[Bigiron]

At least 2 Android users lost about $100k in CPF savings after installing apps 

Read more 📍 http://www.asiaone.com/singapore/least-2...e=telegram&utmmedium=social&utmcampaign=&utmcontent=

Follow @AsiaOnecom for all the latest updates.

[[[ForeverAlone]]]

actually I post in my thread , on this

Curious how possible scammer can access.

even they know their victim bank account login , pass word.

still need OTP which is the bank app.

[sgxin]

The scammers were then able to access the victims’ CPF account remotely using the stolen Singpass passcode and requested to withdraw the victims’ CPF funds through PayNow.

Once the CPF funds are deposited into the victims’ bank accounts, the scammer accessed the victims’ banking application and transfer the CPF funds away via PayNow.

Seems like it is safer to link CPF to a bank account that doesn't have internet banking.
Just do a half-yearly or quarterly withdrawal using cashier's order into an intermediate bank account that is not tied to PayNow.

From the intermediate bank account, one can do periodic fund transfer (not using the phone with PayNow) to the 2nd bank account that PayNow accesses.

Even better protection when there is no hardware token is to use a dumb 4G phone to receive the OTPs sms.
A cheap SIM plan like Simba $5 senior plan can be used for such a non-internet phone. Only $60 a year.

https://sgtalk.net/Thread-Gone-in-20-min...#pid622370

[Ola]

CPF Funds can withdraw through PayNow?

[[[ForeverAlone]]]

actually If Any withdraw from bank More than I think 100 min and above.

The bank will send you sms and even email to you if you opt in.

They will stated if you never do this withdraw have to tell them.

[Blin]

actually I post in my thread , on this

Curious how possible scammer can access.

even they know their victim bank account login , pass word.

still need OTP which is the bank app.

Already proven can be done.

[[[ForeverAlone]]]

Already proven can be done.

so OTP also useless? Is more interesting how scammer get hold the OTP access.
I think I know why, partly the victim download the app which the artcle already mention

because IF YOU check your Bank account just log in and key in password , NO NEED OTP

BUT if you access from computer , DBS website log in , you need OTP to log access the account.

[sgxin]

CPF Funds can withdraw through PayNow?

Those 55yo or older with (excess) OA balance can do online (requires SingPass) requests for withdrawal to their bank account.

https://www.cpf.gov.sg/member/faq/retire...for-paynow

[sgbuffett]

For example, in June, a 34-year-old woman lost close to $30,000 after scammers took control of her phone when she downloaded a third-party app.

Separately, at least 113 Android phone users had their banking credentials stolen in phishing scams since March, with losses amounting to at least $445,000.

Within a few months have hundred of cases already 

The main security flaw is everything is on the phone and once hackers/scanmers take control of your phone you are gone case.


This is result of phasing out of separate hardware token to save money by the banks.

I'd the hardware token OneKey exists not a single such cases will happen.

However the authorities will just blame victims instead of doing something.

Authorities cannot be expecting old uncles and aunties to understand intricacies of software to prevent fraud ....by doing nothing they are just making this group sitting ducks for fraud.

[Blasterlord2]

so OTP also useless? Is more interesting how scammer get hold the OTP access.
I think I know why, partly the victim download the app which the artcle already mention

because IF YOU check your Bank account just log in and key in password , NO NEED OTP

BUT if you access from computer , DBS website log in , you need OTP to log access the account.

That's why I said Singapore govt has not been providing the right education to users. We need to know how scams are conducted. The govt should tell us why certain scams can go through despite there being measures like otp, 2fa etc. Even the hk govt is providing the info, why Spore is so lousy?

[jameslee58@hotmail.com]

Scammers access all these through legit means, meaning login as you
they not hacking into the bank, they use your identity to gain access, to the bank they see you as legit
That is why the bank like ocbc refused to compensate at the begining if you remember, until mas stepped in
How come there are so many of these nowadays, every month you get phone calls with indian accent, now they smarter, use recording or change their accent
The reason is very simple, just look at where the outsourcing center are
Your database full of client and employees information are stored in india, including your phone numbers, there's no law there when come to handling such info
One local bank here run a 50 million computer system for private clients, run by indian, the team is either indian or Filipinos, their management bragged they have control in place, do you know they can gain access to client info without a trail, read it and talk about it...
Do you think is logical to rethink this? Your priced jewel being managed and run by peoples from 3rd world, do you trust them so much until willingly to give away youself?

