Banks blamed as dozens lose millions after clicking link on online shopping app and getting hacked

[jaywalker2]

The solution offered by the police is to spread your money over several bank accounts and only keep in the online account as much as you need to transact business. Never mind how difficult it is to open even one account.

[prakhonchai nick]

2 hours ago, topt said:

Finally.

My gf has been worrying about this since Saturday or Sunday night when it was reported on Amarin 24 news (about the guy in the Thaiger article linked to earlier)  but I had been unable to find any links.

Surprised it took Asean now so long to pick it up......

Amarin News!  Aah.  Now I understand why my wife has been repetitively talking about bank scams the last few days.

[Gknrd]

I quit using the app. Was charged double for a purchase. First time I tried the app said it was not able to process the purchase, try again later.. So I waited a while and tried again. Bam, double charged.. 

Got on line and the guy tole me to alway check my balance and my transactions , never just try again... 55555

[OneMoreFarang]

3 hours ago, SuperSilverHaze said:

3 hours ago, OneMoreFarang said:

just follow the evidence. 

Except when the account was opened with a fake, stolen or paid for ID. The account drained and the criminal long gone.

The bank from the customer which transferred the money should have log files when the customer logged in, if i.e. it was checked how much money is in the account, details about the money transfer (i.e. manual input, QR code) and such information.

And if the bank(s) compare all those log files from the different cases then they should see a pattern about what happened and if this was fraud and if the customer just confirmed anything or there was nothing to confirm, etc. 

[Sharp]

7 hours ago, jaywalker2 said:

One more reason to stay away from phone financial apps.

Agreed, Unfortunately cashless society is the direction we are going for full control over our funds by banks and Government and with that a greater chance of things like this happening 

[geisha]

I have 2 separate accounts, one I use for petrol,stations, small stuff. I don’t buy online ( very rarely) but if I did I’d make sure there was a minimum of credit on the second account , which is also a different bank. Top up when I need, easy. And I never use telephone banking ! 

[edwinchester]

5 hours ago, robblok said:

Maybe you should not speculate too much. Kasikorn Bangking app you have to give passwords every time even if its open for a while you will have to give a password again.

So what your implying is not correct.

 

I do wonder how just clicking on a link ends up in losing money. Been using bangking aps forever never a problem. But i dont click on sms stuff.

Kasikorn banking app seems very secure to me. I set transaction limits to zero after each purchase/transfer as an extra precaution.

[geisha]

1 hour ago, OneMoreFarang said:

The bank from the customer which transferred the money should have log files when the customer logged in, if i.e. it was checked how much money is in the account, details about the money transfer (i.e. manual input, QR code) and such information.

And if the bank(s) compare all those log files from the different cases then they should see a pattern about what happened and if this was fraud and if the customer just confirmed anything or there was nothing to confirm, etc. 

Yes, my card was used in America, I was in France. The transaction was refused luckily.  This card I only use for airlines / good hotels, and due to Covid I hadn’t used it for ages. The bank found out exactly where it was used and the date etc. They get the info from  card company I think. How the scammers got the info couldn’t be explained . 

[Yorkshire Tea]

1 hour ago, edwinchester said:

Kasikorn banking app seems very secure to me. I set transaction limits to zero after each purchase/transfer as an extra precaution.

Wouldn't the hackers be able to change those settings if they'd hacked your account?

[Hammerite]

Isn't it about time Internet providers stopped this at source? 

I'm sure if they had, to the vast majority of these scam emails could be stopped. Governments internationally however are seemingly afraid to take on these large companies.

[anthobkk]

11 hours ago, webfact said:

He said that none of the victims had loaded any suspect apps or clicked on fake links or used wi-fi other than their own. They had not changed their chargers either.

And then the article says: ????

11 hours ago, webfact said:

She clicked on the link and had money taken from her account.

 

[JimmyJ]

8 hours ago, Liverpool Lou said:

There have been many reports of the dangers of phone hacking through rogue chargers/USB cables.

Correct.

 

About 3 or 4 years ago I bought 2 USB devices to plug into public charging stations (at airports).

The data pins are removed, so they can only charge.

 

I still carry them daily

Edited January 18, 2023 by JimmyJ

[it is what it is]

 

They had not changed their chargers either

 

what are they talking about?!

[still kicking]

11 hours ago, ozfarang said:

It's pathetic, can't use a bank app for fear of fraud. What a system here in Thailand.

 

I have an Australian bank app and been using it for years and never had a problem, no disappearing funds, no hacks and no worries

Then how can they hack in to medibank and access 10 million details and yes, I lost a few hundred dollars some years ago, but the bank refunded me all 

[realfunster]

12 hours ago, webfact said:

She clicked on the link and had money taken from her account. She blamed the bank for not warning her about transfers in the 100,000s range when she usually only transferred 10,000 at a time.

I don't know about her but my banking app and CC app inform me of virtually every transaction, sometimes to my annoyance even.

Maybe she should check her notification settings...

 

I guess more details will come out but I have the gut feeling these people have messed up and put themselves at risk and are now trying to blame others so they can recoup their losses.

 

At our company, we do periodic test fake emails and the hit rate for opening and replying with sensitive information is worryingly high....certainly high enough to encourage these scammers to keep trying with these approaches. 

[JayLeno]

In October '21, I have been charged with fraudulent charges amongst thousands of others. Until today, SCB, hasn't been able to give me an explanation... There were several articles about it and the responsibility of the Bank of Thailand.

 

And yes, I always take precautions when using apps, cables, public WiFi, etc...

