• IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here.

    The OTHER forum is HERE so please stop asking.

Chitchat And these are the reasons why you shouldn't use Android phones

Scrooball (clone)

Alfrescian
Loyal
https://mothership.sg/2023/08/single-mother-malware-scam/

S'porean single mother, 49, unknowingly downloads Chrome-resembling malware, loses S$28,000​

The hackers controlled her phone and left her with only S$4 in her bank account.​

Winnie Li
Cover-image-3-1.png

|
clock.png
August 10, 2023, 06:12 PM
Telegram Whatsapp

A Singaporean single mother lost S$28,000 after a hacker cleaned out S$8,000 from her bank account and took another S$20,000 from a credit line which they applied under her name without her knowledge.

The 49-year-old woman said she had downloaded malware unknowingly, which allowed the hacker full control of her phone remotely, reported Shin Min Daily News.

How the unauthorised transfer was discovered​

The single mother, surnamed Chen (transliteration from Mandarin), told Shin Minreporters that she received a notification on her phone at around 6pm on Jul. 18, 2023, informing her that a transfer of S$6,000 had been made.

However, when the notification disappeared after she clicked on it, Chen suspected something might be wrong.

She checked her bank account online and found only S$4 left.

Shocked, she immediately contacted her bank to freeze her account, alerted the police, and handed her phone to the police for investigation.

Police findings​

Chen said the investigating officer told her the hacker had likely hacked Chen's phone through malware and transferred the money from her account.

Chen was also told that she had probably clicked on an advertisement accidentally while browsing through Facebook and downloaded the malware, which had an icon that looked like Google's Chrome browser, without knowing.

However, the hacker needed Chen's authorisation to control her device remotely.

To that end, the hacker tricked her into giving her authorisation by deceiving her with a notification that asked her to update the "browser".

Looking back, Chen could vaguely recall that she had once received a notification on her phone which stated that her Chrome-resembling app would require an update.

At that time, she didn't think too much of it and clicked on the "agree" button.

"I have multiple pages of apps on my phone, so I didn't notice I have downloaded two Chrome apps," shared Chen, who wants to caution others to check their phones.

Hacker deleted notification messages from bank​

The investigation officer further explained to Chen that after the hacker received her authorisation, they could control Chen's phone remotely by downloading TeamViewer, a remote access and control software, onto her phone.

After taking control of her phone, the hacker logged into her bank account on Jul. 15, 2023, and added a new recipient before making five transfers on Jul. 18.

The hacker also utilised a S$20,000 credit line they applied under Chen's name without her knowledge.

While making the transfers, the hacker simultaneously deleted all the messages in Chen's phone from her bank that notified her of the transactions.

As a result, Chen was only able to notice the unauthorised transfers four hours after the hacker began making the transfers, according to her bank.

Money transferred to a cryptocurrency company​

Chen also discovered her monies were transferred to a cryptocurrency company.

After the money was transferred to the company, it was converted into stablecoin before it was transferred to a third-party recipient, the police told Chen.

They also told her she was unlikely to get her money back.

Bank initially asked Chen to pay back S$20,000​

Although Chen had explained to her bank about her situation, it insisted that she pay back the S$20,000 withdrawn under her credit line.

She would also need to pay another S$700, which includes interest and administration fees.

If she fails to repay the bank, her credit rating will suffer.

Chen told Shin Min that while she understood she had given her "permission" for the S$8,000 transfer, she had never applied for the credit line, and she didn't understand why the bank would approve a credit line application of such a high amount.

She also revealed that she had recently separated from her husband and is currently taking care of her two daughters, aged seven and 10, respectively, alone.

As she needed to work, she said she had to hire a domestic helper for S$700 monthly to take care of her daughters.

Bank currently reviewing Chen's case​

Chen said she contacted her Member of Parliament (MP) and the Financial Industry Disputes Resolution Centre for help.

On Aug. 6, she also received an update from her bank, who informed her that the bank would review her case.

Chen hopes the bank could waive the S$20,000 debt out of goodwill.

She also said she would be more careful in the future and caution others to pay more attention to the apps they download.

