Mother of all scams thread

[Jellandross]

From these interviews, sounds like there's at least some OCBC cock up involved.

No OTP needed to setup new payee and transfer large sums out. Went to physical branch to freeze the account but transfer still happening. $8.5M total loss but no warning at all from bank's fraud detection system. Why only OCBC targeted someone knows their internal vulnerability?

MAS really needs to conduct an investigation else OCBC will push all the liability to customers for sure.

 

 

Edited January 9, 2022 by Jellandross

[Mahjong74]

@Windwaver 

I work in a Bank, backend IT operation for past 3 years.........

Till now, my parents still did not have any internet banking apps on their mobile as I told them not to install. And don't ever use Paynow transaction on mobile. 

My advise is don't use your mobile phone for any banking transactions............use laptop and desktop to perform it..............with eyes open

If received any Bank SMS, just read only and don't use mobile phone to do anything. Call the bank if not sure. 

 

[Fcw75]

12 hours ago, Inlinefour said:

took my yusof and Mao then disappeared 😭😭😭

No HCM?

[Fcw75]

12 hours ago, Lala81 said:

I think some people are busy doing other things at times, that's when you can be vulnerable.

And the first part is always meant to make u bit emotional or gan chiong, and hence less likely to think clearly. Just like how the kidnap scams work. Or alerting you are being scammed, then you be like "wat the hell ? I better do something fast"

Yep, scams are always trying to make one fearful and anxious at first so one can’t think logically. 

Aiya, keep all the cash under the bed in a milo tin like some here. 🤣

Edited January 9, 2022 by Fcw75

[Sosaria]

2 hours ago, Mahjong74 said:

@Windwaver 

I work in a Bank, backend IT operation for past 3 years.........

Till now, my parents still did not have any internet banking apps on their mobile as I told them not to install. And don't ever use Paynow transaction on mobile. 

My advise is don't use your mobile phone for any banking transactions............use laptop and desktop to perform it..............with eyes open

If received any Bank SMS, just read only and don't use mobile phone to do anything. Call the bank if not sure. 

 

Same here. Extremely slow adopter of technologies

No paynow (until very recently because need to accept payment conveniently), no grabpay, just rely on cash, credit card and my own transport to go where i want and tar-pao food. The only e-payment i use is paylah because i keep a small account with this bank for such purposes. Even if got scammed, won't lose much.

As far as possible, do not link your main bank account (where salary goes in) to your phone. For convenient e-payment using phone, open another bank account and transfer small amounts over from your main bank account as and when needed.

Edited January 9, 2022 by Sosaria

[BanCoe]

Poor Nigerians ….they had bragging rights for quite a while …….. and now they’re gone to dust 

[Philipkee]

8 hours ago, Mahjong74 said:

@Windwaver

If received any Bank SMS, just read only and don't use mobile phone to do anything. Call the bank if not sure. 

 

Problem is when you try to get through to a human in the bank, you either cannot get through or take very very long.

[Sdf4786k]

20 hours ago, Voodooman said:

My son got the OCBC SMS too. He didn’t have an OCBC account. 

Those who clicked on the link provided the account info and password.

 This is a pro syndicate. 

This will soon be mutated to other banks. We just have to educate the mass that because it’s ocbc, the authorities have the situation under control 

[kobayashiGT]

On 1/8/2022 at 11:42 PM, Volvobrick said:

Nothing compared to nickel trading..... 

sibei envy lor. hahahahah

[kobayashiGT]

On 1/9/2022 at 8:13 AM, Inlinefour said:

me kena scammed by syts cum milfs so many times 😭😭😭 

 

same stories but still fall for it 🥺🥺🥺

 

Woah. how dare they bully our @Inlinefour kor kor! 😡

next time after they bullied you, you pass me their contacts. I see if I will fall for it anot. 🤣🤣🤣

[Kopites]

11 hours ago, Mahjong74 said:

@Windwaver 

I work in a Bank, backend IT operation for past 3 years.........

Till now, my parents still did not have any internet banking apps on their mobile as I told them not to install. And don't ever use Paynow transaction on mobile. 

My advise is don't use your mobile phone for any banking transactions............use laptop and desktop to perform it..............with eyes open

If received any Bank SMS, just read only and don't use mobile phone to do anything. Call the bank if not sure. 

 

Pretty hard not to use mobile especially for those shopping online. 

 

Edited January 10, 2022 by Kopites

[kobayashiGT]

2 minutes ago, Kopites said:

Pretty hard not to use mobile especially for those shopping online. 

