As Singaporeans are increasingly shopping online with credit cards, they’ll be familiar with the various security measures necessary.
One of these measures is a One-Time Password (OTP) that’s sent to your phone to make sure it’s really you making the transaction.
However, fraudsters have now managed to bypass this protection by diverting the OTPs to themselves.
This resulted in 75 Singapore bank customers falling victim to unauthorised transactions on their credit cards.
The news was revealed in a media release on Wednesday (15 Sep) by the Infocomm Media Development Authority (IMDA), Monetary Authority of Singapore (MAS) and Singapore Police Force (SPF).
The culprits behind these dark deeds are “malicious actors” from overseas, they said.
All was uncovered thanks to joint investigations by the SPF and IMDA, with the support of local banks.
The authorities also explained how the perpetrators did it.
At the outset, the credit card details of victims were obtained, though the authorities didn’t say how that was done.
Separately, the malicious actors also gained unauthorised access to the systems of overseas telecommunications operators.
It wasn’t mentioned whom these telcos were, or which country they were from.
With control of the overseas telcos, the malicious actors could then modify the location data of the Singaporean victims’ mobile phones.
That means when banks sent their customers OTPs via SMS, they were diverted to overseas mobile network systems controlled by the perpetrators.
They could then make fraudulent online card payments with the victims’ card details, and authorise these payments with the OTPs sent to them.
This mode of attack that involves diverting SMSes requires “highly sophisticated expertise”, said the authorities, as overseas telcos need to be compromised.
As a result of these unauthorised transactations, $500,000 was lost by 75 bank customers in Singapore.
The fraudulent payments occurred between Sep and Dec 2020.
The victims had said that they didn’t initiate any of the transactions, neither did they receive any OTPs to authorise them.
After reviewing the cases with the SPF, the relevant banks have decided to provide a goodwill waiver to those affected who had taken care to protect their credentials.
As for the security of our local banks and telcos, the authorities have said that all is well.
The banks’ investigations have found that their systems were secure and uncompromised. They didn’t cause these incidents.
Our local telcos’ networks are also secure and haven’t been compromised, the authorities said.
However, IMDA has told the telcos to implement additional safeguards like specialised firewalls and system safeguards.
These will help monitor and block suspicious SMS diversions.
The authorities also advised members of the public to be alert and vigilant against criminals trying to get their personal details via malware and phishing.
One way would be to safeguard our bank account and credit card details by:
The overseas telcos that were illegally accessed have been identified and notified, the auhorities said.
They’re now trying to identify the malicious actors and so they can be brought to justice.
In Jun, MS News reported that a Singapore woman claimed 7 transactions were made on her credit card, amounting to $10,150, without her authorisation.
She also said that she didn’t get any OTP from DBS Bank for any of the payments.
After making a police report, Ms Danica Alena Choo said she found out that the transactions were made via a website that enables overseas money transfers.
It was also revealed that the money was allegedly wired to a Malaysian company and processed in ringgit.
In response to MS News queries, a DBS spokesperson directed us to its security guide and reminded customers not to click on links or install any programs from suspicious sources.
Now that the deeds of these malicious overseas actors have been revealed, it’s uncertain whether Ms Choo was one of their victims.
Almost every younger Singaporean has bought stuff online with a card.
Thus, the advisories for safeguarding our precious info must be taken seriously.
While you might think it won’t happen to you, bad but very skilled people do exist. And they’re trying their hardest to cheat your money.
The only way to stop them is by being vigilant.
Have news you must share? Get in touch with us via email at news@mustsharenews.com.
Featured image adapted from Firmbee.com @ Unsplash.
The coroner said this was the first case of its kind he had encountered in…
The brand-new jet suffered a series of technical issues since its first-ever flight on 19…
The Paradise Tree Snake may have misjudged its landing and ended up on the car.
The 69-year-old was reportedly upset over his neighbour's refusal to apologise.
False claims include that GCB transactions occur without government checks on beneficial owners' identities.
The suspect casually watched as the woman became consumed by flames.