Jump to content

Banks blamed as dozens lose millions after clicking link on online shopping app and getting hacked

webfact

By webfact
in Thailand News

 Share

Recommended Posts

OneMoreFarang Star Member

OneMoreFarang

Posted
Posted
3 hours ago, stoner said:

after gaining access to their smart phone the hacker would easily be able to get into pretty much all of the persons accounts. 

 

i dont have a banking app on my phone but i have tinder and thai friendly. both of which i remain signed into at all times and simply open the app to check for my loads of likes. 

 

i would imagine a large number of people stay signed into most apps on their phone and simply opening a banking app might give a hacker full access to the persons money ? 

I don't know about tinder, but with my banking apps I have to confirm with my fingerprint if I want to transfer any money. And after not using the app for a few minutes I am automatically locked out and if I want to transfer money I have to login again.

I find it hard to believe that they (seem to) claim that the transfers happened just by clicking on a SMS.

 

And about what really happened: I am sure the banks have detailed log files who logged in at that time and when they confirmed transactions, etc. There are detailed records, just follow the evidence. 

 

  • Like 1
  • Replies 110
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

simon43
simon43

Yes, the chargers were emitting 5g radiation that temporarily hypnotised them into revealing their bank details.  To avoid this risk, I always charge my phone at the end of a 50 metre extension cable,

homeseeker
homeseeker

Without reading or knowing the way this fraud arose.... may I know how the fraudster could get into a person's bank account without knowing or being given the account user ID/account number and passwo

jaywalker2
jaywalker2

One more reason to stay away from phone financial apps.

Posted Images

ezzra Star Member

ezzra

Posted
Posted

This scamming losses become to be out of control where people all over the world are losing billions to scammers and the banks are not any wiser, frankly the banks will do well to employ those scammers instead of those clueless pencil pushers who allow this to happen...

jacko45k Star Member

jacko45k

Posted
Posted
3 hours ago, homeseeker said:

Without reading or knowing the way this fraud arose.... may I know how the fraudster could get into a person's bank account without knowing or being given the account user ID/account number and password?

Sadly lacking in details and does little to allay fear.... I got an impression one could click a  SMS received link on your phone and 100,000s of baht can come out of your account....

  • Thumbs Up 1
  • Popular Post
rwill Platinum Member

rwill

Posted
  • Popular Post
Posted
4 hours ago, webfact said:

He said that none of the victims had loaded any suspect apps or clicked on fake links or used wi-fi other than their own. They had not changed their chargers either.

 

4 hours ago, webfact said:

Naphatsanat, 37, was one of the victims who lost 400,000 baht after getting an SMS from a shopping app about savings.

 

She clicked on the link and had money taken from her account.

Contradicting themselves here.

  • Like 3
  • Thumbs Up 1
phetphet Ruby Member

phetphet

Posted
Posted
3 hours ago, Mason45 said:

Hi there, I've been living in Thailand for the past 22 years and I have a very strict rule where I never use my phone for any banking activity. I use my laptop with an excellent

safe pay feature. By the way what was the app so others may avoid it. Cheers.

Thailand's defamation laws probably prevent anyone from naming the app or apps concerned, for fear of legal action against them.

 

And not a passbook insight or we might have been able to guess which bank.

  • Popular Post
Jackbenimble Silver Member

Jackbenimble

Posted
  • Popular Post
Posted

The operators behind the banks here are little better than 2nd hand car salesmen - the Lawyers are no different either. Banks shouldn't just wash their hands of things like this either - they need to find out how it happened so that they can ideally prevent it from happening again. If they cant assure their customers money is secure they shouldn't be surprised if everyone withdraws their money - then they'll be sorry. Bit late by then though.

  • Like 1
  • Thumbs Up 2
4MyEgo Diamond Member

4MyEgo

Posted
Posted
4 hours ago, stoner said:

after gaining access to their smart phone the hacker would easily be able to get into pretty much all of the persons accounts. 

I have a banking app which is accessed by my finger print, could they access my account without my finger print ?

  • Like 1
smedly Star Member

smedly

Posted
Posted
3 hours ago, zoltannyc said:

While it sounds very funny, the real issue is that there is a method called "juice jacking"  a cyberattack in which hackers use  a charging port which doubles as a data connection. Essentially, hackers hijack your power supply (hence “juice” jacking) channel and use it to install malware on a victim’s device and/or steal data. This process can include installing tracking programs and mirroring their screen to see (and record) any passwords and PIN codes they enter while the device is charging. 