 

For mobile, usually i will limit all my usage to grab card. At least is a debit card. Inside will not have more than $100 at any given time.

Lose also lose small money.

[BanCoe]

21 minutes ago, kobayashiGT said:

sibei envy lor. hahahahah

That Envy 1 is just greed and lust for $$ ……. Some more is whose who in Sg …… Let’s just call it redistribution of assets 🤣

this banking scams are common people 

[Kopites]

9 hours ago, Sosaria said:

Same here. Extremely slow adopter of technologies

No paynow (until very recently because need to accept payment conveniently), no grabpay, just rely on cash, credit card and my own transport to go where i want and tar-pao food. The only e-payment i use is paylah because i keep a small account with this bank for such purposes. Even if got scammed, won't lose much.

As far as possible, do not link your main bank account (where salary goes in) to your phone. For convenient e-payment using phone, open another bank account and transfer small amounts over from your main bank account as and when needed.

Salary should be alright as it is pretty liquid and high transact volume monthly. 

 

 

[Kopites]

2 minutes ago, kobayashiGT said:

For mobile, usually i will limit all my usage to grab card. At least is a debit card. Inside will not have more than $100 at any given time.

Lose also lose small money.

Hmm...one hundred ?  Currently using the family sub card (credit card) for all online purchases. 

Not easy to convince wifey to switch over to debit card then. Her spending pattern very much depend on her mood. 🤔

[kobayashiGT]

11 minutes ago, Kopites said:

Hmm...one hundred ?  Currently using the family sub card (credit card) for all online purchases. 

Not easy to convince wifey to switch over to debit card then. Her spending pattern very much depend on her mood. 🤔

for me one hundreds is more than enough. I go kopitiam eat lunch and pay with grabpay only.

Can top up more also. 🤣

[Rickster]

18 hours ago, Rickster said:

The hackers made use of the X number of seconds before OTP expiry to steal the OTP. So when the victim keyed in the OTP into the fake website, the hacker's program can immediately grab the OTP and key it into the actual site in parallel. 

So at the end of the day, I feel its about education and vigilance.

Security and convenience don't sit well together. For people who are absolutely terrified of such things, just stick to traditional banking - like my elderly dad.

Just saw an update on Today's article yesterday:

"In several cases, the victims could not understand how the scammers were able to quickly raise their transaction limits and conduct large local and overseas transactions to new payees without the need for an SMS-based OTP, which is a form of two-factor authentication.

One couple in their 40s, whose joint savings account was wiped of S$80,000, admitted that while they were at fault for compromising their bank account by divulging their account name and bank access code, they did not give the scammers any OTP or security token information."

"TODAY understands that OTP passwords sent via SMS could have been rerouted or compromised through a known vulnerability. Last September, Singapore authorities warned of bank OTPs being diverted to malicious actors overseas to conduct fraudulent transactions, affecting 75 bank customers."

OCBC will need to be partially liable in my opinion.

 

Edited January 10, 2022 by Rickster

[Stratovarius]

15 hours ago, Windwaver said:

https://www.todayonline.com/singapore/ocbc-phishing-scam-left-victim-broke-and-starving-christmas-day-1786751

OCBC phishing scam left victim broke and starving on Christmas Day

SINGAPORE — Being penniless and hungry on Christmas Day was not something that 33-year-old Trisha (not her real name), whose OCBC bank account was targeted by scammers through an SMS phishing scam on Christmas Eve last month, ever imagined could happen to her.

Like many others who received a text message disguised as an official message from the bank, the Singaporean clicked on a link in the fake message that exhorted her to activate the bank’s OneToken authentication tool.

It brought her to another fake website, but one that, to her, looked convincingly like the bank’s internet banking login page.

Within minutes of her keying in her account information and one-time password (OTP), the scammers hijacked her OCBC bank account and drained it of S$68,000 — her entire savings. The bank could not reverse the fraudulent transactions.

For someone who works in the finance industry, is well-read in bank protocols and regulations, and is IT savvy, Trisha could not believe that she had fallen prey to a phishing scam. She declined to give her real name for this article.

“I had to borrow money from friends and family on Christmas just so I didn’t go hungry,” she recalled. “It was humiliating.”

i

Im surprised OCBC did not hold the transaction and confirmed with the account holder first before proceeding. That time my mom wants to issue 20k cashier order from posb, they brought her into a room and interview her. They even called the recipient of the cashier order to check before allowing her to withdraw the money.