Posts: 4,030
   
Threads: 52
    
Likes Received: 1,063 in 827 posts
Likes Given: 1
(16-01-2022, 11:42 AM)Bigbluedot Wrote: 1. Customer did "click ' by being tricked by scammer. But why scammer can change limit and add a payee so easily. ? Bcoz the security is not tight enough. Some banks dont allow limit to be changed auto online.
Example is cimb bank requires me to email them abt the req change and they call back to confirm. Not online thingy.
2. Even if the banks use the industry standard software solutions, they cannot just sleep there.
You should know that softwares change at near lightning speed.
Your solution is obsolete but you still kooning whereas scammers can take advantage of the new capabilities.
I don't know about your guys.
But because of this, I tried changing my ATM withdraw limit for OCBC.. It did a 2FA authentication with my phone (I am using my phone as 'token', so I am assuming adding a payee will need the same authentication). Maybe some of you can try and let the rest know.
As for whether to allow change of limit online, it depend on individual. Some wants the convenience.
I don't know if OCBC solution is obsolete, but it allows me to use my phone to authenticate instead of SMS. DBS and UOB also have similar features.. So if OCBC solution is obsolete, then it is a industry wide problem.
Maybe we should all go back to our parent's days, all transactions must go to the bank to carry out.. Safer..
1. I have served the nation in a combat unit for 2.5 + 10 years. I had fulfilled my duty as a citizen, but has the country do it's part for me?
2. I don't know where the threat of CCP is, but I know the threat of CECA is already at my doorsteps
3. I had been called a CCP, JHK, Pinoy, but they never called me a CECA..
>
Posts: 2,279
   
Threads: 0
    
Likes Received: 786 in 614 posts
Likes Given: 534
Can a person move the fund from fixed deposit account to saving account using Internet banking? If can, I better go to the bank and to close my Internet banking account.
Posts: 22,618
   
Threads: 6,432
    
Likes Received: 4,145 in 3,251 posts
Likes Given: 498
(16-01-2022, 12:45 PM)ArielCasper Wrote: I don't know about your guys.
But because of this, I tried changing my ATM withdraw limit for OCBC.. It did a 2FA authentication with my phone (I am using my phone as 'token', so I am assuming adding a payee will need the same authentication). Maybe some of you can try and let the rest know.
As for whether to allow change of limit online, it depend on individual. Some wants the convenience.
I don't know if OCBC solution is obsolete, but it allows me to use my phone to authenticate instead of SMS. DBS and UOB also have similar features.. So if OCBC solution is obsolete, then it is a industry wide problem.
Maybe we should all go back to our parent's days, all transactions must go to the bank to carry out.. Safer..
in the ocbc scam, the customer keyed in hs login id, password and otp from his phone digital token at fake site
once the scammer get this 3 things his uses it to shift digital token to his own device.
now scammer can generate otp from his device.
basically he can do anything he wants.
the dbs system has an extra step:
1. it sends sms to your phone with code.
2. you key in code to token to generate new code.
ths new code is needed.
for the dbs system the hacker need to capture both sms and token.
this is harder because you need sms plus token to move the token.
I, being poor, have only my dreams; I have spread my dreams under your feet; Tread softly because you tread on my dreams.
>
Posts: 20,086
   
Threads: 546
    
Likes Received: 4,654 in 4,147 posts
Likes Given: 479
(16-01-2022, 12:45 PM)ArielCasper Wrote: I don't know about your guys.
But because of this, I tried changing my ATM withdraw limit for OCBC.. It did a 2FA authentication with my phone (I am using my phone as 'token', so I am assuming adding a payee will need the same authentication). Maybe some of you can try and let the rest know.
As for whether to allow change of limit online, it depend on individual. Some wants the convenience.
I don't know if OCBC solution is obsolete, but it allows me to use my phone to authenticate instead of SMS. DBS and UOB also have similar features.. So if OCBC solution is obsolete, then it is a industry wide problem.
Maybe we should all go back to our parent's days, all transactions must go to the bank to carry out.. Safer..
Yes, we should all go back to our parent's days, where things are done using hardcopy, like cheques and personally going down the bank to do big transactions.....It may seem regressive but it better than to be scammed by the hundreds of thousands........
Posts: 475
   
Threads: 4
    
Likes Received: 215 in 160 posts
Likes Given: 517
(16-01-2022, 01:01 PM)sgbuffett Wrote: in the ocbc scam, the customer keyed in hs login id, password and otp from his phone digital token at fake site
once the scammer get this 3 things his uses it to shift digital token to his own device.
now scammer can generate otp from his device.
basically he can do anything he wants.
the dbs system has an extra step:
1. it sends sms to your phone with code.
2. you key in code to token to generate new code.
ths new code is needed.
for the dbs system the hacker need to capture both sms and token.
this is harder because you need sms plus token to move the token.
Not true. DBS also send SMS to the HP and with OTP via sms, you can transact online and change limit. My concerns is that if the internet bank account can be so easily hacked, then they Banks should add in another layer of protection on the changing of transacted limit by either a email confirmation or phone call verification in order to change the limit.
Main reason to set the transacted limit is to protect your bank account but if the Banks are so handoff to allow one to change the limit transacted limit online, once the account is being hacked, all gone your saving.
The banks need to put in extra secure step before transacted limit can be changed : either to personally do it at the bank or any other extra steps, its a bit inconvenient, but its safer way to protect ones money in the bank
Posts: 5,801
   
