webfact Posted January 18, 2023 Share Posted January 18, 2023 Picture: Thai Rath Thai Rath reported that the founder of social action group Sai Mai Tong Rort, Ekkaphop Leuangprasert took around 20 victims of an online hacking case to meet with police at the HQ of the Cyber Crime Investigation Bureau in Muang Thong Thani yesterday. Ekkaphop said they were part of a group of 100 people who had contacted him personally to say they had lost money. He said that none of the victims had loaded any suspect apps or clicked on fake links or used wi-fi other than their own. They had not changed their chargers either. He said the blame for what happened should be faced by the Bank of Thailand, the finance ministry and banks. Picture: Thai Rath They should bear responsibility and offer compensation to the victims as well as improve the safety of online systems. Naphatsanat, 37, was one of the victims who lost 400,000 baht after getting an SMS from a shopping app about savings. She clicked on the link and had money taken from her account. She blamed the bank for not warning her about transfers in the 100,000s range when she usually only transferred 10,000 at a time. Picture: Thai Rath After being put on hold for 19 minutes it was discovered she had lost close to half a million baht. Police said the methods used in this crime had not been seen before. They promised that all victims would be interviewed and all evidence gathered in the case to catch those responsible. They advised the public to keep online banking app funds to a minimum. Keep only what you need for your usual expenditure on accounts linked to banking apps. And spread your money around in different accounts. -- © Copyright ASEAN NOW 2023-01-18 - Cigna offers a range of visa-compliant plans that meet the minimum requirement of medical treatment, including COVID-19, up to THB 3m. For more information on all expat health insurance plans click here. Monthly car subscription with first-class insurance, 24x7 assistance and more in one price - click here to find out more! Get your business in front of millions of customers who read ASEAN NOW with an interest in Thailand every month - email [email protected] for more information Link to comment Share on other sites More sharing options...
Popular Post homeseeker Posted January 18, 2023 Popular Post Share Posted January 18, 2023 Without reading or knowing the way this fraud arose.... may I know how the fraudster could get into a person's bank account without knowing or being given the account user ID/account number and password? 15 6 Link to comment Share on other sites More sharing options...
Popular Post MJCM Posted January 18, 2023 Popular Post Share Posted January 18, 2023 18 minutes ago, webfact said: He said that none of the victims had loaded any suspect apps or clicked on fake links or used wi-fi other than their own. They had not changed their chargers either. Changed their chargers? ???? 2 1 2 3 Link to comment Share on other sites More sharing options...
Popular Post jaywalker2 Posted January 18, 2023 Popular Post Share Posted January 18, 2023 One more reason to stay away from phone financial apps. 12 3 3 3 Link to comment Share on other sites More sharing options...
Popular Post stoner Posted January 18, 2023 Popular Post Share Posted January 18, 2023 14 minutes ago, homeseeker said: Without reading or knowing the way this fraud arose.... may I know how the fraudster could get into a person's bank account without knowing or being given the account user ID/account number and password? after gaining access to their smart phone the hacker would easily be able to get into pretty much all of the persons accounts. i dont have a banking app on my phone but i have tinder and thai friendly. both of which i remain signed into at all times and simply open the app to check for my loads of likes. i would imagine a large number of people stay signed into most apps on their phone and simply opening a banking app might give a hacker full access to the persons money ? 3 3 Link to comment Share on other sites More sharing options...
Popular Post MJCM Posted January 18, 2023 Popular Post Share Posted January 18, 2023 Just now, stoner said: after gaining access to their smart phone the hacker would easily be able to get into pretty much all of the persons accounts. i dont have a banking app on my phone but i have tinder and thai friendly. both of which i remain signed into at all times and simply open the app to check for my loads of likes. i would imagine a large number of people stay signed into most apps on their phone and simply opening a banking app might give a hacker full access to the persons money ? I think it has more to do with the phone used being vulnerable to attacks because of outdated OS or not up to date. 2 1 1 Link to comment Share on other sites More sharing options...
