1. SG Talk
  2. SG Talk
  3. Market Talk



Threaded Mode
If OTP is diverted and fraudsters empty your bank account....how?
sgbuffett

Supreme Guru
Reputation: 135
*******

 Posts: 22,263     Threads: 6,303     
Likes Received: 4,121 in 3,229 posts
Likes Given: 485
#1

19-09-2021, 01:18 PM
If all.money is stolen it may be costly to sue bank to get funds back.

I am requesting to use only security token for OTP and stop using SMS for transactions ....

Banks are not required to compensate you if it happens. They are only doing so this time out of "goodwill". If they refuse to compensate you can't do anything.

Also I find MAS statement disturbing to conclude that bank system is secure when the method of user  authentication  can be hijacked by fraudsters...doesn't this make it "unsecure"...yes the hacking occurred elsewhere but the bank is using an unsecured mechanism for authentication. So how can MAS conclude that the bank system is secure.

I feel they are making light of this whole thing. Imagine the distress if you wake up one day and all your money with the bank is gone....they should order a block of this ....

Quote:Given the unique circumstances of these cases, banks will provide a goodwill waiver to affected customers who had taken care to protect their credentials. 


https://www.mas.gov.sg/news/media-releas...d-payments
I, being poor, have only my dreams; I have spread my dreams under your feet; Tread softly because you tread on my dreams.
(This post was last modified: 19-09-2021, 01:28 PM by sgbuffett.)
Find
Reply
Ola

Supreme Guru
Reputation: 829
*******

 Posts: 14,147     Threads: 485     
Likes Received: 5,979 in 4,774 posts
Likes Given: 4,633
#2

19-09-2021, 01:30 PM
Was it reported that a few days ago, Singtel was hacked and all the OTP diverted to hackers who combined the bank details and scam away $$$$$$$.

Yes, security token seems to be much safer.
Why do we need 5 Mayors and 80 PAP Ministers? 
Find
Reply
sgbuffett

Supreme Guru
Reputation: 135
*******

 Posts: 22,263     Threads: 6,303     
Likes Received: 4,121 in 3,229 posts
Likes Given: 485
#3

19-09-2021, 01:36 PM
(19-09-2021, 01:30 PM)Ola Wrote:  Was it reported that a few days ago, Singtel was hacked and all the OTP diverted to hackers who combined the bank details and scam away $$$$$$$.

Yes, security token seems to be much safer.

Can you provide link to SingTel hacking? Can't seem to find it.
I, being poor, have only my dreams; I have spread my dreams under your feet; Tread softly because you tread on my dreams.
Find
Reply
Gemstar

Supreme Guru
Reputation: 171
*******

 Posts: 4,646     Threads: 8     
Likes Received: 1,918 in 1,465 posts
Likes Given: 5,727
#4

19-09-2021, 02:30 PM
(19-09-2021, 01:18 PM)sgbuffett Wrote:  If all.money is stolen it may be costly to sue bank to get funds back.

I am requesting to use only security token for OTP and stop using SMS for transactions ....

Banks are not required to compensate you if it happens. They are only doing so this time out of "goodwill". If they refuse to compensate you can't do anything.

Also I find MAS statement disturbing to conclude that bank system is secure when the method of user  authentication  can be hijacked by fraudsters...doesn't this make it "unsecure"...yes the hacking occurred elsewhere but the bank is using an unsecured mechanism for authentication. So how can MAS conclude that the bank system is secure.

I feel they are making light of this whole thing. Imagine the distress if you wake up one day and all your money with the bank is gone....they should order a block of this ....



https://www.mas.gov.sg/news/media-releas...d-payments
From what I understand, the security token already obsolete and no longer can be used.  All hv been linked to mobile with a OTP to access transactions. Correct me if i am wrong.
(This post was last modified: 19-09-2021, 02:32 PM by Gemstar.)
Find
Reply
sgxin

Senior Member
Reputation: 39
****

 Posts: 972     Threads: 2     
Likes Received: 286 in 234 posts
Likes Given: 74
#5

19-09-2021, 02:31 PM
(19-09-2021, 01:30 PM)Ola Wrote:  Was it reported that a few days ago, Singtel was hacked and all the OTP diverted to hackers who combined the bank details and scam away $$$$$$$.

Yes, security token seems to be much safer.

I still prefer the small offline HARDWARE security token, but all banks are phasing them out. 

For app-based token, I guess it is better to install it onto another (dedicated) phone that one doesn't use to surf web. This will minimise the chance of hackers also hijacking the installed banking app for the OTP.
(This post was last modified: 19-09-2021, 02:32 PM by sgxin.)
Find
Reply
Huliwang

Supreme Guru
Reputation: 141
*******

 Posts: 9,462     Threads: 8     
Likes Received: 2,872 in 2,253 posts
Likes Given: 1,005
#6

19-09-2021, 03:04 PM
You shud never link your cards or digital banking to your large accounts. Open an account with balance of around $100k for your cashless spending. So if fraudsters manage to empty it, you lost at most $100k and not a few.millions..... Rolleyes
 Thinking is difficult, that's why most people judge
                    Carl Jung
Find
Reply
talky

Supreme Guru
Reputation: 85
*******

 Posts: 6,914     Threads: 867     
Likes Received: 1,741 in 1,412 posts
Likes Given: 0
#7

19-09-2021, 03:13 PM
(19-09-2021, 02:31 PM)sgxin Wrote:  I still prefer the small offline HARDWARE security token, but all banks are phasing them out. 

