Jump to content

Banks blamed as dozens lose millions after clicking link on online shopping app and getting hacked


webfact

Recommended Posts

3 hours ago, stoner said:

after gaining access to their smart phone the hacker would easily be able to get into pretty much all of the persons accounts. 

 

i dont have a banking app on my phone but i have tinder and thai friendly. both of which i remain signed into at all times and simply open the app to check for my loads of likes. 

 

i would imagine a large number of people stay signed into most apps on their phone and simply opening a banking app might give a hacker full access to the persons money ? 

I don't know about tinder, but with my banking apps I have to confirm with my fingerprint if I want to transfer any money. And after not using the app for a few minutes I am automatically locked out and if I want to transfer money I have to login again.

I find it hard to believe that they (seem to) claim that the transfers happened just by clicking on a SMS.

 

And about what really happened: I am sure the banks have detailed log files who logged in at that time and when they confirmed transactions, etc. There are detailed records, just follow the evidence. 

 

  • Like 1
Link to comment
Share on other sites

This scamming losses become to be out of control where people all over the world are losing billions to scammers and the banks are not any wiser, frankly the banks will do well to employ those scammers instead of those clueless pencil pushers who allow this to happen...

Link to comment
Share on other sites

3 hours ago, homeseeker said:

Without reading or knowing the way this fraud arose.... may I know how the fraudster could get into a person's bank account without knowing or being given the account user ID/account number and password?

Sadly lacking in details and does little to allay fear.... I got an impression one could click a  SMS received link on your phone and 100,000s of baht can come out of your account....

  • Thumbs Up 1
Link to comment
Share on other sites

3 hours ago, Mason45 said:

Hi there, I've been living in Thailand for the past 22 years and I have a very strict rule where I never use my phone for any banking activity. I use my laptop with an excellent

safe pay feature. By the way what was the app so others may avoid it. Cheers.

Thailand's defamation laws probably prevent anyone from naming the app or apps concerned, for fear of legal action against them.

 

And not a passbook insight or we might have been able to guess which bank.

Edited by phetphet
Link to comment
Share on other sites

4 hours ago, stoner said:

after gaining access to their smart phone the hacker would easily be able to get into pretty much all of the persons accounts. 

I have a banking app which is accessed by my finger print, could they access my account without my finger print ?

  • Like 1
Link to comment
Share on other sites

3 hours ago, zoltannyc said:

While it sounds very funny, the real issue is that there is a method called "juice jacking"  a cyberattack in which hackers use  a charging port which doubles as a data connection. Essentially, hackers hijack your power supply (hence “juice” jacking) channel and use it to install malware on a victim’s device and/or steal data. This process can include installing tracking programs and mirroring their screen to see (and record) any passwords and PIN codes they enter while the device is charging. 

 

only possible if you use their USB outlet/connection

  • Thumbs Up 1
Link to comment
Share on other sites

Finally.

My gf has been worrying about this since Saturday or Sunday night when it was reported on Amarin 24 news (about the guy in the Thaiger article linked to earlier)  but I had been unable to find any links.

Surprised it took Asean now so long to pick it up......

Link to comment
Share on other sites

50 minutes ago, jacko45k said:

Sadly lacking in details and does little to allay fear.... I got an impression one could click a  SMS received link on your phone and 100,000s of baht can come out of your account....

Which is why you never click an unknown SMS message. Those links often lead to malware

Link to comment
Share on other sites

4 hours ago, jaywalker2 said:

One more reason to stay away from phone financial apps.

Phone banking apps are generally safe and useful for basic things. I have been using them ever since they came out without any problems, going on 10 years. That includes a monthly transfer from Kbank mobile app of 50,000 baht to my US bank. I'm also careful and never open unknown SMS or email links. There was nothing in this story that would point the finger of blame to the bank mobile apps. This appears to be hacked phones used to access bank accounts online, or to access previously used merchant transactions, which would not necessarily involve the mobile app. If user names and passwords are obtained for the account itself the account could be accessed directly through the bank without the mobile app, and that is where the bank's liability comes in, when their security does not catch the attempted fraud. If malware was installed because someone opened a malware link in an SMS code then that's where the trail begins. But this article is sadly lacking in details. 

  • Like 1
Link to comment
Share on other sites

1 hour ago, SuperSilverHaze said:

My solution

 

No banking apps on the phone.

