The OTPs may have been intercepted by malware on victims' phones, or were diverted to overseas telcos that had been hacked, say cybersecurity experts.

[munimal]

I just go to uob to ask for token replacement…they say no more physical token

 

[Vegitto]

Why when i use OCBC to transfer money, no OTP has been requested, just need to authorize over ocbc mobile app?

Were those user mistakes?

If transfer money to a payee that you already have, the first time login to the app using fingerprint/otp will suffice and do not need 2nd otp.

 

[LoUsyGamER]

If phone died suddenly, its a bit troublesome to 'replace' your google authenticator on a new phone as you cannot access to the old one
And not every app/place accept google authenticator as otp

Ya. That is the problem with this authenticator.

But no choice, all other methods are not working as they intended.

 

[Dokwon]

Use authy .

 

[BoosterJab]

If transfer money to a payee that you already have, the first time login to the app using fingerprint/otp will suffice and do not need 2nd otp.

Never use any OTP even for money transfer, do not unferstand why people keep mentioning about OTP.

 

[Vegitto]

Never use any OTP even for money transfer, do not unferstand why people keep mentioning about OTP.

You use fingerprint login for your bank app already right? The first time you setup fingerprint login, need to use the otp for verification/authentication, and from then on, fingerprint verification will replace otp for most verification purposes even for fund transfer.
One of the few exceptions is adding new payee.

Also my friend last dec recieved a scam sms about new payee being added and need login via the link provided in the sms to verify, and she showed me the sms and I told my friend its a scam and never click on the link. But she did and said it looks exactly like ocbc ibanking login page(which I presume will ask for otp during the login process). I asked if she got add any payee at all or not recently, she said she never did. Then told her its scam and delete the sms.

 

[Level42]

Sorry, not a IT guy, the short form tech terms i don’t understand…

It’s not IT. It’s Telco. The diagrams are drawn by overseas experts. You get summary from me, which comes with disclaimer as I’m NOT from Telco. All the acronyms can Google pre/post fix with SS7.

HLR would be Singapore Telco in this case. The loophole in the telco SS7 protocol is, when the location update of a mobile phone is sent to the Telco, it blindly believes and updates the database without checking. It also unlinks the previously known location. Hence the scammers can fake the mobile number location and the receives all the SMS.

 

[Level42]

Scamners already downloaded the hp number during the NRIC hp leaked by our

Thanks. I did learn in EDMW that OCBC used IC and/or credit card number for login before. Now I see. Some people may not have changed the ID.

Likewise, better to change SingPass ID ASAP, for those who haven’t done so.

 

[BoosterJab]

You use fingerprint login for your bank app already right? The first time you setup fingerprint login, need to use the otp for verification/authentication, and from then on, fingerprint verification will replace otp for most verification purposes even for fund transfer.
One of the few exceptions is adding new payee.

Also my friend last dec recieved a scam sms about new payee being added and need login via the link provided in the sms to verify, and she showed me the sms and I told my friend its a scam and never click on the link. But she did and said it looks exactly like ocbc ibanking login page(which I presume will ask for otp during the login process). I asked if she got add any payee at all or not recently, she said she never did. Then told her its scam and delete the sms.

No finger print as my phone is not locked, but never tested adding new payee.