March 26, 2024

In several cases, the victims could not understand how the scammers were able to quickly raise their transaction limits and conduct large local and overseas transactions to new payees without the need for an SMS-based OTP, which is a form of two-factor authentication.

One couple in their 40s, whose joint savings account was wiped of S$80,000, admitted that while they were at fault for compromising their bank account by divulging their account name and bank access code, they did not give the scammers any OTP or security token information.

The bank’s internal investigation officers had told them it was impossible for such large transactions to be made without the OTP.

“But my husband (who was phished by the scammers) did not surrender the OTP to the scam website because he was driving at the time… Yet, they were able to take over our account’s OneToken without an OTP, and then transact after that,” said the wife.

The couple, who have three young children, have not been on talking terms since the incident on Dec 29. The financial loss has significantly impacted their family’s savings and scuttled plans to travel overseas with the kids in 2022, she said.

TODAY understands that OTP passwords sent via SMS could have been rerouted or compromised through a known vulnerability. Last September, Singapore authorities warned of bank OTPs being diverted to malicious actors overseas to conduct fraudulent transactions, affecting 75 bank customers.

OCBC head of group…

Read more…

Leave a Reply

Your email address will not be published. Required fields are marked *