[Confuscious]

11 hours ago, tomazbodner said:

Usually intent is not to download data. As having data inside cable or USB charger won't be so easily accessible. Intent is to install a malware through known OS vulnerabilities to run in the background, which intercepts traffic to extract data, and send it to online repository, accessible to threat actor.

 

Probably the simplest attack would be Man in the middle (rerouting all data to go through actor's servers to extract information) and replay attacks where actor could mimic legitimate connection to the bank that was just established, to basically be logged into the session without knowing any credentials.

 

User could minimize possibility of this happening by requiring OTP for any account changes, or transaction of any amount to second phone - NOT the one that has bank app!, which would require both phones to be compromised (or hack an SMS gateway, which would be extremely difficult).

I use OTP for all my accounts (even not banking related) and ever since I use OTP I receive from time to time messages that somebody tried to access my account.
But was unsuccesful.
Also, logging in from my phone is done with "Authenticator".
No password is typed.

[spidermike007]

Is is never a good idea to buy from a source that is unknown to you, online. I keep running into these airline ticket discounts from vendors I am totally unfamiliar with. Just not worth risking your credit cards of bank account. 

 

Survival and well being these days requires great care. There are more and more scum out there, who would rather steal someone else's money, than be righteous, and make a honest living. 

Edited January 18, 2023 by spidermike007

[Damrongsak]

17 hours ago, zoltannyc said:

While it sounds very funny, the real issue is that there is a method called "juice jacking"  a cyberattack in which hackers use  a charging port which doubles as a data connection. Essentially, hackers hijack your power supply (hence “juice” jacking) channel and use it to install malware on a victim’s device and/or steal data. This process can include installing tracking programs and mirroring their screen to see (and record) any passwords and PIN codes they enter while the device is charging. 

 

Just the other day  my son mentioned having a "charging condom" adapter which merely connects the charging power pins and not the data lines.  (His buddy is a network/telecom guru who is one of the internet domain key holders, or at least a crypto officer.)

 

Personally I won't charge in a public place.  You never know where those electrons have been. 

[Scott]

Off-topic posts reported and removed.

 

[HuskerDo2]

Imaging if these incredibly intelligent and creative criminals would channel their energies towards things that would make the world a better place. Just not these criminals but all criminals. The world would be such a better place. Pipe dreaming. Too many people out there that are to lazy to work and would rather use their time stealing from hard working folks.

 

As far as the Thai banking system...... it's lacking an awful lot just like the RTP and govt officials that can't seem to make common sense decisions.  

[HuskerDo2]

7 hours ago, it is what it is said:

 

They had not changed their chargers either

 

what are they talking about?!

Check out Tomazbodners post on page 1.......

 

"Google up Juice-jacking. Microchips can be hiding inside USB chargers at public locations, or inside USB cables. They act like a computer host, which triggers an auto installation of malware into the phone when connected to such cable or charger."

 

[steven100]

 

https://www.yahoo.com/news/iphone-owners-urged-check-settings-214338660.html

 

[LS24]

22 hours ago, ozfarang said:

It's pathetic, can't use a bank app for fear of fraud. What a system here in Thailand.

 

I have an Australian bank app and been using it for years and never had a problem, no disappearing funds, no hacks and no worries

Just because you personally have not had an issue with an Australian bank app does not mean that fraud is less likely.

 

As usual, a translated news clipping lacking any pertinent facts is being used to make more statements that also lack any facts.

 

A thread of hearsay and blaming of Thailand as if it is unique in suffering such issues.

[LS24]

Here is a news link from an Australian news site showing a theft that occurred due to an Australian bank's contact number was apparently intercepted.

https://www.news.com.au/finance/couple-fuming-after-scammer-intercepts-westpac-phone-and-steals-100k-life-savings/news-story/e717bae6b8a2587525dd64e05ce5e698

 

Fraud involving bank accounts is a worldwide issue. People need to be vigilant with any unsolicited emails, phone calls, texts and chats.

 

[NativeBob]

Looks like a made-up story.Bunch of wannabe-rich thais bet on something (or "invest"), lost their money and play dumb. Pretending they were "hacked". Seen that <deleted> many times. And that cyber-crime division is just a bunch of kids with inflated egos and salaries (relatives FYI).

Microchip in charger? Sure-sure )

Click-a-link and loose money? Sure 3 times ) 

[Pedrogaz]

Wouldn't a picture of the online shopping app be a good idea so people could recognise it and avoid it?????

[Negita43]

I have said for a long time that the idea of OTPs (one time passwords) and banking apps are not secure because most people want convenience not security so they put everything including passwords on their mobile phones - hack the phone and the criminal has all he or she needs. Two DEVICE security is more secure where the app is on one device and the passwords are on another. For convenience I have 1 banking app on my phone with never more than £200 in the account. The rest of my online banking uses two devices - a notebook for accessing the account and where they insist, a mobile phone for receiving the OTP.

Some banks (and even the UK HMRC) will send OTPs to a landline number but not all - for me that is far more secure BUT in IT nothing is certain!

[Liverpool Lou]

6 hours ago, HuskerDo2 said:

As far as the Thai banking system...... it's lacking an awful lot...

Compared to which other banking systems and in which aspects, specifically, is it lacking?

[pkspeaker]

On 1/18/2023 at 9:49 AM, ozfarang said:

It's pathetic, can't use a bank app for fear of fraud. What a system here in Thailand.

 

I have an Australian bank app and been using it for years and never had a problem, no disappearing funds, no hacks and no worries

yea but people in the uk & aus. have been hit with this type of fraud as well, online banking here is as (in)secure as any online banking, it's not secure.