Forum: Scammed of $100,000, but fault is not mine alone

vbhelper

High Supremacy Member
Joined
Aug 21, 2000
Messages
44,265
Reaction score
2,235
Why don’t even need OTP?

tot there are 2 type of OTP

1 is for login
The other for transaction signing
 

harbinger255

Great Supremacy Member
Joined
Sep 15, 2006
Messages
69,645
Reaction score
8,727
ah, ok. understand.

I have a personal phone I use for internet banking and an office phone for work. different numbers.

once I am able to login to the ocbc app with my "ID" and "password". (combined with One Token assigned to my phone), I was able to change my paynow mobile number without being challenged.

next I installed ocbc app on my office phone and I could activate new one token with otp sent directly to my office number, bypassing my personal phone totally.

Base on past experience with all banks, if you want to change the token, you will need to authorize it with token on your old phone too - ppl usually do this when they buy new phones. If you lost the old phone/token, then you need to go down personally to the bank to change.... and just rbr also, it should takes 1 hour for the new token to take effect before it can be used.

You saying that your experience is different?
 

Richliao

Supremacy Member
Joined
Jan 20, 2019
Messages
7,259
Reaction score
738
bit.ly/3q**** webby address don't look suspicious to her?
Ocbc sms always has bit.ly address within them, for eg when their sms tells you of a promo such as credit card spend or balance transfer, this link of bit.ly will be there.
 

eeLoyH

Supremacy Member
Joined
Nov 26, 2001
Messages
7,193
Reaction score
1,412
I think customers can decide whether they wanna continue to be customers of the bank since it was on the belief on the infra of the bank that people rely on to be safe since the SMSes did have bank name
 

moonlighter_sg

Supremacy Member
Joined
Aug 15, 2005
Messages
7,136
Reaction score
421
If scammers really have the ability to "bypass" OTP, the banks should revamp the security system. Please don't act blur and push all the blames to victims. The bank should explain the steps of the process of being scammed clearly, especially how the scammer bypasses the OTP.
 

occifer

High Supremacy Member
Joined
Mar 9, 2018
Messages
34,980
Reaction score
2,269
Like Windows ah? Need admin to confirm

Just a setting on the phone to prevent clicks would be ok.
Iirc, the ocbc sms will go into the same sms thread as other ocbc sms right.
Isnt that telco fault?
 

Sammychan

Arch-Supremacy Member
Joined
Oct 11, 2007
Messages
15,868
Reaction score
1,268
All who kanna scammed team up and bring a class-action lawsuit against OCBC. The money those lost are peanuts to OCBC. Make them makan it since it came from their sms. Got 50/50 chance. At the minimum can nego for private settlement.
 

Mystyque

Greater Supremacy Member
Joined
Jan 27, 2001
Messages
77,266
Reaction score
2,720
am Siti, a mother of seven wonderful children. A wife to a caring educator. And a victim of the recent scam targeting OCBC Bank customers.

On Dec 28 last year, at 11.47am, I received an SMS which looked very much like the other ones I have received from the OCBC SMS system, which read: "The transaction function of your OCBC account will be suspended. To prevent the account from being locked out, update it on December 28. Access bit.ly/3q****."

At that time, I was occupied with my children and did not act upon it. At 2pm, I reread the SMS and followed the instructions and clicked on the link. It brought me to an authentic-looking site with the OCBC name.

As I was anxious about the account being suspended and I had some transactions to make to my children's accounts later in the day, I did not think further, and keyed in my username and password and other relevant details and checked into my account.

A few moments later, I received a notification stating that my transfer limit had been increased to $100,000. When I noticed that, I immediately called OCBC as I had not approved this.

However, OCBC's hotline is not equipped to immediately handle scams which are in progress.

I had to navigate an automated system for a long time before reaching a person.


By this wasted time, I had already received multiple notifications stating that monies were transferred out of my savings accounts and six of my children's savings accounts.

In just a few minutes, almost $100,000 was gone.

We have since made a police report but we have been told that even though accounts are insured by up to $50,000, we are unlikely to have any of our funds returned to us as it was my mistake for clicking on the link.

How can the blame be pinned entirely on me when OCBC's scam prevention measures are poorly equipped to urgently deal with a case as it is happening?