Top image via Shin Min Daily News
 

Scrooball (clone)

Alfrescian
Loyal
https://mothership.sg/2023/08/ocbc-security-feature-delete-third-party-apps/

OCBC app new security feature prompts users to delete unofficial 3rd party apps, bank says no breach in privacy​

The bank emphasises it does not monitor phone activities.​

Hannah Martens
Cover-Photos-49.png

|
clock.png
August 10, 2023, 07:39 PM
Telegram Whatsapp

OCBC customers are up in arms over the new security feature on its mobile app, with many taking to the the comment section of the bank's Facebook page with messages and one-star reviews on the Google Playstore.

What is the new update?​

On Aug. 5, OCBC launched its latest security update to the OCBC Digital app as part of its ongoing efforts against cybercrime and to protect customers' online banking experience.

This "essential security enhancement" will only allow the OCBC Digital app to work on phones whose mobile apps are only downloaded from official app stores.

Apps that come from other sources, like Android Package Kit (APK) files, "tend to have more security vulnerabilities, including being more susceptible to malware infection", said OCBC.

"If you try to access the OCBC Digital app on a device which has apps were not downloaded from an official app store, you will see a message – warning you of one or more potentially malicious/ harmful apps on your device – pop up on your screen. Please uninstall such apps so you can continue to use the OCBC Digital app. You do not have to delete the OCBC Digital app."

Unable to log in to OCBC Digital app on their phone​

Some customers discovered they could not use the OCBC Digital app on their phones after its most recent update.

One user told Mothership that they could not log in to their OCBC Digital app if any apps were not installed from Google Playstore or Apple app store.

Another informed Mothership that when they updated their OCBC mobile app on their Android phone, it showed a message that they had to uninstall the Douyin app from their phone.

They said they downloaded that app without going through an official store, such as the Google Playstore.

Some apps that users gathered that need to be uninstalled before they could use the OCBC digital app are Douyin, Temp Mail, SD Maid, All-In-One Toolbox, aodNotify, Snaptube, and APKPure, according to a post on Facebook group Complaint SG.

photo_2023-08-10-11.54.29.jpeg
Screenshot via Facebook

Users are not happy with this new feature​

OCBC Digital app users made their disappointment known by flooding the Google Playstore with one-star reviews for the OCBC Digital app.

Screenshot-2023-08-10-at-11.34.24-AM.png
Screenshot via Google Playstore
Screenshot-2023-08-10-at-11.34.06-AM.png
Screenshot via Google Playstore
Screenshot-2023-08-10-at-11.31.28-AM.png
Screenshot via Google Playstore
Screenshot-2023-08-10-at-11.33.49-AM.png
Screenshot via Google Playstore
Many have also expressed their frustrations over the latest update in the comment section of OCBC's Facebook page.

Screenshot-2023-08-10-at-10.57.10-AM.png
Screenshot via Facebook
Screenshot-2023-08-10-at-10.46.03-AM.png
Screenshot via Facebook
Screenshot-2023-08-10-at-10.59.39-AM.png
Screenshot via Facebook

OCBC: Apps downloaded from official app stores not affected​

On Aug. 6, 2023, OCBC put out a statement on Facebook stating they implemented a security feature on their OCBC Digital app to further safeguard their customers from malware.

"With this enhancement, we can detect any app that has been downloaded from unofficial app stores. Once these apps are detected, if you do not uninstall them, you will not be able to log in to our internet banking and/ or the OCBC Digital app."

OCBC also linked an advisory from the Singapore Police Force regarding the dangers of downloading apps from third-party sites in the comment section.

They even provided a screenshot of a particular part of the advisory.

Screenshot-2023-08-10-at-12.04.18-PM.png
Screenshot via Facebook
OCBC added at 5:10pm on Aug. 7 that to use the apps customers uninstalled, they would need to download them only from official app stores.

At 6:35pm, OCBC clarified that they do not "monitor customers' phone activity, nor conduct surveillance on phones".

"We would like to assure our customers that our new security feature does not collect nor store any personal data from customers. This technology detects apps that are not downloaded from official app stores only when the OCBC Digital app is opened. It does not identify the owner of the device. All it does is to alert customers to apps that could compromise the device to malware scams. We apologise for any inconvenience caused. We seek your patience as this feature is aimed to safeguard customers from malware scams."
Screenshot-2023-08-10-at-12.12.03-PM.png
Screenshot via Facebook
Despite the clarification, many OCBC users were still angry with the bank for having such a feature in the first place, and they let their displeasure show in the comments.

