Mother of all scams thread

[BanCoe]

1 hour ago, Fcw75 said:

Physical token would be the best isn’t it? But of course less convenient.

If the scammers have already hacked into your account in “ parallel  fake website” physical token is of no use too , I think becos they can decode or see your keying inputs on their platform too 

[Fcw75]

2 hours ago, BanCoe said:

If the scammers have already hacked into your account in “ parallel  fake website” physical token is of no use too , I think becos they can decode or see your keying inputs on their platform too 

Hmmm…then why did OCBC switch back to using physical token?

[Jellandross]

Its good for ST to drum up media coverage to pressure OCBC and MAS but I don't believe OCBC will make full compensation if any at all. They can always argue that the consumers were the ones who triggered the link. And since only a "minority" were impacted it means that this is not a systemic vulnerability and the victims are mostly responsible for the liability.

 

 

[Karoon]

1 hour ago, Jellandross said:

Its good for ST to drum up media coverage to pressure OCBC and MAS but I don't believe OCBC will make full compensation if any at all. They can always argue that the consumers were the ones who triggered the link. And since only a "minority" were impacted it means that this is not a systemic vulnerability and the victims are mostly responsible for the liability.

 

 

$9m will go a long way to improve their reputation. Otherwise i think they may have to spend much more. 

[Beregond]

Just now i reveive a new type of scam call.

a chinese guy call and say in chinese' : he laugh causally and say he change new number already , (but i really dun know who he is ) so i ask , then he reply 聼不出？he change new number already .

i thought he is 1 of the workers from some of my customer company require emergency service, then i ask him he from what company , he laugh causally and ask me guess. 

this scam call sound really very real . we really need to be damn alert

[Voodooman]

1 hour ago, Karoon said:

$9m will go a long way to improve their reputation. Otherwise i think they may have to spend much more. 

$9m is nothing to OCBC but the precedent it will set is what worries the Board of Directors? It is a blank cheque.

MAS should investigate why giving 1 OTP away could render all those ebanking safeguards, ie. tokenregistration, adding new payee, change of mobile number, etc, totally meaningless and what could be done next time a scam like this happens again.  There should be an automated number to call to freeze the account for 12-24 hours with heavy fine for abuses.

[Ghgan]

10 hours ago, Fcw75 said:

It was the phising message, she clicked it.

That’s it liao. Don’t click on any link in sms or email. Go straight to the app or call CS.

But got security flaw at OCBC too right? How did the scammer tag onto the official OCBC sms?

For sms marketing, using alphanumeric Sender IDs are the norm. This type of SMS services are widely available online to customize sender ID instead of using number. Also with advancement in telecommunication tech, scammer can fake their caller ID as well. So far I do not think the telco can do much to block these fake sms ID or caller ID from scammer as it require extensive effort with their respective partner in other countries to help to find and block these scammer.

[Karoon]

3 minutes ago, Voodooman said:

$9m is nothing to OCBC but the precedent it will set is what worries the Board of Directors? It is a blank cheque.

MAS should investigate why giving 1 OTP away could render all those ebanking safeguards, ie. tokenregistration, adding new payee, change of mobile number, etc, totally meaningless and what could be done next time a scam like this happens again.  There should be an automated number to call to freeze the account for 12-24 hours with heavy fine for abuses.

Agree. I'm also amazed how easy it was approved. There were reports how local banks  stopped love scams when people tried to transfer large sums overseas and bank officers stepped in. No such measures here.

And transferring large sums overseas to new accounts.... No anti-money laundering and anti-terrorism financing checks? So many questions.  

[Fcw75]

18 minutes ago, Ghgan said:

For sms marketing, using alphanumeric Sender IDs are the norm. This type of SMS services are widely available online to customize sender ID instead of using number. Also with advancement in telecommunication tech, scammer can fake their caller ID as well. So far I do not think the telco can do much to block these fake sms ID or caller ID from scammer as it require extensive effort with their respective partner in other countries to help to find and block these scammer.

Thanks for sharing. So would a physical token be much safer? 

[AndrewLee72]

2 hours ago, Beregond said:

Just now i reveive a new type of scam call.

a chinese guy call and say in chinese' : he laugh causally and say he change new number already , (but i really dun know who he is ) so i ask , then he reply 聼不出？he change new number already .

i thought he is 1 of the workers from some of my customer company require emergency service, then i ask him he from what company , he laugh causally and ask me guess. 

this scam call sound really very real . we really need to be damn alert

@Beregond Hi bro, i got this call also.. like last Month. Dec 2021. Knn the cb kia keep saying he got a new number, ask me why i duno his name.

I kept asking who he is until the call hang up. 1 more time of this call come in.. im sure ready to send himself n his parents all my best regards in hokkien!