For app-based token, I guess it is better to install it onto another (dedicated) phone that one doesn't use to surf web. This will minimise the chance of hackers also hijacking the installed banking app for the OTP.


my suggestions
maybe we add additional x nr of digits  and or Y nr of  alphabets in front n after the otp only known to the banks(prearranged w the banks) so hackers will not be able to steal
Find
Reply
WhatDoYouThink?

Supreme Guru
Reputation: 85
*******

 Posts: 8,063     Threads: 17     
Likes Received: 1,565 in 1,317 posts
Likes Given: 525
#8

19-09-2021, 03:14 PM
"all the money is gone" ? if you hv set the daily transfer/transaction limits, how could that happen?
Find
Reply
hansamu

Senior Guru
Reputation: 35
******

 Posts: 3,840     Threads: 373     
Likes Received: 991 in 853 posts
Likes Given: 213
#9

19-09-2021, 03:14 PM
(19-09-2021, 03:04 PM)Huliwang Wrote:  You shud never link your cards or digital banking to your large accounts. Open an account with balance of around $100k for your cashless spending. So if fraudsters manage to empty it, you lost at most $100k and not a few.millions..... Rolleyes

100k?.  ..I was looking at less than 10k.
Find
Reply
Huliwang

Supreme Guru
Reputation: 141
*******

 Posts: 9,462     Threads: 8     
Likes Received: 2,872 in 2,253 posts
Likes Given: 1,005
#10

19-09-2021, 03:19 PM
(19-09-2021, 03:14 PM)hansamu Wrote:  100k?.  ..I was looking at less than 10k.

That's much better. Mine is more, because I lazy go top up my account so often........ Big Grin
 Thinking is difficult, that's why most people judge
                    Carl Jung
Find
Reply
Sharexchange

Supreme Guru
Reputation: 103
*******

 Posts: 8,965     Threads: 173     
Likes Received: 2,135 in 1,863 posts
Likes Given: 572
#11

19-09-2021, 03:24 PM
Never trust bank.
Find
Reply
hansamu

Senior Guru
Reputation: 35
******

 Posts: 3,840     Threads: 373     
Likes Received: 991 in 853 posts
Likes Given: 213
#12

19-09-2021, 03:33 PM
(19-09-2021, 03:19 PM)Huliwang Wrote:  That's much better. Mine is more, because I lazy go top up my account so often...
It is because you are a rich man. 
Don't have to be so modest.. lol
Find
Reply
ArielCasper

Supreme Guru
Reputation: 95
*******

 Posts: 4,057     Threads: 52     
Likes Received: 1,069 in 835 posts
Likes Given: 1
#13

19-09-2021, 03:34 PM
If I remind the news, it was reported that it is not SingTel or the bank's fault, and they blame on oversea telco.

There wasn't enough details shared to make a logical call if the explanation make sense.

But I fail to see how a oversea telco come into the picture if the registered no to receive OTP is a local number. Maybe some folks here can help to explain.
1. I have served the nation in a combat unit for 2.5 + 10 years. I had fulfilled my duty as a citizen, but has the country do it's part for me?
2. I don't know where the threat of CCP is, but I know the threat of CECA is already at my doorsteps
3. I had been called a CCP, JHK, Pinoy, but they never called me a CECA..
[+] 1 user Likes ArielCasper's post
Find
Reply
sgbuffett

Supreme Guru
Reputation: 135
*******

 Posts: 22,263     Threads: 6,303     
Likes Received: 4,121 in 3,229 posts
Likes Given: 485
#14

19-09-2021, 03:40 PM
(19-09-2021, 03:14 PM)WhatDoYouThink? Wrote:  "all the money is gone" ? if you hv set the daily transfer/transaction limits, how could that happen?

Don't you know if they have your OTP they can change the limit. Also, credit card/debt...may not have daily limit.
I, being poor, have only my dreams; I have spread my dreams under your feet; Tread softly because you tread on my dreams.
Find
Reply
watchfirst9

Supreme Guru
Reputation: 58
*******

 Posts: 5,103     Threads: 68     
Likes Received: 788 in 731 posts
Likes Given: 226
#15

19-09-2021, 04:15 PM
(19-09-2021, 03:34 PM)ArielCasper Wrote:  If I remind the news, it was reported that it is not SingTel or the bank's fault, and they blame on oversea telco.

There wasn't enough details shared to make a logical call if the explanation make sense.