Screenshot-2023-08-10-at-10.46.03-AM-1.png
Screenshots via Facebook
Screenshot-2023-08-10-at-10.47.02-AM.png
Screenshots via Facebook
Screenshot-2023-08-10-at-10.50.17-AM.png
Screenshots via Facebook
Screenshot-2023-08-10-at-10.53.43-AM.png
Screenshots via Facebook
Screenshot-2023-08-10-at-10.53.16-AM-1.png
Screenshots via Facebook

MAS and the Association of Banks in Singapore support OCBC's move​

In a press release on Aug. 8, 2023, the Monetary Authority of Singapore (MAS) said it "strongly supports banks' initiatives to bolster the security of digital banking".

MAS stated that it has been working closely with banks to introduce measures to address the risks associated with malware-related scams, which "an increasing number of customers have fallen prey to".

"Security measures will come with some measure of added inconvenience for customers, but they are necessary to maintain security of and confidence in digital banking. Coupled with a vigilant and discerning public, robust security measures will help us strengthen our defence against scams."
The Association of Banks in Singapore (ABS) emphasised that banks do not monitor customers' phone activity or conduct surveillance on mobile phones.

"We would like to assure all banking customers that this security feature does not collect nor store any personal data. The technology detects higher risk behaviours which are characteristic of known malware activities when the banking apps are opened. It does not identify the owner of the mobile phone," said director of ABS, Ong Ai Boon.

OCBC emphasises it does not monitor phone activities​

Speaking to Mothership, OCBC's head of the anti-fraud division, Beaver Chua, emphasised that on the bank's side, they do not know what apps are flagged on users' phones.

All the checks for malware on the phone happen on the phone itself, said Chua.

"Whatever content you have [that] is on your phone... it doesn't go to us. We are just asking before you enter into the app, the app is just checking the phone for any sort of dodgy apps around. If you have, we can't let you log in."

Chua also assured that the information does not go back to the bank, and the banks do not know what apps are flagged.

The bank does not have access to users' private data on their phones, like their photos or documents, there is no surveillance capability, and it is not checking users' phones actively, he said.

"We want to stop any potential scammers from taking over the phone and trying to launch the online banking app and then utilise our app with the information [they] have gotten from the user and then emptying out the banking account."

Chua clarified that they are not stopping users who downloaded apps not from official stores like Google Playstore, App Store, Huawei App Gallery, and OPPO Store.

The OCBC Digital app will only stop users from logging in if they have an app on their mobile phone that is not from an official app store, and the app must have a risky setting known in the IT security space to cause a security problem.

Chua stressed that this security update is to protect the customers, especially the vulnerable customer who may fall victim to scams and install an app that is not from an official store.

Before OCBC rolled out the new security update, they would have at least one reported case of malware from third-party apps that led to users having their bank accounts drained. Chua stated that since the update, they have not seen any cases reported to them.

He also shared that these cases appear only to Android phone users.

Users can read up on the new security update on OCBC's FAQ page for more information.

Top photos via OCBC
 

orh mee suah

Alfrescian
Loyal
Too many cases already.
Digital apps have proven to be unsafe. Scammers are smarter.
Bring back the physical tokens, damned it!
 

sbfuncle

Alfrescian
Loyal
I have said is time to decommission digital banking and transactions. Banks are just now not acknowledging it aka denial. When more cases happen (which will happen) then probably is the end of road for mobile banking apps and ibanking.
Will scammer able to hack your money when you don't use mobile banking and financial app ?
Yes they still can unless you ask all the banks to disable your ibanking functions. Return all your token or digital tokens now before is too late.
 

laksaboy

Alfrescian (Inf)
Asset
I have said is time to decommission digital banking and transactions. Banks are just now not acknowledging it aka denial. When more cases happen (which will happen) then probably is the end of road for mobile banking apps and ibanking.
Will scammer able to hack your money when you don't use mobile banking and financial app ?
Yes they still can unless you ask all the banks to disable your ibanking functions. Return all your token or digital tokens now before is too late.

