Jump to content

Mother of all scams thread

Windwaver

By Windwaver,
in Lite & EZ

 Share

Recommended Posts

Windwaver

Windwaver

Turbocharged

Let's start with this

https://www.straitstimes.com/singapore/courts-crime/ocbc-bank-customer-lost-120k-in-fake-text-message-scam-another-had-250k-stolen

Young couple lost $120k in fake text message scam targeting OCBC Bank customers

SINGAPORE - It took a man and his wife five years to save about $120,000, but in just 30 minutes, scammers using a fake text message stole the money they had kept in their OCBC Bank joint savings account.

The couple in their 20s were among at least 469 people who reportedly fell victim to phishing scams involving OCBC in the last two weeks of December last year.

The victims lost around $8.5 million in total.

The husband works in the e-commerce sector, while his wife is in the hospitality industry. The man said he received the phishing message with a link at around noon on Dec 21 last year.

A 38-year-old software engineer who fell prey to the same scam on Dec 28 told ST that he lost about $250,000 he had been saving since 2010.

The father of a young child with special needs said the loss has been devastating, and he has been hiding it from his family.

The bank said it has since halted its plans to phase out physical hardware tokens by the end of March this year, and has also stopped sending SMSes with links in them in the light of the spate of phishing incidents.

Cyber security expert Anthony Lim, who is also a fellow at the Singapore University of Social Sciences, said scammers have advanced software enabling them to spoof telecommunications services and send SMSes that appear in the same threads used by real organisations.

He added that even if victims did not provide their one-time passwords (OTPs), they would have sealed their fate when they entered other bank details on the fraudulent sites.

"Once the victim unwittingly responds by entering the bank account credentials, the hackers' technologies can divert and capture a copy of the SMS OTP issued by the bank," he said.

md_ocbc_08012022.jpg

↡ Advertisement
  • Praise 2
  • Shocked 6
  • Sad 3
Link to post
Share on other sites
Playtime

Playtime

Twincharged
17 minutes ago, Windwaver said:

38-year-old software engineer who fell prey to the same scam on Dec 28 told ST that he lost about $250,000 he had been saving since 2010.

Wah... $250k in 10yr... champion. 

Link to post
Share on other sites
Playtime

Playtime

Twincharged
19 minutes ago, Windwaver said:

Once the victim unwittingly responds by entering the bank account credentials, the hackers' technologies can divert and capture a copy of the SMS OTP issued by the bank," he said.

Seems like bank side problem leh.

Cos this method seem any how enter account number also can get hits. 

Link to post
Share on other sites
Jellandross

Jellandross

Supersonic

Its a good practice to visually verify that the web site link sent to you is really from the actual sender - eg: if you receive a SMS containing a web site link from OCBC but the link doesn't begin with www.ocbc.com/xxxxx then something is wrong. 

Despite the Internet having existed for so long, I believe majority of users still have no idea of basic concepts like URL domains and how it works.

 

 

 

 

 

 

 

 

 

  • Praise 4
Link to post
Share on other sites
BanCoe

BanCoe

Hypersonic
(edited)

Welcome to the digital age …… talk about paperless bills ….every thing is e-xxxx. etc in the name to save paper/ postage …….. and this are young people ( if not even savvy) …… what about those old folks struggling with this digital divide ……. Now even Singpass also got Singapass …….. dunno what govt gonna do about this ……..one fine day when there is a breach or meltdown………

7203548D-1005-459D-BBED-5F7B529DAD91.jpeg

Edited by BanCoe
  • Praise 6
Link to post
Share on other sites
Gizmore

Gizmore

Supercharged

I think banks should just do away with sms authentication altogether. 

It is a well known weakness and this massive hit just shows exactly it.

 

  • Praise 7
Link to post
Share on other sites
Scion

Scion

Turbocharged

seems like set max daily transfer limit also no use because hacker will take over acc

 

some suggestion from forums:

- a whitelist delay (eg 24 hour) to approve new payees

- a daily transfer limit (eg 1k) to new payees for the first xx days

- a daily transfer limit and transfer delay for large amounts (eg 20k and above in holding acc for 24 hours to be cleared) with warning notifications... at least users will know there are unauthorised transfers and less likely to lose 120k/250k in one shot

- triple authentication in SMS, email and app (not efficient though)

 

anyway best is not click any links in SMS, Whatsapp, Telegram and Facebook messenger

be suspicious always because in IT/Cyber anything is possible 😲

  • Praise 6
Link to post
Share on other sites
Jp66

Jp66

5th Gear
(edited)

 

5 hours ago, Jellandross said:

Its a good practice to visually verify that the web site link sent to you is really from the actual sender - eg: if you receive a SMS containing a web site link from OCBC but the link doesn't begin with www.ocbc.com/xxxxx then something is wrong. 

Despite the Internet having existed for so long, I believe majority of users still have no idea of basic concepts like URL domains and how it works.

 

 

 

 

 

 

 

 

 

The problem is the url is not showing on the top when you click on the link,  watch the attached video. 

Edited by Jp66
.
  • Praise 7
Link to post
Share on other sites
macrosszero

macrosszero

Turbocharged
1 hour ago, Inlinefour said:

me kena scammed by syts cum milfs so many times 😭😭😭 

 

same stories but still fall for it 🥺🥺🥺

 

It’s ok if you got some honey for your money

That’s just paying for services 

  • Haha! 6
Link to post
Share on other sites
BanCoe

BanCoe

Hypersonic
1 hour ago, Inlinefour said:

me kena scammed by syts cum milfs so many times 😭😭😭 

 

same stories but still fall for it 🥺🥺🥺

 

U many $$ mah ……… most handsome n hot in MCF mah  😂😂

  • Haha! 4
Link to post
Share on other sites
Inlinefour

Inlinefour

Twincharged
3 minutes ago, Macrosszero said:

It’s ok if you got some honey for your money

That’s just paying for services 

took my yusof and Mao then disappeared 😭😭😭

  • Haha! 1
Link to post
Share on other sites
Civic101

Civic101

6th Gear

I find a lot of bit.ly/xxxx links are quite fishy - some lucky draws on FB etc with bit.ly links always try to get personal information. Be very careful!

↡ Advertisement
  • Praise 5
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...