[Fcw75]

2 hours ago, Beregond said:

Just now i reveive a new type of scam call.

a chinese guy call and say in chinese' : he laugh causally and say he change new number already , (but i really dun know who he is ) so i ask , then he reply 聼不出？he change new number already .

i thought he is 1 of the workers from some of my customer company require emergency service, then i ask him he from what company , he laugh causally and ask me guess. 

this scam call sound really very real . we really need to be damn alert

Got +65 in front? If so, don’t even bother to pick it up.

Else if picked up, just greet him with the Cantonese 四点金。🤣

[RadX]

3 minutes ago, Fcw75 said:

Got +65 in front? If so, don’t even bother to pick it up.

Else if picked up, just greet him with the Cantonese 四点金。🤣

I say dllm and my best hokkien sending regards to all relatives 18levels below too

[Ghgan]

2 hours ago, Fcw75 said:

Thanks for sharing. So would a physical token be much safer? 

I think at the end of the day the bank need to educate their customer periodically the method and drawback of digital access, 2FA and type of SMS send to the customer. The bank also need to setup a fast way for the customer to limit access to their account if the customer account had been compromise or suspected to be breach. There is no point sending SMS transactions record to customer and ask the customer to call their hotline if the transaction is not valid when there is no procedure for the bank to immediately stop the transaction or prevent further transaction.  This is similar if a credit card is loss, the customer can call the bank to immediately to terminate the lost credit card. The bank need to have similar procedure for customer credit card that was reported lost.

Customer also need to aware of what are they getting at by embracing easy transaction via digital app access and using paynow or paylah.

To me physical token is like the ATM card, if it is lost, faulty or battery is weak, you need to make a trip to the bank to get it replaced. As some MCFer already stated there are less chances of hacker trying to hack the token as it require a lot of effort to do so. At the end of the day, simple cybersecurity hygiene of not revealing your userid, password, 6 digit token pin or some other form of 6 digit pins is the norm to prevent your account being compromised by scammer.  

[Volvobrick]

4 hours ago, Beregond said:

Just now i reveive a new type of scam call.

a chinese guy call and say in chinese' : he laugh causally and say he change new number already , (but i really dun know who he is ) so i ask , then he reply 聼不出？he change new number already .

i thought he is 1 of the workers from some of my customer company require emergency service, then i ask him he from what company , he laugh causally and ask me guess. 

this scam call sound really very real . we really need to be damn alert

I would lost interest immediately.  But not you? 

 

Anyway should ask if he is Lao Chen. If yes, ask him when he is going to return the 10K he borrowed.

 

 

Edited January 16, 2022 by Volvobrick

[Scion]

12 hours ago, Beregond said:

Just now i reveive a new type of scam call.

a chinese guy call and say in chinese' : he laugh causally and say he change new number already , (but i really dun know who he is ) so i ask , then he reply 聼不出？he change new number already .

i thought he is 1 of the workers from some of my customer company require emergency service, then i ask him he from what company , he laugh causally and ask me guess. 

this scam call sound really very real . we really need to be damn alert

interesting... wonder what's the scam intent is

[Beregond]

55 minutes ago, Scion said:

interesting... wonder what's the scam intent is

once the victim believe the caller is some 1 they know, i figure they got hundreds of stories and plots ready  to make the victim revel important info like nric bababa, or even trick the victim into tranfering money directly to him 

[Watwheels]

Whatsapp message: "Bro, still into soccer betting?"

LoL...I dont even bother to watch soccer. See how many still wanna send this type of message?

Hosay liao.

https://www.channelnewsasia.com/singapore/police-raid-handphone-shops-sim-cards-scam-2439256

Police raid 17 handphone shops in crackdown on SIM cards registered to fake users

The SIM cards are sold to customers who want to remain anonymous, and could have been used for crimes.

 

"SINGAPORE: Police on Sunday (Jan 16) arrested 10 people suspected of fraudulently registering prepaid SIM cards which could have been used for crimes such as scams, unlicensed moneylending and vice.

This came after raids on 17 handphone shops by the Commercial Affairs Department in a nine-hour operation across the island.

The shops were located at Orchard, Geylang, Serangoon, Pasir Ris, Jurong West, Yishun, Woodlands, Boon Lay, Desker Road, Syed Alwi Road and Rochor Canal Road."

 

I think since there are hardly any foreign visitors cos of the pandemic the sim cards just sit there to collect dust  That probably give rise to ppl having such ideas to generate income.

Edited January 17, 2022 by Watwheels

[Windwaver]

13 hours ago, Beregond said:

Just now i reveive a new type of scam call.

a chinese guy call and say in chinese' : he laugh causally and say he change new number already , (but i really dun know who he is ) so i ask , then he reply 聼不出？he change new number already .

i thought he is 1 of the workers from some of my customer company require emergency service, then i ask him he from what company , he laugh causally and ask me guess. 

this scam call sound really very real . we really need to be damn alert

How many employees will still get a good rating on their appraisals if they ask their bosses to guess?