 

Four accounts, one ATM card

 

 

unfortunately the banks make it impossible, for example I recently had to install my very first banking app because Krung Thai Bank discontinued their online banking.

At least all other banks still support the online banking.

  • Like 1
Link to comment
Share on other sites

1 hour ago, ezzra said:

This scamming losses become to be out of control where people all over the world are losing billions to scammers and the banks are not any wiser, frankly the banks will do well to employ those scammers instead of those clueless pencil pushers who allow this to happen...

ahahah, the real world experience is when a hacker reports some vulnerability to some company, the company files a lawsuit against the hacker instead of rewarding and/or hiring that hacker.

  • Like 1
Link to comment
Share on other sites

49 minutes ago, 4MyEgo said:

I have a banking app which is accessed by my finger print, could they access my account without my finger print ?

it depends.

Given the average programmer is well below the average, I suspect the answer is "yes"

  • Thanks 1
Link to comment
Share on other sites

Most people store their passwords and user ID's on their phones, which makes them vulnerable to hackers.  However, financial and other institutions seem determined to make us more and more dependent on our phones whether we like it or not. I don't think security is the only reason either -- when they have access to your phone, they have access to practially your whole life.

Link to comment
Share on other sites

13 minutes ago, jaywalker2 said:

Most people store their passwords and user ID's on their phones, which makes them vulnerable to hackers.  However, financial and other institutions seem determined to make us more and more dependent on our phones whether we like it or not. I don't think security is the only reason either -- when they have access to your phone, they have access to practially your whole life.

exactly. And "they" are not some random hackers but the financial and other institutions themselves.

for example, Krung Thai bank shares your personal data (if you carelessly click "yes" and "I accept" on all prompts) with insurance companies such as AXA, and their banking app wants to know your location, guess why. I believe if you pay for some medicines or hospital treatment with the banking app, and/or if you get spotted in a pharmacy or hospital, you will get surprised with your insurance premium on the next year renewal.

Edited by fdsa
  • Haha 1
Link to comment
Share on other sites

5 hours ago, stoner said:

after gaining access to their smart phone the hacker would easily be able to get into pretty much all of the persons accounts. 

 

i dont have a banking app on my phone but i have tinder and thai friendly. both of which i remain signed into at all times and simply open the app to check for my loads of likes. 

 

i would imagine a large number of people stay signed into most apps on their phone and simply opening a banking app might give a hacker full access to the persons money ? 

Sure also that many save their password so that they don't have to keep enternng it

Link to comment
Share on other sites

1 hour ago, 4MyEgo said:

I have a banking app which is accessed by my finger print, could they access my account without my finger print ?

I think the finger print system is Samsung's, not the bank's. It is called Samsung pass. The app is as safe (or no more safe than) your smartphone when it is logged off. 

  • Thanks 1
Link to comment
Share on other sites

6 hours ago, homeseeker said:

Without reading or knowing the way this fraud arose.... may I know how the fraudster could get into a person's bank account without knowing or being given the account user ID/account number and password?

If the poster told you how and what app they may be prosecuted by the the criminals for theft of intellectual property and defamation,  this is thailand 

  • Like 1
Link to comment
Share on other sites

13 minutes ago, kingstonkid said:

Sure also that many save their password so that they don't have to keep enternng it

Pretty sure most of the banking apps do not permit an autofill by Google or whatever.... in my case it is my fingerprint that gets me in. Now maybe some people keep a little text file somewhere with passwords in.... I often get that impression when I see Thais at ATMs''' that they are looking up their PIN on their phone.

  • Haha 1
Link to comment
Share on other sites

2 minutes ago, JustThisOnePostOnly said:

Simple solution if you must charge using 3rd party charger: bring your own cable and make sure it isn't data-enabled.

Hard to know what you get these days... what with new phones not including a charger. I was disappointed  a cable I had could not be used for data between my phone and laptop.... 

The thought that a public charger station may have some tiny malicious device in a cable or connector is quite frightening... fortunately it seems I only ever need to charge my phone at home....

Link to comment
Share on other sites

5 hours ago, ozfarang said:

It's pathetic, can't use a bank app for fear of fraud. What a system here in Thailand.

 

I have an Australian bank app and been using it for years and never had a problem, no disappearing funds, no hacks and no worries

It's the same in the United States particularly with Venmo apparently which has been mired in controversy.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.




×
×
  • Create New...