Jump to content
MCF HangOut X Lexus – 9 May 2024, Lexus Boutique ×

OCBC to pay out customers who lost money in recent SMS phishing scam

BabyBlade

By BabyBlade,
in Lite & EZ

 Share

Recommended Posts

bsswan

bsswan

6th Gear
15 minutes ago, Columbian78 said:

So recently I did a review of my bank accounts and one of the thing is to check and set fund transfer / payment limits. If I were to really kenna scammed, at least try to limit the damage. I have an aunt living in Malaysia whom is quite educated and smart, but even she kenna a scam where she was brainwashed to go to bank and send money to a foreign account. They used high level pressure on her and asked her to wear an earpiece listen to them and ignore bank staff all the way.

For OCBC, I was able to set such limits, something like $xxx per day. Hardware token generated number is required to change this limit using internet banking. I asked around and it seems UOB and DBS (the 3 local banks) can easily do this.

For Citibank, I cannot set my own limits. The default for fund transfer even to other people/bank is 200k. I think paynow is 10k. I sent an enquiry and they replied that it cannot be changed.

I thought the idea was the scammers had full control of the accounts so could re-set any limits then do their transfers.

With HSBC, UOB and OCBC i set the app and fingerprint for authentication, no longer using tokens.

  • Praise 2
Link to post
Share on other sites
Mustank

Mustank

Hypersonic
On 1/18/2022 at 9:30 AM, Inlinefour said:

well

at least willing to pay back 

better than over 48 hours disruption

say sorry and act blur 🤣🤣🤣

 

Edmw side got people think the 2 days actually got people nearly Kena account hack then the 2 days is to sort things out one 

Real or not I don’t know 

If true then dbs more satki 

  • Shocked 1
Link to post
Share on other sites
bsswan

bsswan

6th Gear
16 minutes ago, happy_man said:

Always use bio-metric authentications, 2FA, OneTime tokens, complex 16-character passwords + limit online transactions + keep phone updated... if all else fails, go back to cash and store  99.99% Gold bar at home.  😜

Yeah, even my Spreadsheet that has all my passwords in encrypted and password protected....... forget that password and I'm screwed - I even had to write it as an Appendix to my Will.

Problem is it won't be too long before we do away with cash completely, pretty much like China and I don't see Unker at Kopi Shop giving change for a gold nugget.😝

  • Praise 1
Link to post
Share on other sites
Columbian78

Columbian78

6th Gear
23 minutes ago, bsswan said:

I thought the idea was the scammers had full control of the accounts so could re-set any limits then do their transfers.

With HSBC, UOB and OCBC i set the app and fingerprint for authentication, no longer using tokens.

Like many people, I also wonder the technical details of how the money was transfered out.

Regardless, I think this ocbc case is still a pure scam in the sense that victims were fooled into an action that results in the scam working. Scammers use the SMS system as a tool to firstly fool victim to believe they need to do something, then using the sms generated as 2FA to perform the transactions.  The bank's system was not hacked into (as claimed by OCBC). Else, really none of us can sleep well ler.

So far from what I seen, SMS as 2FA is not allowed to change (or increase, in UOB case) the limits that customer had set. If the transaction (beyond set limit, or beyond daily limit) requires hardware token, and customer did not give this out. Token safely kept at home all the time. And scammer still manage to do the transfer, then I think the bank system had failed. Not customer fault. This is where I am trying to secure my accounts but citibank would not let me set limits.

 

 

 

  • Praise 2
Link to post
Share on other sites
Rickster

Rickster

5th Gear

I think the crux of the issue is that the process that the bank uses, starting from the SMS for notification/OTP, is susceptible to attacks. 

Most people will think that the SMS is legit as phones classify these SMSes into the same thread. Thus, giving the impression that these SMS are actually sent by OCBC.

So to a certain extent, I think that OCBC is partially liable for this because they use this process that can be easily compromised by hackers.

 

  • Praise 1
Link to post
Share on other sites
Jellandross

Jellandross

Supersonic
(edited)

Wonder who squeeze OCBC balls until they agree full compensation?

The fact that they forced ppl to sign non disclosure alluded that full compensation was probably not the initial plan.

 

 

Edited by Jellandross
Link to post
Share on other sites
kobayashiGT

kobayashiGT

Internal Moderator
16 hours ago, happy_man said:

Always use bio-metric authentications, 2FA, OneTime tokens, complex 16-character passwords + limit online transactions + keep phone updated... if all else fails, go back to cash and store  99.99% Gold bar at home.  😜

Ppl now buy NFT liao lah.

https://opensea.io/collection/ghozali-everyday

Wanna buy a mugshot of this guy? 🤣

  • Haha! 2
Link to post
Share on other sites
Fitvip

Fitvip

Supersonic
On 1/18/2022 at 9:30 AM, Inlinefour said:

well

at least willing to pay back 

better than over 48 hours disruption

say sorry and act blur 🤣🤣🤣

 

With pressure all round, under the boh pian act, they agree to pay all the full amount! I believe initially they only paid partial!

  • Haha! 3
Link to post
Share on other sites
Inlinefour

Inlinefour

Twincharged
1 minute ago, Fitvip said:

With pressure all round, under the boh pian act, they agree to pay all the full amount! I believe initially they only paid partial!

Better than cecaporean say sorry and act blur 🤣🤣🤣

  • Praise 4
  • Haha! 1
Link to post
Share on other sites
1fast1

1fast1

Supersonic
On 1/18/2022 at 9:32 AM, BanCoe said:

for a minute I tot banks must practice snake oil, big time 🤣

OK lah  Facebook, Apple, Amazon, Netflix, Google  trending ..... but FB also gets hacked too quite regularly though they have put barriers and more barriers

Now MANGA with Meta. Cooler. 

  • Haha! 1
Link to post
Share on other sites
BanCoe

BanCoe

Hypersonic
12 hours ago, Turboflat4 said:

Now MANGA with Meta. Cooler. 

2 many acronyms these days........ just like the good old fashion MANGA's available whole year round at your neighbourhood fruit shops    

↡ Advertisement
  • Haha! 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...