Popular Post simon43 Posted January 18, 2023 Popular Post Share Posted January 18, 2023 13 minutes ago, MJCM said: Changed their chargers? ???? Yes, the chargers were emitting 5g radiation that temporarily hypnotised them into revealing their bank details. To avoid this risk, I always charge my phone at the end of a 50 metre extension cable, in the middle of my garden... 3 1 1 18 Link to comment Share on other sites More sharing options...
Popular Post ozfarang Posted January 18, 2023 Popular Post Share Posted January 18, 2023 This is exactly where the fault lies, "He said the blame for what happened should be faced by the Bank of Thailand, the finance ministry and banks." The banking system in Thailand is archaic, with the banks taking no responsibility of funds lost to fraud, with no input from the account holder. 12 1 1 Link to comment Share on other sites More sharing options...
Popular Post Mason45 Posted January 18, 2023 Popular Post Share Posted January 18, 2023 Hi there, I've been living in Thailand for the past 22 years and I have a very strict rule where I never use my phone for any banking activity. I use my laptop with an excellent safe pay feature. By the way what was the app so others may avoid it. Cheers. 3 3 4 2 Link to comment Share on other sites More sharing options...
Popular Post TheAppletons Posted January 18, 2023 Popular Post Share Posted January 18, 2023 13 hours ago, MJCM said: Changed their chargers? ???? Probably refers to this: "The Central Investigation Bureau (CIB) is advising the public to exercise caution when charging their smartphones in public after a Thai man’s Android phone was hacked at the weekend. The CIB believe hackers have found a way of altering charging cables to steal personal information from phone users." https://thethaiger.com/hot-news/crime/android-users-urged-not-to-charge-phones-in-public-in-case-they-get-hacked 6 1 Link to comment Share on other sites More sharing options...
Popular Post ozfarang Posted January 18, 2023 Popular Post Share Posted January 18, 2023 1 minute ago, Mason45 said: Hi there, I've been living in Thailand for the past 22 years and I have a very strict rule where I never use my phone for any banking activity. I use my laptop with an excellent safe pay feature. By the way what was the app so others may avoid it. Cheers. It's pathetic, can't use a bank app for fear of fraud. What a system here in Thailand. I have an Australian bank app and been using it for years and never had a problem, no disappearing funds, no hacks and no worries 4 Link to comment Share on other sites More sharing options...
MJCM Posted January 18, 2023 Share Posted January 18, 2023 13 minutes ago, simon43 said: Yes, the chargers were emitting 5g radiation that temporarily hypnotised them into revealing their bank details. To avoid this risk, I always charge my phone at the end of a 50 metre extension cable, in the middle of my garden... 5555555 love it and love your vivid imagination ???????? Link to comment Share on other sites More sharing options...
Popular Post MJCM Posted January 18, 2023 Popular Post Share Posted January 18, 2023 5 minutes ago, TheAppletons said: Probably refers to this: "The Central Investigation Bureau (CIB) is advising the public to exercise caution when charging their smartphones in public after a Thai man’s Android phone was hacked at the weekend. The CIB believe hackers have found a way of altering charging cables to steal personal information from phone users." https://thethaiger.com/hot-news/crime/android-users-urged-not-to-charge-phones-in-public-in-case-they-get-hacked Aha thx, so that refers to USB PORTS, not the actual charger. so connecting a phone with the USB cable to a PUBLIC charging USB port could leave your phone vulnerable 4 2 2 1 Link to comment Share on other sites More sharing options...
Popular Post zoltannyc Posted January 18, 2023 Popular Post Share Posted January 18, 2023 (edited) 21 minutes ago, simon43 said: Yes, the chargers were emitting 5g radiation that temporarily hypnotised them into revealing their bank details. To avoid this risk, I always charge my phone at the end of a 50 metre extension cable, in the middle of my garden... While it sounds very funny, the real issue is that there is a method called "juice jacking" a cyberattack in which hackers use a charging port which doubles as a data connection. Essentially, hackers hijack your power supply (hence “juice” jacking) channel and use it to install malware on a victim’s device and/or steal data. This process can include installing tracking programs and mirroring their screen to see (and record) any passwords and PIN codes they enter while the device is charging. Edited January 18, 2023 by zoltannyc 2 6 Link to comment Share on other sites More sharing options...
