony Lim, who is also a fellow at the Singapore University of Social Sciences, said scammers have advanced software enabling them to spoof telecommunications services and send SMSes that appear in the same threads used by real organisations.
He added that even if victims did not provide their one-time passwords (OTP), they would have sealed their fate when they entered other bank details on the fraudulent sites.
"Once the victim unwittingly responds by entering the bank account credentials, the hackers' technologies can divert and capture a copy of the SMS OTP issued by the bank," he said.
He also said there is a limit to how much a consumer can be protected, and that consumers need to be aware and protect themselves.
"Quite unfortunately, with regard to such message scams, there is only so much technology can do (to protect consumers)," he said.
"The best way to avoid falling prey to these is still awareness, and the accompanying scepticism."
New variant of phishing scam emerges, victims lost $1m from Jan to May
Banks and police work to thwart scams targeting customers
Tips to avoid being scammed
With scammers using more advanced technologies and software, the simplest advice may work best - be suspicious of messages sent via SMS or WhatsApp asking for personal details.Cyber security expert Anthony Lim said consumers should take the following precautions when dealing with online transactions and banking details:
• Do not act in a hurry or under duress
• Do not respond to messages asking for personal credentials, passwords or PINs
• Be suspicious of messages sent via SMS or WhatsApp asking for personal details
• Never click on links in such messages
• Never download any attached file in such messages, however interesting or attractive it may be made out to be
Separately, OCBC Bank advises consumers not to access their bank accounts through SMS links.
Mobile access to bank accounts should always be done using the official banking or payment app, or by keying in the bank's URL directly into the browser.
Is the customer or bank responsible for fraudulent transactions in Singapore?
Get unlimited access to all stories at $0.99/month
- Latest headlines and exclusive stories
- In-depth analyses and award-winning multimedia content
- Get access to all with our no-contract promotional package at only $0.99/month* for the first 3 months
* Terms and conditions apply
Join ST's Telegram channel here and get the latest breaking news delivered to you.
FacebookWhatsApp
YOU MAY LIKE
00:20
Ad
Spend smart with the Smart Credit CardStandard Chartered Bank00:15
Ad
Get a dose of critical illness coverDBS
Driver dies in blaze after rental car catches fire following carpark crashTHE STRAITS TIMES
Available foriPhones and iPads
Available in
Google Play
Sign up for our daily newsletter
Sign up
More newsletters
By registering, you agree to our T&C and Privacy Policy.
MCI (P) 031/10/2021, MCI (P) 032/10/2021. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2021 SPH Media Limited. All rights reserved.
If my uncle is his employer he will fire him for being ter nao and deem unfit to be in this industry leeveloping software. This is the leesult of sinkie being tam chia busy working and greedy ended up as ter nao when people prompt you to do this you just follow
Question my uncle have is why these kortec has 120k 250k in their savings account ?
The most useless agency which cannot prevent anything not catch and convict anyone:
https://www.csa.gov.sg/
https://www.csa.gov.sg/
Sinkieland is a totalitarian shithole with an excessively bloated government, too many jiakliaobee pigs feeding off an ever expanding trough. CASE, CRA, NTUC, Govtech etc.
80% of the public sector should be trimmed off: hiring freeze, early retirement, transition to the private sector.
When one of the reasons listed to justify raising the GST was to 'provide for social services', I know that trough is going to get larger.
A government cannot be the solution to problems. However, if not properly restrained, it will become THE problem.
Daft Sinkies will have to learn the hard way.
Correct that means these kortecs went in settings to change dailee leemit to high high
Old man like me have no such problems. I go counter for banking needs. Such messages mean nothing to me. Revert to old school banking methods. Over the counter. Unless they fake the entire bank branch.
Similar threads
