OCBC Saga

Discuss about the latest news & interesting topics, real life experience or other out of topic discussions with locals & expatriates in Singapore.
Post Reply
User avatar
abbby
Manager
Manager
Posts: 1649
Joined: Thu, 21 Jul 2005 3:00 am
Answers: 2
Location: Tiny Island

OCBC Saga

Post by abbby » Tue, 18 Jan 2022 1:07 pm

Not OCBC's fault but they have certainly been too lax on answering calls, calls take 20 minutes or so to reach the staff, they don't have dedicated numbers to fraud complaints. And their system never flagged any irregularities and large numbers of transactions in such a short time?

Its because they're a bank, I think they could have a responsibility to better secure the payment gateways and their customers money.. :cry:
The secret of life is honesty and fair dealing. If you can fake that, you've got it made. - Groucho Marx (1890-1977)

smoulder
Reporter
Reporter
Posts: 757
Joined: Fri, 25 Dec 2015 11:05 pm

Re: OCBC Saga

Post by smoulder » Tue, 18 Jan 2022 2:04 pm

So in the present day, banks are "required" to have robust systems and methods in place to detect fraudulent transactions.

https://www.google.com/url?sa=t&source= ... Tg6YK2VZAR


As a bank, it would be treading dangerous ground when you start washing your hands off such incidents.
14.3 Fraud Monitoring
14.3.1 The FI should implement real-time fraud monitoring systems to identify and
block suspicious or fraudulent online transactions.
42
14.3.2 A process should be established to investigate suspicious transactions or
payments and to ensure issues are adequately and promptly addressed.
14.3.3 The FI should notify customers of suspicious activities or funds transfers above a
threshold that is defined by the FI or customers. The notification should contain
meaningful information such as type of transaction and payment amount, as well as
instructions to report suspicious activities or unauthorised transactions.

Pal
Site Admin
Site Admin
Posts: 1419
Joined: Wed, 23 Jul 2003 2:44 am
Location: Singapore
Contact:

Re: OCBC Saga

Post by Pal » Tue, 18 Jan 2022 9:24 pm

Phishing is common nowadays.

I think consumers should be more careful on clicking on links. Always verify the website domain name before clicking or keying in any sensitive information.

When the url does not shows OCBC.com, it is more likely a phishing site. The gov can do much more in educating the public about this.
Singapore Expats

Home | Classifieds | Condo | Forum | Property
Image

User avatar
abbby
Manager
Manager
Posts: 1649
Joined: Thu, 21 Jul 2005 3:00 am
Answers: 2
Location: Tiny Island

Re: OCBC Saga

Post by abbby » Wed, 19 Jan 2022 9:21 am

Yes and also people are encouraged to use Fingerprint access to log in their phones ..that would be safer.
The secret of life is honesty and fair dealing. If you can fake that, you've got it made. - Groucho Marx (1890-1977)

User avatar
PNGMK
Moderator
Moderator
Posts: 8504
Joined: Thu, 21 Mar 2013 9:06 pm
Location: Sinkapore

Re: OCBC Saga

Post by PNGMK » Wed, 19 Jan 2022 10:07 am

None of this would have happened if the SMS SenderID hadn't allowed the fraudulent SMS to be "grouped" together with legitimate SMS's from a bank. That is a government regulators fault. Full stop.

Now I agree "don't click links" but OCBC has sent legitimate links about their business before.

I agree that you should check the URL and make sure it is the right one but some URL's are damn difficult to verify and DNS entries (that is how the URL is converted) are not 100% secure either and not all institutions keep their security certificates for HTTPS updated.

This is a classic cyber security event. Someone has found a vulnerability (SenderID) and socially engineered a message that has gotten through people's psychological defenses and the institution (the bank) has been far too slow and lax in dealing with what was clearly a staged attack - they really should have shut down all systems when they knew that they had a mass fraud event ongoing.
I not lawyer/teacher/CPA.
You've been arrested? Law Society of Singapore can provide referrals.
You want an International School job? School website or http://www.ISS.edu
Your rugrat needs a School? Avoid for profit schools
You need Tax advice? Ask a CPA
You ran away without doing NS? Shame on you!

Lisafuller
Manager
Manager
Posts: 2710
Joined: Sat, 07 Nov 2020 11:45 pm
Answers: 2

Re: OCBC Saga

Post by Lisafuller » Fri, 21 Jan 2022 1:13 am

Pal wrote:
Tue, 18 Jan 2022 9:24 pm
Phishing is common nowadays.

I think consumers should be more careful on clicking on links. Always verify the website domain name before clicking or keying in any sensitive information.

When the url does not shows OCBC.com, it is more likely a phishing site. The gov can do much more in educating the public about this.
I believe the issue is that most Singaporeans aren’t able to distinguish a scam message from a legitimate one. Moreover, scammers are getting better and better nowadays, what used to be clearly fraudulent texts riddled with grammatical and spelling errors are now quite convincing.

Lisafuller
Manager
Manager
Posts: 2710
Joined: Sat, 07 Nov 2020 11:45 pm
Answers: 2

Re: OCBC Saga

Post by Lisafuller » Fri, 21 Jan 2022 1:15 am

PNGMK wrote:
Wed, 19 Jan 2022 10:07 am
None of this would have happened if the SMS SenderID hadn't allowed the fraudulent SMS to be "grouped" together with legitimate SMS's from a bank. That is a government regulators fault. Full stop.