But I fail to see how a oversea telco come into the picture if the registered no to receive OTP is a local number. Maybe some folks here can help to explain.

So do not do transaction overseas?

Suspect there could be some insider involved else how to know account is being accessed.
Find
Reply
Ola

Supreme Guru
Reputation: 829
*******

 Posts: 14,147     Threads: 485     
Likes Received: 5,979 in 4,774 posts
Likes Given: 4,633
#16

19-09-2021, 05:48 PM
(19-09-2021, 01:36 PM)sgbuffett Wrote:  Can you provide link to SingTel hacking? Can't seem to find it.




This news link. On that day itself last week, it stated SingTel in one of the paragraphs but now when I re- read, the word was replaced by telecomm providers. 


75 S’pore bank customers cheated of S$500,000 through unauthorised credit card transactions via diverted SMS one-time passwords - TODAY (todayonline.com)
Why do we need 5 Mayors and 80 PAP Ministers? 
(This post was last modified: 19-09-2021, 05:49 PM by Ola.)
Find
Reply
Gstalk

Senior Guru
Reputation: 33
******

 Posts: 2,129     Threads: 282     
Likes Received: 673 in 541 posts
Likes Given: 3
#17

19-09-2021, 05:53 PM
(19-09-2021, 03:14 PM)WhatDoYouThink? Wrote:  "all the money is gone" ? if you hv set the daily transfer/transaction limits, how could that happen?



They can also change the limit by transferring the OTP for the change of limit.


Rotfl
Laughing
(This post was last modified: 19-09-2021, 05:53 PM by Gstalk.)
Find
Reply
Ola

Supreme Guru
Reputation: 829
*******

 Posts: 14,147     Threads: 485     
Likes Received: 5,979 in 4,774 posts
Likes Given: 4,633
#18

20-09-2021, 09:57 AM
(19-09-2021, 03:34 PM)ArielCasper Wrote:  If I remind the news, it was reported that it is not SingTel or the bank's fault, and they blame on oversea telco.

There wasn't enough details shared to make a logical call if the explanation make sense.

But I fail to see how a oversea telco come into the picture if the registered no to receive OTP is a local number. Maybe some folks here can help to explain.


It was the morning e- news that reported that Singtel was hacked.

Nothing to do with overseas telco at all.  Logically, how many residents here use overseas phone line? NONE, only tourist. 

PAP news seems to be trying to cover their backside by changing or removing e- news.
Why do we need 5 Mayors and 80 PAP Ministers? 
Find
Reply
ArielCasper

Supreme Guru
Reputation: 95
*******

 Posts: 4,057     Threads: 52     
Likes Received: 1,069 in 835 posts
Likes Given: 1
#19

20-09-2021, 10:05 AM
(20-09-2021, 09:57 AM)Ola Wrote:  It was the morning e- news that reported that Singtel was hacked.

Nothing to do with overseas telco at all.  Logically, how many residents here use overseas phone line? NONE, only tourist. 

PAP news seems to be trying to cover their backside by changing or removing e- news.
This is the part that give me the impression about oversea telco..

"They were then able to receive through the overseas mobile network systems the SMS one-time passwords sent by the banks to the victims."
1. I have served the nation in a combat unit for 2.5 + 10 years. I had fulfilled my duty as a citizen, but has the country do it's part for me?
2. I don't know where the threat of CCP is, but I know the threat of CECA is already at my doorsteps
3. I had been called a CCP, JHK, Pinoy, but they never called me a CECA..
Find
Reply
Sticw

Supreme Guru
Reputation: 109
*******

 Posts: 5,436     Threads: 33     
Likes Received: 1,945 in 1,486 posts
Likes Given: 370
#20

20-09-2021, 10:30 AM
(19-09-2021, 03:19 PM)Huliwang Wrote:  That's much better. Mine is more, because I lazy go top up my account so often........ Big Grin

Rich man.
Find
Reply
justdoit2

Member
Reputation: 4
***

 Posts: 98     Threads: 1     
Likes Received: 17 in 15 posts
Likes Given: 26
#21

21-09-2021, 07:31 PM
(19-09-2021, 04:15 PM)Iwatchfirst9 Wrote:  So do not do transaction overseas?

Suspect there could be some insider involved else how to know account is being accessed.
Most likely an inside job.  I ever used my office computer to do some banking transactions for the first time. On the same day I received an OTP for a transaction that I did not perform.  I quickly change my bank password and it never occur again.
Find
Reply
singlon

Supreme Guru
Reputation: 151
*******

 Posts: 15,541     Threads: 1     
Likes Received: 3,182 in 2,989 posts
Likes Given: 83
#22

21-09-2021, 08:12 PM
Like dat lo.
Chongkong all your money
wat can u do?
Wat you cannot do walking Main street naked is not yours.
That why when Klaus swab was here Chan said cotton came from sheep.
These people surely will in time take all in central control.
(This post was last modified: 21-09-2021, 08:16 PM by singlon.)
Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 1 Guest(s)