Threads: 2,163
    
Likes Received: 2,065 in 1,502 posts
Likes Given: 1
This scam is easily solved even if the scammer has all my passwords and tokens.
why OCBC cannot solve ?
Posts: 5,774
   
Threads: 1,724
    
Likes Received: 1,580 in 1,157 posts
Likes Given: 162
why are we even asking/saying this
of course the bank have to pay for the losses
it was the bank's poor security that led to scammers able to take the money
Posts: 475
   
Threads: 4
    
Likes Received: 215 in 160 posts
Likes Given: 517
(16-01-2022, 01:55 PM)forum456 Wrote: This scam is easily solved even if the scammer has all my passwords and tokens.
why OCBC cannot solve ?
Bro can please advise here so that we at least can protect each own internet bank account. thanks
Posts: 2,448
   
Threads: 510
    
Likes Received: 752 in 599 posts
Likes Given: 1,425
(16-01-2022, 11:06 AM)starbugs Wrote: I won't call HFK an establishment person. His articles have always been quite objective. Unlike his colleague...a certain Chua XX who also regularly writes opinion pieces.
IMO she is Shit Times best journo whose writing skills can match those from established ang mo news agencies. However I do agree she also tends to side with her paymasters when it comes to commentaries on policy making. In the real world iz hard to say no to good money and still maintain your integrity unless you have something else going on for you.
Posts: 28,011
   
Threads: 9,008
    
Likes Received: 5,560 in 5,018 posts
Likes Given: 9
Stop dreaming man, EVEN 2 dollars they also want ok, if your bank account less than the min sum.
Posts: 5,801
   
Threads: 2,163
    
Likes Received: 2,065 in 1,502 posts
Likes Given: 1
(16-01-2022, 02:14 PM)kc172021 Wrote: Bro can please advise here so that we at least can protect each own internet bank account. thanks
very easy.
scammer can take your money because you are not aware that your money is being transferred.
if you are notified that your money is being transferred, you will not approve of your transfer.
OCBC can SMS to you that your money is being transferred and ask for your approval.
once you receive SMS that your money is being transferred, you reject the request and report to police.
no one can transfer your money if they have all your passwords and tokens.
the sms will only send to your phone, your phone will control the approval of money transfer.
scammer can have all your passwords and tokens but still need your phone to approve the money transfer.
(This post was last modified: 16-01-2022, 03:08 PM by
forum456.)
Posts: 3,857
   
Threads: 513
    
Likes Received: 560 in 537 posts
Likes Given: 741
(16-01-2022, 11:53 AM)forum456 Wrote: No matter how many times the money is transferred, the electronic trail will be recorded until the money is cashed out.
Even if the money is cashed out ,the person identity will be known because he owns the final bank account.
It is up to OCBC and the police to go after the person who cash out the money.
No one can steal bank money using online account without exposing their own identity
https://youtu.be/EZDDJ1d5Vt4
Posts: 4,030
   
Threads: 52
    
Likes Received: 1,063 in 827 posts
Likes Given: 1
(16-01-2022, 03:07 PM)forum456 Wrote: very easy.
scammer can take your money because you are not aware that your money is being transferred.
if you are notified that your money is being transferred, you will not approve of your transfer.
OCBC can SMS to you that your money is being transferred and ask for your approval.
once you receive SMS that your money is being transferred, you reject the request and report to police.
no one can transfer your money if they have all your passwords and tokens.
the sms will only send to your phone, your phone will control the approval of money transfer.
scammer can have all your passwords and tokens but still need your phone to approve the money transfer.
Isn't what you describe already there right now, as in the transaction will be completed if you press the accept button on my phone banking app?
1. I have served the nation in a combat unit for 2.5 + 10 years. I had fulfilled my duty as a citizen, but has the country do it's part for me?
2. I don't know where the threat of CCP is, but I know the threat of CECA is already at my doorsteps
3. I had been called a CCP, JHK, Pinoy, but they never called me a CECA..
>
Posts: 9,592
   
Threads: 8
    
Likes Received: 2,896 in 2,276 posts
Likes Given: 1,006
Come to think of these scam cases, all the scammers needed are just three things to take over your account completely..
1. Phone number. This is obtained by trial and error by sending you a phishing message with a link for you to click. Once you click the link and responded, the scammers confirmed a fish is caught with this phone number. Once he got your phone number, he can imitate bank and send OTP to you by SMS.
2. User ID. This is obtained by you clicking his phishing link and logging into your OCBC or whatever bank fake bank site .
3. Password. Same as 2 above this is obtained by you clicking the fake bank link and logging in.
So that's it, your account is being hijacked. So the lesson learnt is dun and never click any link send by bank on SMS which I believe banks dun do this.
If the phishing message comes from email asking you to click a link, this will not expose your phone number and scammers cannot send fake OTP to you by SMS. ....
Thinking is difficult, that's why most people judge
Carl Jung
>
Posts: 1,161
   
Threads: 17
    
Likes Received: 210 in 176 posts
Likes Given: 7
What Bank need just installed one emergency button for all online transactions if anything go wrong just send SMS with another’s password or go to nearest ATMs machine to temporarily locked the account … soooooo simple tio BOH?!!
Users browsing this thread: 1 Guest(s)