[talky]

so OTP also useless? Is more interesting how scammer get hold the OTP access.
I think I know why, partly the victim download the app which the artcle already mention

because IF YOU check your Bank account just log in and key in password , NO NEED OTP

BUT if you access from computer , DBS website log in , you need OTP to log access the account.

MAS STILL DOES NOT TAKE SCAMMING SERIUOUSLY

SHLD ENFORCE ALL BANKS TO LET ACCT HOLDERS TO OPT FOR HARD TOKENS 
NOW WE HV NO CHOICE ALL BANKS PHASED OUT HARD TOKENS, ONLY CAN USE DIGITAL TOKEN  OTP  ON HP

[Cmpunk]

How can CPF account so easy to get scammed ?

[RiseofAsia]

I have already warned so many times, never click any link. The scammers can use special characters which you may not easy for you to notice.

The biggest weakness for some ppl are too easy to trust someone who you don’t even meet before.

人笨是没药医。

[jameslee58@hotmail.com]

I can give you another example which they like to use
Someone call you to get a credit card
Sound like Singaporeans chinese, so after signed up, the accent became indian,
He can't help it, to show yoh how capable he is
Next thing you know, the person gave your number away is the indian n sat next to you, he gave your number away, so that he can find out how much your pay is,
Insurance agents also like to use this tactics
After he know your pay, next thing he going to do is ask from his boss for a raise, they are driven by greed, obviously talented in cheating, they laughed how easy to score and cheat

Singapore atrracted wrong talents

[gordongekko]

I can give you another example which they like to use
Someone call you to get a credit card
Sound like Singaporeans chinese, so after signed up, the accent became indian,
He can't help it, to show yoh how capable he is
Next thing you know, the person gave your number away is the indian n sat next to you, he gave your number away, so that he can find out how much your pay is,
Insurance agents also like to use this tactics
After he know your pay, next thing he going to do is ask from his boss for a raise, they are driven by greed, obviously talented in cheating, they laughed how easy to score and cheat

Singapore atrracted wrong talents

This still doesn't explain how they could bypass 2 factors authentication.

[sgbuffett]

CPF Funds can withdraw through PayNow?

Yes and they should stop it immediately as it is dangerous.

[Tee tiong huat]

How can CPF account so easy to get scammed ?

Is provide by him or her themself.

[jus4lucky]

why gov going to do. nothing?

[Lukongsimi]

Never mention iOS should be safer

[Tee tiong huat]

Is provide by him or her themself.

Victims had come across advertisements marketing groceries like seafood on social media platforms, including Facebook.

[Tee tiong huat]

Is provide by him or her themself.

Victims had come across advertisements marketing groceries like seafood on social media platforms, including Facebook.

[Tee tiong huat]

CPF Funds can withdraw through PayNow?

Like if you go buy $5 food they will remember your number or the PayNow or Paylah. 
Same same or Sama same Boleh. .

[p1acebo]

Heng ahhh I iPhone user all these while

[Tee tiong huat]

actually I post in my thread , on this

Curious how possible scammer can access.

even they know their victim bank account login , pass word.

still need OTP which is the bank app.

Victim bank account login, pass word is been copy. It take, ONLY 2 seconds or like if you go and buy $5 food they will remember your number.

[Tee tiong huat]

The trick is only a few seconds only.

[Tee tiong huat]

The trick is only a few seconds only.

 How long to copy your front and back atm card.

[Tee tiong huat]

How can CPF account so easy to get scammed ?

In this case. -- Victims came across advertisements on social media, and were given a link to: 

He or she download an Android Package Kit contained malware

QUESTION IS WHY?.

[Tee tiong huat]

In case -- Victims came across advertisements on news paper or social media, try not to give away one HP tel nos or go for the link.

[Lukongsimi]

Everyday got scam calls n WhatsApp
Got to get used to it no choice, complain also useless