 

only possible if you use their USB outlet/connection

  • Thumbs Up 1
topt Ruby Member

topt

Posted
Posted

Finally.

My gf has been worrying about this since Saturday or Sunday night when it was reported on Amarin 24 news (about the guy in the Thaiger article linked to earlier)  but I had been unable to find any links.

Surprised it took Asean now so long to pick it up......

Jonathan Swift Gold Member

Jonathan Swift

Posted
Posted
50 minutes ago, jacko45k said:

Sadly lacking in details and does little to allay fear.... I got an impression one could click a  SMS received link on your phone and 100,000s of baht can come out of your account....

Which is why you never click an unknown SMS message. Those links often lead to malware

Jonathan Swift Gold Member

Jonathan Swift

Posted
Posted
1 hour ago, SuperSilverHaze said:

Except when the account was opened with a fake, stolen or paid for ID. The account drained and the criminal long gone.

more often than not a trail can be found with a bit of diligence, even when stolen IDs are used. 

Jonathan Swift Gold Member

Jonathan Swift

Posted
Posted
4 hours ago, jaywalker2 said:

One more reason to stay away from phone financial apps.

Phone banking apps are generally safe and useful for basic things. I have been using them ever since they came out without any problems, going on 10 years. That includes a monthly transfer from Kbank mobile app of 50,000 baht to my US bank. I'm also careful and never open unknown SMS or email links. There was nothing in this story that would point the finger of blame to the bank mobile apps. This appears to be hacked phones used to access bank accounts online, or to access previously used merchant transactions, which would not necessarily involve the mobile app. If user names and passwords are obtained for the account itself the account could be accessed directly through the bank without the mobile app, and that is where the bank's liability comes in, when their security does not catch the attempted fraud. If malware was installed because someone opened a malware link in an SMS code then that's where the trail begins. But this article is sadly lacking in details. 

  • Like 1
fdsa Gold Member

fdsa

Posted
Posted
1 hour ago, SuperSilverHaze said:

My solution

 

No banking apps on the phone.

 

Four accounts, one ATM card

 

 

unfortunately the banks make it impossible, for example I recently had to install my very first banking app because Krung Thai Bank discontinued their online banking.

At least all other banks still support the online banking.

  • Like 1
fdsa Gold Member

fdsa

Posted
Posted
1 hour ago, ezzra said:

This scamming losses become to be out of control where people all over the world are losing billions to scammers and the banks are not any wiser, frankly the banks will do well to employ those scammers instead of those clueless pencil pushers who allow this to happen...

ahahah, the real world experience is when a hacker reports some vulnerability to some company, the company files a lawsuit against the hacker instead of rewarding and/or hiring that hacker.

  • Like 1
fdsa Gold Member

fdsa

Posted
Posted
49 minutes ago, 4MyEgo said:

I have a banking app which is accessed by my finger print, could they access my account without my finger print ?

it depends.

Given the average programmer is well below the average, I suspect the answer is "yes"

  • Thanks 1
jaywalker2 Gold Member

jaywalker2

Posted
Posted

Most people store their passwords and user ID's on their phones, which makes them vulnerable to hackers.  However, financial and other institutions seem determined to make us more and more dependent on our phones whether we like it or not. I don't think security is the only reason either -- when they have access to your phone, they have access to practially your whole life.

fdsa Gold Member

fdsa

Posted
Posted
13 minutes ago, jaywalker2 said:

Most people store their passwords and user ID's on their phones, which makes them vulnerable to hackers.  However, financial and other institutions seem determined to make us more and more dependent on our phones whether we like it or not. I don't think security is the only reason either -- when they have access to your phone, they have access to practially your whole life.

exactly. And "they" are not some random hackers but the financial and other institutions themselves.

for example, Krung Thai bank shares your personal data (if you carelessly click "yes" and "I accept" on all prompts) with insurance companies such as AXA, and their banking app wants to know your location, guess why. I believe if you pay for some medicines or hospital treatment with the banking app, and/or if you get spotted in a pharmacy or hospital, you will get surprised with your insurance premium on the next year renewal.

