Restaurant Owner Loses Nearly 200,000 Baht to M-Flow Payment Scam

[Georgealbert]

 

File picture for reference only.

 

A restaurant owner in Samut Prakan has fallen victim to an online payment scam, losing nearly 200,000 baht, after clicking on a fraudulent M-Flow payment link. The victim, Mr Boonrod Watthanawisankul, 60, is now warning others to be extremely cautious when making online financial transactions.

 

Mr Boonrod, the owner of Rabieng Talay Restaurant in Bang Pu, shared his story after realising he had been scammed. He had received an SMS claiming to be from M-Flow, Thailand’s electronic toll payment system, stating that he had an outstanding fee of 30 baht.

 

As his partner had recently driven through an M-Flow toll without immediate payment, he assumed the message was legitimate. Without suspicion, he clicked the link, which directed him to a website that closely resembled the official M-Flow portal.

 

After entering his vehicle registration details, he was shown a payment amount of 36 baht and proceeded to pay online using his credit card.

 

Upon confirming the payment, an OTP (one-time password) verification code was sent to his phone, which he entered as usual. Moments later, he received a notification stating that 4,836 Swiss francs (191,654 baht) had been deducted from his account.

 

Realising something was wrong, he immediately contacted his bank, who confirmed that he had fallen victim to a scam.

 

Shortly after, he received another message stating that his previous transaction had failed and that he needed to re-enter the OTP. This time, the amount shown was 51 million Lao Kip (around 8,000 baht).

 

Fortunately, having already realised the scam, he did not proceed with the second transaction.

 

Mr Boonrod has since reported the fraud to his bank, which is reviewing the case under its dispute resolution policies. He remains hopeful of getting his money back, as he had previously been scammed out of 20,000 baht through a similar scheme and was eventually refunded.

 

“I just want to warn everyone: scammers are everywhere, and they come in all forms,” he said. “Always be extremely cautious when making online payments. Never click on links from unknown sources, and always verify directly with the official website before proceeding with any transaction.”

 

With an increase in online fraud cases, Thai authorities are urging the public to be cautious, especially regarding unsolicited payment requests via SMS and email. Officials recommend verifying any suspicious messages directly with the relevant organisations and never sharing personal financial information on unfamiliar websites.

 

-- 2025-03-28

 

[flyingtlger]

7 minutes ago, Georgealbert said:

Realising something was wrong, he immediately contacted his bank, who confirmed that he had fallen victim to a scam.

 

[bdenner]

It's a little annoying but now my Australian Credit Card provider (via it's app) sends me a message if the transaction is in any way suspect or out of the ordinary. A simple "Is this you?" Has protected me/the bank twice now although on one occasion I was required to get a new card. A simple process.

[gargamon]

21 minutes ago, Georgealbert said:

He remains hopeful of getting his money back, as he had previously been scammed out of 20,000 baht through a similar scheme and was eventually refunded.

Fool me once, shame on you.

Fool me twice, shame on me.

[blackcab]

Nice restaurant with decent parking. I paticularly like the sea bass.

[Woke to Sounds]

This is without doubt the Mark of the Beast in action.

 

Would never flow without cash paper money changing hands.

 

PREPARE

[arick]

Why would an OTP work on a fraudulent website

[blackcab]

2 hours ago, arick said:

Why would an OTP work on a fraudulent website

 

Because the fraudulent website is a copy of a legitimate website and the fraudulent website has its own payment system/webshop.

 

The fraudulent website asked the victim for 30 baht but asked the cardholder’s bank for much more. The cardholder’s bank sent the OTP to confirm the higher scam amount.

 

The victim entered that OTP into the scam website, which then initiated the funds transfer.

[black tabby12345]

 warning others to be extremely cautious when making online financial transactions.

 

Online payment settlement always comes with the risk of scams (to both buyers and sellers).

Ordinary people can do very little to prevent it.

The best way is stick to cash payment where possible.

[radiochaser]

Off topic of Thailand scams. 

This stuff happens in the United States too.   I have received 2 scam emails for the EZPASS system I customer of.  My website email company put them into my scam folder.  Checking on the return email address I saw they were not from EZPASS. 

[arick]

19 hours ago, blackcab said:

 

Because the fraudulent website is a copy of a legitimate website and the fraudulent website has its own payment system/webshop.

 

The fraudulent website asked the victim for 30 baht but asked the cardholder’s bank for much more. The cardholder’s bank sent the OTP to confirm the higher scam amount.

 

The victim entered that OTP into the scam website, which then initiated the funds transfer.

Then the banks responsible

[arick]

Don't be stupid The banks know every f****** thing that happens on your phone trust me. They even know what apps are installed on your phone

[arick]

And if you think this is bad the DVLA in the UK siphoned 50,000 lb out of my account over a period of 3 months

[BangkokReady]

23 hours ago, arick said:

50,000 lb

 

50,000 pounds of what?

[BangkokReady]

On 3/28/2025 at 4:19 PM, blackcab said:

Because the fraudulent website is a copy of a legitimate website and the fraudulent website has its own payment system/webshop.

 

The fraudulent website asked the victim for 30 baht but asked the cardholder’s bank for much more. The cardholder’s bank sent the OTP to confirm the higher scam amount.

 

The victim entered that OTP into the scam website, which then initiated the funds transfer.

 

Does the website do it automatically, or is there some guy with the bank website open asking for the OTP that the bank website requests?

[BangkokReady]

On 3/28/2025 at 5:18 AM, Georgealbert said:

Mr Boonrod has since reported the fraud to his bank, which is reviewing the case under its dispute resolution policies. He remains hopeful of getting his money back, as he had previously been scammed out of 20,000 baht through a similar scheme and was eventually refunded.

 

He really learnt his lesson...  🙄

[blackcab]

On 3/29/2025 at 11:55 AM, arick said:

Then the banks responsible

 

Why would the bank be responsible?

 

The bank sent an OTP at the request of a merchant. When you receive the OTP it states the amount the request is for. If you don't read the OTP properly and authorise a fraudulent amount, that's negligent on your part.

 

The same principle as signing a cheque at work that was prepared with an incorrect amount. You can't blame the bank for honouring it if you signed it.

[blackcab]

2 hours ago, BangkokReady said:

Does the website do it automatically, or is there some guy with the bank website open asking for the OTP that the bank website requests?

 

It can do it automatically. The key is to always check the amount being asked for on the OTP you are sent. If you want to pay 30 baht and the OTP says anything else then do not enter the OTP. You are clearly being scammed.

[KannikaP]

On 3/29/2025 at 11:56 AM, arick said:

And if you think this is bad the DVLA in the UK siphoned 50,000 lb out of my account over a period of 3 months

That's over 22 tons!

[KannikaP]

On 3/29/2025 at 11:56 AM, arick said:

And if you think this is bad the DVLA in the UK siphoned 50,000 lb out of my account over a period of 3 months

How, and what for?

[billd766]

I have had 9 requests this month, each with an SMS OTP from Linked In to change my password. I have NEVER asked to change my password, nor do I live in Venezuela where the email request came from. All the OTP requests ended up deleted and in my spam file.

[arick]

1 hour ago, KannikaP said:

How, and what for?

Ask NatWest 

[arick]

2 hours ago, BangkokReady said:

 

50,000 pounds of what?

Yes £50,000 from my NatWest account 

[KannikaP]

11 minutes ago, arick said:

Ask NatWest 

Did you? IIn my experience it is not possible for a UK Bank to pay out that amount of money without asking the account holder.

[arick]

Not correct.  Why are you questioning me when I've gone through first-hand experience with it.