Too late, the genie is out of the bottle. Also, what's wrong with collecting more money from license fees? :wink:



updated-070823_-Trust-Bank-GXS-Bank-MariBank_-Should-You-Open-a-Digital-Bank-Account_.png
 

Willamshakespear

Alfrescian
Loyal
Rather than to stop the ever growing app tech that has made life easier & convenient for Humankind just because of greed by some, perhaps banks can hold any sums above $200 for at least 2 days before allowing any transfers being made, for ordinary citizens, so that it will give time for victims to discover suspicious activities & to freeze funds.

As for companies or individuals with investment/trade accounts, they would have better IT security than ordinary folks, & will need to transfer vast sums at speed of light to close deals or for immediate deliveries of goods & services.
 

sbfuncle

Alfrescian
Loyal
Rather than to stop the ever growing app tech that has made life easier & convenient for Humankind just because of greed by some, perhaps banks can hold any sums above $200 for at least 2 days before allowing any transfers being made, for ordinary citizens, so that it will give time for victims to discover suspicious activities & to freeze funds.

As for companies or individuals with investment/trade accounts, they would have better IT security than ordinary folks, & will need to transfer vast sums at speed of light to close deals or for immediate deliveries of goods & services.
Many of this comments need to be corrected.

Greed by some - actually is Greed by many. Do not be blinded by the Greed of the bank itself. The bank knew that there are many security loopholes out there for scammer to take advantage of but due to Greed they still roll out all this digital technologies for fast money transactions.

For many ordinary folks, the few hundreds of dollars can be a life and death bread and butter matters. They would rather go directly to bank counter and queue to get the money then to wait for that 2 days.
Do not underestimate how poor many ordinary folks are.

When you do this - letting bank hold amount >$200 for 2 days the bank will have the last laugh. They will own your money without interest over weekends and ph and that 2 days.
Bank will need to pay interest for holding that money if this were to be implemented.
 
Last edited:

Willamshakespear

Alfrescian
Loyal
Many of this comments need to be corrected.

Greed by some - actually is Greed by many. Do not be blinded by the Greed of the bank itself. The bank knew that there are many security loopholes out there for scammer to take advantage of but due to Greed they still roll out all this digital technologies for fast money transactions.

For many ordinary folks, the few hundreds of dollars can be a life and death bread and butter matters. They would rather go directly to bank counter and queue to get the money then to wait for that 2 days.
Do not underestimate how poor many ordinary folks are.

When you do this - letting bank hold amount >$200 for 2 days the bank will have the last laugh. They will own your money without interest over weekends and ph and that 2 days.
Bank will need to pay interest for holding that money if this were to be implemented.

Interest rate at 3%/yr of $200 = $0.02cts/day
Interest rate at 3%/yr of $100,000 = $8.20cts/day ( $100,000 is the est amount that attracts scammers, based upon reports )

Bus fare to & fro nearest bank = est$2.
Hours spent queuing up at bank = est 2 hrs

one click on button thru SECURED online banking = saves one often more than dollars & time.

There are many more effective counter-measures against scammers. Perhaps OCBC had not sought to discuss the issue thoroughly with others, especially with tech specs?

Another issue that will soon be a growing fear - HOW did scammers know who to target, as it seems to know who have high net worth. Only the banks know how much one has in its accounts. Was such information compromised by those whom have tech accounting access to such information.......?
 

sbfuncle

Alfrescian
Loyal
Interest rate at 3%/yr of $200 = $0.02cts/day
Interest rate at 3%/yr of $100,000 = $8.20cts/day ( $100,000 is the est amount that attracts scammers, based upon reports )

Bus fare to & fro nearest bank = est$2.
Hours spent queuing up at bank = est 2 hrs

one click on button thru SECURED online banking = saves one often more than dollars & time.

There are many more effective counter-measures against scammers. Perhaps OCBC had not sought to discuss the issue thoroughly with others, especially with tech specs?