Now I agree "don't click links" but OCBC has sent legitimate links about their business before.

I agree that you should check the URL and make sure it is the right one but some URL's are damn difficult to verify and DNS entries (that is how the URL is converted) are not 100% secure either and not all institutions keep their security certificates for HTTPS updated.

This is a classic cyber security event. Someone has found a vulnerability (SenderID) and socially engineered a message that has gotten through people's psychological defenses and the institution (the bank) has been far too slow and lax in dealing with what was clearly a staged attack - they really should have shut down all systems when they knew that they had a mass fraud event ongoing.
As of today it was announced that banks are phasing out text notifications, to be entirely obsolete by next month in order to prevent such incidents from happening again. Seems like a good initiative, but a little too late since so much theft and destruction has already taken place. At the very least, it will help ensure future incidents are prevented from taking place.

smoulder
Reporter
Reporter
Posts: 757
Joined: Fri, 25 Dec 2015 11:05 pm

Re: OCBC Saga

Post by smoulder » Fri, 21 Jan 2022 2:49 am

So there is a lot more to financial fraud than phishing through SMS. This is just the tip of the iceberg.

There's a whole market segment comprising of sophisticated software, some with machine learning capabilities, that can detect the various techniques employed by fraudsters.

If the focus is purely on protecting against one technique, then that is going to prove woefully inadequate.

Some banks are using some of these softwares, but in the end, it also depends on how well you can use it. Imagine the analogy of a highly trained commando with a firearm vs a typical every day civilian. Guess who's more effective.

therat
Reporter
Reporter
Posts: 856
Joined: Thu, 04 Sep 2008 2:23 pm

Re: OCBC Saga

Post by therat » Fri, 21 Jan 2022 10:16 am

due to present situation, Bank/company/government is pushing for ebanking, paylah, all kind of wallet.
They only educate ppl to use but didn't educate ppl how to spot the scam/phishing.

tiktok
Chatter
Chatter
Posts: 394
Joined: Mon, 21 Jan 2019 5:04 pm

Re: OCBC Saga

Post by tiktok » Fri, 21 Jan 2022 11:11 am

The government will be banning clickable links in all bank messaging. Unfortunately this doesn't solve the root issue of people being vulnerable.
I not troll/wacko/spammer.
Me no expat. Me foreigner.

smoulder
Reporter
Reporter
Posts: 757
Joined: Fri, 25 Dec 2015 11:05 pm

Re: OCBC Saga

Post by smoulder » Fri, 21 Jan 2022 1:25 pm

tiktok wrote:
Fri, 21 Jan 2022 11:11 am
The government will be banning clickable links in all bank messaging. Unfortunately this doesn't solve the root issue of people being vulnerable.
It doesn't. What solves it is for banks to invest in systems and processes that address a whole range of fraudulent transactions. Which is what MAS have mandated to do. That's the TRM pdf I referenced above.

tiktok
Chatter
Chatter
Posts: 394
Joined: Mon, 21 Jan 2019 5:04 pm

Re: OCBC Saga

Post by tiktok » Fri, 21 Jan 2022 2:33 pm

Luckily I know what MAS and PDF is, but sorry no clue what TRM stands for.
I not troll/wacko/spammer.
Me no expat. Me foreigner.

smoulder
Reporter
Reporter
Posts: 757
Joined: Fri, 25 Dec 2015 11:05 pm

Re: OCBC Saga

Post by smoulder » Fri, 21 Jan 2022 3:23 pm

Technology Risk management

Lisafuller
Manager
Manager
Posts: 2710
Joined: Sat, 07 Nov 2020 11:45 pm
Answers: 2

Re: OCBC Saga

Post by Lisafuller » Fri, 21 Jan 2022 11:41 pm

smoulder wrote:
Fri, 21 Jan 2022 2:49 am
So there is a lot more to financial fraud than phishing through SMS. This is just the tip of the iceberg.

There's a whole market segment comprising of sophisticated software, some with machine learning capabilities, that can detect the various techniques employed by fraudsters.

If the focus is purely on protecting against one technique, then that is going to prove woefully inadequate.

Some banks are using some of these softwares, but in the end, it also depends on how well you can use it. Imagine the analogy of a highly trained commando with a firearm vs a typical every day civilian. Guess who's more effective.
I see… clearly the scamming is not as rudimentary as it used to be, so the preventive measures can’t be either. If anything I’m surprised that these huge banks aren’t using their resources to do more about it.

Lisafuller
Manager
Manager
Posts: 2710
Joined: Sat, 07 Nov 2020 11:45 pm
Answers: 2

Re: OCBC Saga

Post by Lisafuller » Fri, 21 Jan 2022 11:44 pm

therat wrote:
Fri, 21 Jan 2022 10:16 am
due to present situation, Bank/company/government is pushing for ebanking, paylah, all kind of wallet.
They only educate ppl to use but didn't educate ppl how to spot the scam/phishing.
Exactly, although if you think about it, how is the government supposed to educate the public? It’s a great idea in theory, but much harder to execute.

Post Reply
  • Similar Topics
    Replies
    Views
    Last post

Return to “General Discussions”

Who is online

Users browsing this forum: No registered users and 46 guests