$500,000 Stolen From 75 Bank Customers in Fraudulent Transactions Due To OTP SMSes Diversion

If there’s one thing that no one can predict, besides when COVID-19 will end, it’s the new tactics scammers and hackers have up their sleeves.

From the good old kidnapping scam to more advanced scams where your whole personal life gets exposed once you click on a link, their skills know no bounds in extorting your money.

Now, they can even do so without you lifting a single finger or knowing at all.

“Malicious Actors” Overseas Stole $500,000 From Singaporean Victims

On 15 Sep, the Infocomm Media Development Authority (IMDA), Monetary Authority of Singapore (MAS) and Singapore Police Force (SPF) announced that there’s been a new wave of fraudulent transactions here.

Such scammers, described as “malicious actors”, managed to bypass banking security systems to steal over $500,000 from 75 affected bank customers in Singapore.

Although it’s usually only possible for a credit card transaction to go through after keying in a One-Time Password (OTP) that banks will message to you, these malicious actors actually found a way to steal those.

The Method

They gained unauthorised access to the servers of overseas telecommunications operators so they could divert people’s incoming SMSes to themselves.

They could also modify the location data of affected mobile phones in Singapore.

After obtaining victims’ credit card information from other sources first, these malicious actors then used the system to divert the bank’s OTP SMSes to themselves instead of having them ever arrive in the victims’ inboxes.

FYI, that’s not an easy thing to do at all, for it requires “highly sophisticated expertise” in order to compromise those systems, the authorities said.

According to the victims, none of them initiated any transactions and never received any OTP messages from their banks.

So you may not even know that someone’s attempting to take your money, for you wouldn’t even have seen the message in the first place.

Thankfully, for those who had taken care to protect their credentials, banks will provide a “goodwill waiver” to them.

Bank Systems Are Still Secure 

This may be a cause of concern for some that such malicious actors are easily able to bypass banking security systems.

However, after investigations went underway, the authorities said that bank systems were found to be secure and uncompromised, and were not the cause of this incident.

Instead, it was the overseas telecommunication systems that had been breached.

Affected overseas telecommunication companies have already been identified and informed of the incident, and investigation is still ongoing to find the culprits.

The IMDA will also be working with the Cyber Security Agency of Singapore (CSA) to ensure operators boost their security with specialised firewalls and safeguards, although local telecommunication networks remain secure.

Stay Careful

It’s of utmost importance to remain wary about giving out your credit card information, even if you didn’t mean to.

Malicious actors and hackers need such information in order to steal your money.

Authorities urged the public to stay vigilant against malware and phishing, for such incidents can compromise your credit card information.

It’s also best never to reveal your card details, especially including your PIN numbers and passwords, to anyone, for you never know what will happen.

Even something as advanced as 2FA systems can be overcome, as illustrated here.

Since it’s also the age of e-commerce and some of us even have Shopee packages arriving every day, one must also stay extremely careful about purchasing items online.

Only purchase online from reliable sources and refrain from downloading unofficial applications or clicking on suspicious-looking links.

If you notice any suspicious activity in your bank transaction history, you may also contact the bank immediately to detect threats earlier.

Read Also:

Feature Image: Rawpixel.com/ Shutterstock.com