Young couple lost $120k in fake text message scam targeting OCBC Bank customers

[The_King]

SINGAPORE - It took a man and his wife five years to save about $120,000, but in just 30 minutes, scammers using a fake text message stole the money they had kept in their OCBC Bank joint savings account.

The couple in their 20s were among at least 469 people who reportedly fell victim to phishing scams involving OCBC in the last two weeks of December last year.

The victims lost around $8.5 million in total.

Speaking to The Sunday Times, the couple, who declined to be identified, said they had been saving up to start a family. They have not been able to get their money back.

The husband works in the e-commerce sector, while his wife is in the hospitality industry. The man said he received the phishing message with a link at around noon on Dec 21 last year.

It claimed that an unknown payee had been added to their account, and instructed him to click on the link if it was not approved by him.

 

 

"The SMS looked like it came from OCBC and entered the usual SMS chat history from OCBC used for authentic banking services," he said.

 

"The link took me to a site that looked exactly like the OCBC login page."

He then entered his account details, unwittingly handing over control of the whole account to scammers.

The couple realised they had been scammed only when the man received SMSes from the bank informing him of changes and transactions involving the account that had taken place earlier that afternoon.

 

He showed ST his text message history. According to the time stamp, the bank sent him the alert at about 2pm, only for him to receive it past 6pm.

"Had we received the notifications on time, we would have been able to react faster, and perhaps been able to reach the relevant teams during the same business day to stop the transactions," said the man.

ST understands that it is possible the scammers had re-routed or delayed the SMSes. 

The couple had also received messages earlier that access to their account was being set up on another phone, but this was followed with fake messages from the scammer telling them to ignore the messages, claiming they were just part of a system upgrade. 

After news broke that others had also been scammed, the couple decided to start a group for victims in an attempt to collectively seek answers.

Theirs was not the largest sum stolen.

 

 

OCBC cautions about SMS scams after customers lose $140k in 10 days

A 38-year-old software engineer who fell prey to the same scam on Dec 28 told ST that he lost about $250,000 he had been saving since 2010.

The father of a young child with special needs said the loss has been devastating, and he has been hiding it from his family.

"It's a horrible situation that impacts my whole life," he said.

"I didn't know there was a scam going around... how would I have known?"

Eight victims have contacted ST to share their frustration.

Responding to queries from ST, Mr Francisco Celio, head of group corporate security at OCBC, said it has been assisting those affected.

"The recent SMS phishing scam impersonated OCBC and preyed on the fears of consumers about their personal bank accounts," he said.

"It is particularly aggressive and highly sophisticated in duping consumers into disclosing their personal banking details despite repeated bank warnings to be alert and not to do so."

The bank said it has since halted its plans to phase out physical hardware tokens by the end of March this year, and has also stopped sending SMSes with links in them in the light of the spate of phishing incidents.

 

 

OCBC's scam detection helped customers save $10m this year

OCBC launched its fraud surveillance system in 2016, and uses machine learning to assist in detecting and immediately flagging fraudulent transactions, which are then reviewed by a fraud analyst.

It also implemented its anti-financial malware system in 2019. It is able to identify what device its banking services are accessed from.

Mr Celio added that OCBC's banking systems remain safe and secure and have not been hacked.

A group of victims issued a statement to ST, alleging that the bank had not responded fast enough, failed to ensure the security of its SMS channel, and that remediation for customers was lacking.

"While the attack may have been particularly aggressive, it is OCBC's duty to their customers to be ready for this," they said.

Cyber security expert Anthony Lim, who is also a fellow at the Singapore University of Social Sciences, said scammers have advanced software enabling them to spoof telecommunications services and send SMSes that appear in the same threads used by real organisations.

He added that even if victims did not provide their one-time passwords (OTPs), they would have sealed their fate when they entered other bank details on the fraudulent sites.

"Once the victim unwittingly responds by entering the bank account credentials, the hackers' technologies can divert and capture a copy of the SMS OTP issued by the bank," he said.

He also said there is a limit to how much a consumer can be protected, and that consumers need to be aware and protect themselves.

"Quite unfortunately, with regard to such message scams, there is only so much technology can do (to protect consumers)," he said.

"The best way to avoid falling prey to these is still awareness, and the accompanying scepticism."

 

---

Tips to avoid being scammed

With scammers using more advanced technologies and software, the simplest advice may work best - be suspicious of messages sent via SMS or WhatsApp asking for personal details.

Cyber security expert Anthony Lim said consumers should take the following precautions when dealing with online transactions and banking details:

• Do not act in a hurry or under duress

• Do not respond to messages asking for personal credentials, passwords or PINs

• Be suspicious of messages sent via SMS or WhatsApp asking for personal details

• Never click on links in such messages

• Never download any attached file in such messages, however interesting or attractive it may be made out to be

Separately, OCBC Bank advises consumers not to access their bank accounts through SMS links.

Mobile access to bank accounts should always be done using the official banking or payment app, or by keying in the bank's URL directly into the browser.

 

Reminder about SMS scams - do not click on any links from any SMSes coming from "OCBC".

Posted by OCBC Bank on Thursday, January 6, 2022

 

 

https://www.straitstimes.com/singapore/courts-crime/ocbc-bank-customer-lost-120k-in-fake-text-message-scam-another-had-250k-stolen

[The_King]

@socrates469bc please cum cream

[socrates469bc]

2 minutes ago, The_King said:

@socrates469bc please cum cream

 

kgks many many in this world.

 

ocbc not to be blamed, ok?????

 

https://www.businesstimes.com.sg/government-economy/ocbc-uob-shut-accounts-linked-to-alleged-us14-billion-nickel-fraudster-long

OCBC, UOB shut accounts linked to alleged US$1.4 billion nickel fraudster long before his arrest

Previously unreported timeline raises fresh questions about how Ng Yu Zhi maintained his scheme for so long

[The_King]

9 minutes ago, socrates469bc said:

 

kgks many many in this world.

 

ocbc not to be blamed, ok?????

 

https://www.businesstimes.com.sg/government-economy/ocbc-uob-shut-accounts-linked-to-alleged-us14-billion-nickel-fraudster-long

OCBC, UOB shut accounts linked to alleged US$1.4 billion nickel fraudster long before his arrest

Previously unreported timeline raises fresh questions about how Ng Yu Zhi maintained his scheme for so long

 

i dont blame ocbc cause in inside  at the min balance . all store in this. time tested. no OTP no virus no account.

 

 

 

[XianGe]

Tink better don't use joint

[aaur4man]

and that's why bank has vaults

[Londonchocolateroll]

If elderly people is cheated I can understand but young knowledgeable millennials clicking on links without even checking and even keying in their id and pw is really kumlan