  • Haha 1
jacko45k Star Member

jacko45k

Posted
Posted
42 minutes ago, Jonathan Swift said:

Which is why you never click an unknown SMS message. Those links often lead to malware

Well i get them... but as they are in Thai, they simply get deleted.

hotchilli Legendary Member

hotchilli

Posted
Posted
5 hours ago, jaywalker2 said:

One more reason to stay away from phone financial apps.

I don't use any online banking apps... simple as that.

A pain sometimes but 100% safe.

  • Thumbs Up 1
kingstonkid Ruby Member

kingstonkid

Posted
Posted
5 hours ago, stoner said:

after gaining access to their smart phone the hacker would easily be able to get into pretty much all of the persons accounts. 

 

i dont have a banking app on my phone but i have tinder and thai friendly. both of which i remain signed into at all times and simply open the app to check for my loads of likes. 

 

i would imagine a large number of people stay signed into most apps on their phone and simply opening a banking app might give a hacker full access to the persons money ? 

Sure also that many save their password so that they don't have to keep enternng it

JackGats Gold Member

JackGats

Posted
Posted
1 hour ago, 4MyEgo said:

I have a banking app which is accessed by my finger print, could they access my account without my finger print ?

I think the finger print system is Samsung's, not the bank's. It is called Samsung pass. The app is as safe (or no more safe than) your smartphone when it is logged off. 

  • Thanks 1
Foghorn Silver Member

Foghorn

Posted
Posted
6 hours ago, homeseeker said:

Without reading or knowing the way this fraud arose.... may I know how the fraudster could get into a person's bank account without knowing or being given the account user ID/account number and password?

If the poster told you how and what app they may be prosecuted by the the criminals for theft of intellectual property and defamation,  this is thailand 

  • Like 1
jacko45k Star Member

jacko45k

Posted
Posted
13 minutes ago, kingstonkid said:

Sure also that many save their password so that they don't have to keep enternng it

Pretty sure most of the banking apps do not permit an autofill by Google or whatever.... in my case it is my fingerprint that gets me in. Now maybe some people keep a little text file somewhere with passwords in.... I often get that impression when I see Thais at ATMs''' that they are looking up their PIN on their phone.

  • Haha 1
jacko45k Star Member

jacko45k

Posted
Posted
2 minutes ago, JustThisOnePostOnly said:

Simple solution if you must charge using 3rd party charger: bring your own cable and make sure it isn't data-enabled.

Hard to know what you get these days... what with new phones not including a charger. I was disappointed  a cable I had could not be used for data between my phone and laptop.... 

The thought that a public charger station may have some tiny malicious device in a cable or connector is quite frightening... fortunately it seems I only ever need to charge my phone at home....

jaywalker2 Gold Member

jaywalker2

Posted
Posted
5 hours ago, ozfarang said:

It's pathetic, can't use a bank app for fear of fraud. What a system here in Thailand.

 

I have an Australian bank app and been using it for years and never had a problem, no disappearing funds, no hacks and no worries

It's the same in the United States particularly with Venmo apparently which has been mired in controversy.

  • Popular Post
jacko45k Star Member

jacko45k

Posted
  • Popular Post
Posted
2 hours ago, Jackbenimble said:

The operators behind the banks here are little better than 2nd hand car salesmen - the Lawyers are no different either. Banks shouldn't just wash their hands of things like this either - they need to find out how it happened so that they can ideally prevent it from happening again. If they cant assure their customers money is secure they shouldn't be surprised if everyone withdraws their money - then they'll be sorry. Bit late by then though.

Hmm.. I wonder how the people who got scammed by the Kasikorn bank employee who was taking money on Buakhao and pretending it went into high interest accounts (with passbook). That must be a year ago now and I wonder if ever victims got refunds?

  • Like 1
  • Thumbs Up 2

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.



ASEANNOW

ASEANNOW (formerly Thai Visa) Thailand's oldest and most popular forum for expats and foreigners.

Sign up today and have your say

MORE INFO

POPULAR AREAS

CONTACT US

219/59 Asoke Towers, 15th Floor, Soi Sukhumvit 21, Watthana, Bangkok 10110
(+66) 99 196 1100
[email protected]

×
×
  • Create New...