Mother of all scams thread

[BanCoe]

Just a thought....... I saw from a Banks website.... for benefit of everyone here ......

Watch out for any SMS or email which pleads for assistance, invokes a sense of fear, urgency or curiosity. This might be a phishing attempt to steal your personal information or commit fraud.

 

[Scion]

On 1/12/2022 at 10:43 AM, Gizmore said:

The main point here is, user will have to give away their login credentials first before any 2FA can happen. 

So the critical point is not to be duped into into giving away login credentials. 

Always bear in mind not to believe any kind of messages that ask you to login to verify. Even if indeed there is usual activities detected and request to change password, login by typing the URL manually and not click on the link in the email.

agreed... most imptly is not to click anything from SMS and emails, suspicious or not

if receive SMS or emails telling u that there are unauthorised transactions or other things, just ignore and close

login the actual bank app in your phone to check instead of clicking the link to access

correct?

[Ganwb79]

While the onus is definitely on oneself to keep a cool head and not to give away your personal logins, what's absolutely unforgivable is OCBC's lack of prompt follow up when customers are desperately trying to get in touch with them to report a fradulent transaction. Seeing your life savings get drained out of your account right in front of your eyes while getting put on hold at the bank's hotline is seriously traumatic.

OCBC, have a seperate hotline just for people to report fradulent transactions for f**k sake. 

Or better yet, improve the monitoring of transactions to catch irregularities. 

I didn't get scammed but this has totally put me off placing any large sum of money in OCBC. 

[Fcw75]

Yah man. Read this also TL.

https://mothership.sg/2022/01/ocbc-scam-victims/?fbclid=IwAR0HAeauqerquE2G-k4zGg2sZBRvE_2nfuMMvavHmLYHhZX2rAzpn3AQWRA

[Windwaver]

14 hours ago, Fcw75 said:

Yah man. Read this also TL.

https://mothership.sg/2022/01/ocbc-scam-victims/

It is quite unfortunate that people are put on hold for so long but that's sometimes the case with all banks when it comes to retail banking.

Not everybody can afford a PB account but our authorities will clamp down hard on the banks.

There was 1 fellow that lost SGD$250K.

 

[Scion]

 

[Gizmore]

Duplicate 

Edited January 15, 2022 by Gizmore
Duplicate

[Gizmore]

Duplicate

Edited January 15, 2022 by Gizmore
Duplicate

[Gizmore]

On 1/15/2022 at 2:27 AM, Ganwb79 said:

While the onus is definitely on oneself to keep a cool head and not to give away your personal logins, what's absolutely unforgivable is OCBC's lack of prompt follow up when customers are desperately trying to get in touch with them to report a fradulent transaction. Seeing your life savings get drained out of your account right in front of your eyes while getting put on hold at the bank's hotline is seriously traumatic.

OCBC, have a seperate hotline just for people to report fradulent transactions for f**k sake. 

Or better yet, improve the monitoring of transactions to catch irregularities. 

I didn't get scammed but this has totally put me off placing any large sum of money in OCBC. 

From the bank's perspective such transactions will appear as authorised transaction. There are mechanism in place to attempt to detect fraudulent activities but it is not 100% foolproof. Even if it does detect one, it is reasonable for the bank to react to it. I.e. banking staff will still have to verify the flagged transaction and determine if it warrants a call to account holder because it can also be a false detection from the system.

Any hotline is going to face waiting time. Hotline operation is a cost and nobody is going to over staff the team to the point where there is zero wait time. If there is any specific target to a bank, any bank would probably face similar issue to the increase in the number of calls. Any bank will face the same issue I would think. 

 

[Fcw75]

1 hour ago, Scion said:

 

It was the phising message, she clicked it.

That’s it liao. Don’t click on any link in sms or email. Go straight to the app or call CS.

But got security flaw at OCBC too right? How did the scammer tag onto the official OCBC sms?

[Windwaver]

1 hour ago, Scion said:

 

My respect to this man.

[Voodooman]

1 hour ago, Fcw75 said:

It was the phising message, she clicked it.

That’s it liao. Don’t click on any link in sms or email. Go straight to the app or call CS.

But got security flaw at OCBC too right? How did the scammer tag onto the official OCBC sms?

OCBC needs to explain the below, especially allowing the setting up of OneToken by OTP and thereafter adding of new Payee via the newly registered digital token when its website said you will need a 6-digit Pin that is sent via surface mail and not just OTP to add new payee.

The couple was also baffled at how scammers were able to conduct so many high-risk activities with their account, such as changing transfer limits and setting up the OneToken, without ever giving out their one-time password (OTP).

[Gizmore]

On 1/12/2022 at 6:38 PM, Meanmachine said:

The way I look at all the sharing gives me one reason to say- All Banks are clueless fighting the chief Scammer, he/she must be a former CEO Chief of Banks, Mothers of all scammers who know how to manipulate, disguise and con all the Mother f**kers here.🤫

I wonder what the MAS has to contribute to safeguards us and win back the confidence and trust that the money lock in all bank accounts are safe. ( For Buddha, Lord Jesus, Lord Mohammed and Lord Krishna ) Amen

I think banks have done their part to ensure there is sufficient security for their online banking. 

It is the user who has been duped to give away their username and password. Banks have no control of the user and there is nothing banks can do about it. 

What is interesting to me is that with digital token acting as 2FA, how is it that the transfer can take place. So I think it must be user gave away banking login credentials, scammers immediately take control of login, initiate fund transfer, app prompts 2FA and user continue to authenticate it.

Or if the user is using only sms for 2FA, the sms is hijacked and use by scammers to authorise the transaction. 

I would think digital token is probably much more difficult to intercept than sms and hence more secure unless one continues to authorise an unauthorised request. 

 

[Fcw75]

Physical token would be the best isn’t it? But of course less convenient.

[Volvobrick]

26 minutes ago, Gizmore said:

I think banks have done their part to ensure there is sufficient security for their online banking. 

It is the user who has been duped to give away their username and password. Banks have no control of the user and there is nothing banks can do about it. 

What is interesting to me is that with digital token acting as 2FA, how is it that the transfer can take place. So I think it must be user gave away banking login credentials, scammers immediately take control of login, initiate fund transfer, app prompts 2FA and user continue to authenticate it.

Or if the user is using only sms for 2FA, the sms is hijacked and use by scammers to authorise the transaction. 

I would think digital token is probably much more difficult to intercept than sms and hence more secure unless one continues to authorise an unauthorised request. 

 

Digital token to me is worse than the physical one. Eg. DBS bank - all you need is press the approve button in the app after you receive an alert that there is a fund transfer request. 

It should have at least 2 steps like slide to confirm twice with all the details of the transaction. 

[Fcw75]

42 minutes ago, Voodooman said:

OCBC needs to explain the below, especially allowing the setting up of OneToken by OTP and thereafter adding of new Payee via the newly registered digital token when its website said you will need a 6-digit Pin that is sent via surface mail and not just OTP to add new payee.

The couple was also baffled at how scammers were able to conduct so many high-risk activities with their account, such as changing transfer limits and setting up the OneToken, without ever giving out their one-time password (OTP).

Ya lor, damn scary leh. 

[Volvobrick]

13 minutes ago, Fcw75 said:

Physical token would be the best isn’t it? But of course less convenient.

Physical tokens cost the banks more money to buy and to send. I think that's the main reason they push everyone to use the app. 

[Fcw75]

1 minute ago, Volvobrick said:

Physical tokens cost the banks more money to buy and to send. I think that's the main reason they push everyone to use the app. 

Still have to replace too coz the battery will die.