Popular Post thaibeachlovers Posted January 18, 2023 Popular Post Share Posted January 18, 2023 46 minutes ago, homeseeker said: Without reading or knowing the way this fraud arose.... may I know how the fraudster could get into a person's bank account without knowing or being given the account user ID/account number and password? Hackers probably know more about how the systems work than the guys trying to stop them. Internet crime pays for the criminals, and very little chance of being caught. News like this confirms my choice to never buy anything on line. 2 1 1 2 Link to comment Share on other sites More sharing options...
thaibeachlovers Posted January 18, 2023 Share Posted January 18, 2023 33 minutes ago, MJCM said: I think it has more to do with the phone used being vulnerable to attacks because of outdated OS or not up to date. Ah, so your solution is for everyone to have to be tech savvy. Like that's going to happen. Every time I go to supermarket the oldie in front of me is putting their pin number into the machine without hiding it from potential muggers behind them. Link to comment Share on other sites More sharing options...
KhunBENQ Posted January 18, 2023 Share Posted January 18, 2023 (edited) Brilliant communication. No names, no useful hints except "have little money", "spread it" ???? Worse fear mongering is hardly possible. Keep it under the pillow?! I use online banking since ages even with a system before the internet banking came up via phone. And knock on wood not a single Deutschmark, Swiss Franc, Euro or Baht has ever gone for unknown reasons. Robbed by the biggest Swiss bank. Greedy speculators bailed out. Worse than money under the pillow. Edited January 18, 2023 by KhunBENQ 1 Link to comment Share on other sites More sharing options...
Popular Post 2baht Posted January 18, 2023 Popular Post Share Posted January 18, 2023 Can anyone remember the days when people robbed banks, well now................................................................! 1 3 Link to comment Share on other sites More sharing options...
Popular Post Confuscious Posted January 18, 2023 Popular Post Share Posted January 18, 2023 51 minutes ago, MJCM said: Aha thx, so that refers to USB PORTS, not the actual charger. so connecting a phone with the USB cable to a PUBLIC charging USB port could leave your phone vulnerable I am not sure about that. On Android, if you connect your phone to any other device via the C-mini (USB) port, the phone will switch into "charging" mode. On this mode, the other device has no access to the phone. In order to get access to the phone system, you need to swith the phone to "Data transfer mode". To simply access a phone data over a "Public" phone charging system means that the hacker would have access the public charger system to allow this hacker to download the data. Seems too far stretched to me. I think that the way this hacker works, is by people giving the hacker access to your phone by clicking on the link which put the phone on data transfer mode and put the caller on "Hold" while doing his/her hacking. "The phone was put on hold ....." explains everything. 2 1 Link to comment Share on other sites More sharing options...
MJCM Posted January 18, 2023 Share Posted January 18, 2023 40 minutes ago, thaibeachlovers said: Ah, so your solution is for everyone to have to be tech savvy. Like that's going to happen. Where did I say that? It's easy to blame the bank but Due Diligence by persons themselves could (maybe) have prevented this. Every webpage of almost every bank has a text warning of Don't Click on any Links etc etc, but people still click it because he "you won xxx THB" in a SMS is just to tempting. 1 Link to comment Share on other sites More sharing options...
MJCM Posted January 18, 2023 Share Posted January 18, 2023 5 minutes ago, Confuscious said: To simply access a phone data over a "Public" phone charging system means that the hacker would have access the public charger system to allow this hacker to download the data. Seems too far stretched to me. No apparently it's not https://www.fox26houston.com/news/cyber-thieves-can-hack-cell-phones-through-public-charging-stations 1 1 Link to comment Share on other sites More sharing options...
tomazbodner Posted January 18, 2023 Share Posted January 18, 2023 1 hour ago, MJCM said: Changed their chargers? ???? Google up Juice-jacking. Microchips can be hiding inside USB chargers at public locations, or inside USB cables. They act like a computer host, which triggers an auto installation of malware into the phone when connected to such cable or charger. It is therefore always advised you plug your own charger into a power socket rather than use USB socket, and to use your own charging cables. Also disable USB data mode by default and only enable them when connected to trusted computer manually. 1 Link to comment Share on other sites More sharing options...