Siti Raudhah Mohd Ali


eh she received notification limit increased never try to login ibanking to switch it back down while waiting for hotline?
 

pantss

Senior Member
Joined
Apr 2, 2008
Messages
1,993
Reaction score
636
Just a setting on the phone to prevent clicks would be ok.
Iirc, the ocbc sms will go into the same sms thread as other ocbc sms right.
Isnt that telco fault?
The sms thread is neither OCBC nor telco fault lei. Is your phone OS. Is it time to sue android or apple?

Ancient phones where got threaded sms system?
 

eterna2

Arch-Supremacy Member
Joined
Aug 16, 2007
Messages
18,480
Reaction score
290
Ocbc sms always has bit.ly address within them, for eg when their sms tells you of a promo such as credit card spend or balance transfer, this link of bit.ly will be there.
I was scrolling thru my sms history. I cannot find any sms with link wor.

All my sms are either otp or notification of payment/setting changes.

What sort content are these sms with links? Promo?
 

Z_Dash

Master Member
Joined
Jan 29, 2001
Messages
4,352
Reaction score
6
Ownself tio scammed, yet want to argue it’s bank fault
The bank poor response and congested hotline makes it impossible to recover.

If the hotline was able to connect fast enough she might had been able to intervene.

I'm not too sure now if it was OCBC hotline response time was one poor hygiene factor.
 

Singapore金枪不倒

Senior Member
Joined
Oct 3, 2021
Messages
739
Reaction score
533
Speaking from my past banking experience:

1) If you set up dedicated urgent hotline for scam cases, a lot of people will spam the call for every big small thing and flood the contact center. In the end you still need to be put on hold which is no different from calling normal hotline. The banks also incurred extra costs for setting up this so in terms of cost-benefit they won't do it. Even if they wayang, it will just be a small team handling the large volume.

2) Like what some people are saying here, many times is the victim fault and they like to turn around and blame the bank for everything. I won't be surprised if actually some of the victims got key in OTP and gave away the information themselves, then tio daiji liao say they "never do anything at all" and everything just tio scammed. Seen a few cases like that last time already lah...they ownself stupid then want to try their luck to recoup their losses at expense of the bank.

3) While under investigation, the bank really cannot reveal anything lah because is a police case. If anything, should go rush the police also. Tbh, can understand their kan jiong feeling since it is their life savings but you really think got chance can trace back the money meh...in the heart the victims just want to vent and hope the bank will pay them their losses but blaming them.

4) If you stop all the online transfer/paynow/electronic stuff, clients will kpkb say EH, why so inconvenient to do a small thing, your bank damn lousy, other bank transfer money so simple blah blah blah. Then if tio scammed, will kpkb say EH, why your bank security so weak, why my money never get targeted in other banks but only this account tio target, must be your fault you cbk... Sometimes dealing with consumer banking really jin paitan.
 

makann

High Supremacy Member
Joined
Mar 22, 2013
Messages
41,017
Reaction score
1,859
Ocbc sms always has bit.ly address within them, for eg when their sms tells you of a promo such as credit card spend or balance transfer, this link of bit.ly will be there.
i see... not a ocbc customer...
anyway, me never received any sms from my banks other than notifying me how much i have spent with my cards...
heng ah
 

Nakshatra

Senior Member
Joined
Apr 21, 2015
Messages
1,014
Reaction score
46
Base on past experience with all banks, if you want to change the token, you will need to authorize it with token on your old phone too - ppl usually do this when they buy new phones. If you lost the old phone/token, then you need to go down personally to the bank to change.... and just rbr also, it should takes 1 hour for the new token to take effect before it can be used.

You saying that your experience is different?
I used my personal phone (with soft token activated) to change my paynow number to my office phone number. SMS rcvd to confirmed change.

I installed ocbc app on my office phone and it immediately asked me to activate soft token. SMS otp was sent to my office number while only a confirmation SMS was sent to my personal number.

if we eliminate all other possibilities, once scammer has your "login ID" and "password" they must have a way to bypass/spoof the soft token.
 
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ. Forum members and moderators are responsible for their own posts.

Please refer to our Terms of Service for more information.
Top