Another issue that will soon be a growing fear - HOW did scammers know who to target, as it seems to know who have high net worth. Only the banks know how much one has in its accounts. Was such information compromised by those whom have tech accounting access to such information.......?
For the interest rate matters it is more on the bank side whether they are OK to payout even it may appear to be a negligible amount, it's about cyclic volumes. I doubt bank is willing to payout such misers amount so why should the users bear the cost ?
Effective counter measures - I think it is not easy even if bank is willing to investigate to the bottom. Firstly they need to accept it is their problem 1st before talking further because 1st of all they rolled out something or over a decades without thinking of the consequences. After they accepted it, I also think it will be very difficult because scammers can constantly counter them back. The root cause is that android and open source is not secured. The only way is to accept that this technology is a failure and decommission it.
It doesn't mean that when we are moving ahead means things must continue to move ahead. Be realistic and move back when is necessary. Or else we may loss more than gain.
Bottom line is digital banking is not secured.
 
Last edited:

sbfuncle

Alfrescian
Loyal
Interest rate at 3%/yr of $200 = $0.02cts/day
Interest rate at 3%/yr of $100,000 = $8.20cts/day ( $100,000 is the est amount that attracts scammers, based upon reports )

Bus fare to & fro nearest bank = est$2.
Hours spent queuing up at bank = est 2 hrs

one click on button thru SECURED online banking = saves one often more than dollars & time.

There are many more effective counter-measures against scammers. Perhaps OCBC had not sought to discuss the issue thoroughly with others, especially with tech specs?

Another issue that will soon be a growing fear - HOW did scammers know who to target, as it seems to know who have high net worth. Only the banks know how much one has in its accounts. Was such information compromised by those whom have tech accounting access to such information.......?
Another area which bank and gov/mas has to acknowledge and address is on overseas law for online scammings.
Why is it that once money is out of the country, gov and the law is not able to act on the criminals ?
This is the most ridiculous part of the matter.
You want digital transactions globally and yet when is out of the country, nothing can be done?
Did anyone asked mas this big question ?
If this simple and reasonable request is not addressed, I think is stupid to give license to more and more banks and even naming it Trust Bank when is not trustable at all.
 
Last edited:

Willamshakespear

Alfrescian
Loyal
It is not easy to scam the financially wealthy whom have experts in legal & tech to assist them, as well as individuals with investment portfolios whom are very careful with their hard earned money.

It is the aged & the non-tech savy individuals whom are more susceptible to scams. Banks do have a part to play to find counter measures against scamming.

1.The OCBC initiative would work, but ONLY if it provides handphones with only trusted apps installed, free or on hire purchase. Any other apps installed would render the phone unable to log in to the Bank. Thus the customer will have to obtain another phone if he/she intends to download videos, games & other apps & when the victim attempts to use the other phone to log in to the Bank, it will be unable to do so as the Bank will not recognize the device attempting to connect to the bank.

2. Banks will have to review their tech security measures with regards to customers' accounts. With just a simple microsoft excel program, someone whom has access to servers in a bank, will use a USB flash drive to connect with the bank main servers. The program will search out targets of interest - those whom are in their 40s & above, with little education, but with savings in ten of thousands, then list it on its spreadsheet, including phone numbers & all other details. Within 15mins, it would be enough to gather all info. With the USB flash drive pulled out & easily walked out of the bank office after working hrs, it can be sold to 3rd parties for a sum of money, which are what scammers need to shorten the million people list to focus on.

3. The MAIN counter measures are still upon those who use handphones for transactions. If they need help to download apps, especially our aged, perhaps our Community Centres can help, such as 2hrs every Saturday to assist on any downloads of necessary apps, staffed by volunteers whom are tech savy, whom can even run a diagnostic check on their handphones for any malicious apps.
 

laksaboy

Alfrescian (Inf)
Asset
Another area which bank and gov/mas has to acknowledge and address is on overseas law for online scammings.
Why is it that once money is out of the country, gov and the law is not able to act on the criminals ?
This is the most ridiculous part of the matter.
You want digital transactions globally and yet when is out of the country, nothing can be done?
Did anyone asked mas this big question ?
If this simple and reasonable request is not addressed, I think is stupid to give license to more and more banks and even naming it Trust Bank when is not trustable at all.

The PAP technocrats are globalist bootlickers of the WEF and Klaus Schwab.

What you witness now is the consequence of that.

Now watch as the PAP regime comes up with plans to 'protect' you regarding this. Hope your IQ isn't low enough to see through the ruse. :cool:

 
Top