tomazbodner Posted January 18, 2023 Share Posted January 18, 2023 23 minutes ago, Confuscious said: I am not sure about that. On Android, if you connect your phone to any other device via the C-mini (USB) port, the phone will switch into "charging" mode. On this mode, the other device has no access to the phone. In order to get access to the phone system, you need to swith the phone to "Data transfer mode". To simply access a phone data over a "Public" phone charging system means that the hacker would have access the public charger system to allow this hacker to download the data. Seems too far stretched to me. I think that the way this hacker works, is by people giving the hacker access to your phone by clicking on the link which put the phone on data transfer mode and put the caller on "Hold" while doing his/her hacking. "The phone was put on hold ....." explains everything. Usually intent is not to download data. As having data inside cable or USB charger won't be so easily accessible. Intent is to install a malware through known OS vulnerabilities to run in the background, which intercepts traffic to extract data, and send it to online repository, accessible to threat actor. Probably the simplest attack would be Man in the middle (rerouting all data to go through actor's servers to extract information) and replay attacks where actor could mimic legitimate connection to the bank that was just established, to basically be logged into the session without knowing any credentials. User could minimize possibility of this happening by requiring OTP for any account changes, or transaction of any amount to second phone - NOT the one that has bank app!, which would require both phones to be compromised (or hack an SMS gateway, which would be extremely difficult). 1 Link to comment Share on other sites More sharing options...
Popular Post robblok Posted January 18, 2023 Popular Post Share Posted January 18, 2023 2 hours ago, stoner said: after gaining access to their smart phone the hacker would easily be able to get into pretty much all of the persons accounts. i dont have a banking app on my phone but i have tinder and thai friendly. both of which i remain signed into at all times and simply open the app to check for my loads of likes. i would imagine a large number of people stay signed into most apps on their phone and simply opening a banking app might give a hacker full access to the persons money ? Maybe you should not speculate too much. Kasikorn Bangking app you have to give passwords every time even if its open for a while you will have to give a password again. So what your implying is not correct. I do wonder how just clicking on a link ends up in losing money. Been using bangking aps forever never a problem. But i dont click on sms stuff. 5 Link to comment Share on other sites More sharing options...
CharlieH Posted January 18, 2023 Share Posted January 18, 2023 Troll off topic post and responses removed. Link to comment Share on other sites More sharing options...
fdsa Posted January 18, 2023 Share Posted January 18, 2023 52 minutes ago, Confuscious said: On Android, if you connect your phone to any other device via the C-mini (USB) port, the phone will switch into "charging" mode. On this mode, the other device has no access to the phone. In order to get access to the phone system, you need to swith the phone to "Data transfer mode". some CPUs have backdoors allowing full access to the data on the phone without any confirmation from the users, Mediatek was caught for that many year ago, but later they claimed to "fix" that "vulnerability". Link to comment Share on other sites More sharing options...
fdsa Posted January 18, 2023 Share Posted January 18, 2023 6 minutes ago, robblok said: I do wonder how just clicking on a link ends up in losing money. Been using bangking aps forever never a problem. But i dont click on sms stuff. I believe there is some bullshít API like PromptPay or some other SendMoneyInstantlyWithoutAnyConfirmations which allows money transfers without any confirmations. 1 Link to comment Share on other sites More sharing options...
Liverpool Lou Posted January 18, 2023 Share Posted January 18, 2023 3 hours ago, homeseeker said: Without reading or knowing the way this fraud arose.... may I know how the fraudster could get into a person's bank account without knowing or being given the account user ID/account number and password? I don't think that it would be prudent for anyone to provide you with that information...for obvious reasons. Link to comment Share on other sites More sharing options...
Popular Post Liverpool Lou Posted January 18, 2023 Popular Post Share Posted January 18, 2023 2 hours ago, stoner said: i would imagine a large number of people stay signed into most apps on their phone and simply opening a banking app might give a hacker full access to the persons money ? Banking apps log out after a short period of inactivity, they cannot be logged-in permanently. 2 1 Link to comment Share on other sites More sharing options...
Liverpool Lou Posted January 18, 2023 Share Posted January 18, 2023 3 hours ago, MJCM said: Changed their chargers? ???? There have been many reports of the dangers of phone hacking through rogue chargers/USB cables. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now