LOST $100,000 IN THE OCBC PHISHING SCAM | What You Need To Know To Prevent Losing All Your Money!
ฝัง
- เผยแพร่เมื่อ 16 พ.ค. 2024
- URGENT: 469 people fell victim to the recent phishing scam and lost in total $8.5m!
This relates to recent news on ocbc bank customers who received phishing sms and gave away their bank account user and password.
Today you'd hear findings and recommendations.
0:00 Introduction of this recent series of complaints by OCBC bank customers
0:30 Young couple who lost $120,000
They took 5years to build up this savings.
Is it time to reconsider how much we keep in bank accounts?
1:04 Mother of seven lost $100,000
She assessed a shortened link that sent her to a phishing website.
Findings from captain sinkie research into the hack.
2:37 OCBC scam victim couple
Lost all their life savings to 5 overseas transactions
3:17 OTP and 2FA issues
Can sms be hacked? OTP can be diverted away.
4:36 Illustrating scam or impersonating websites
Using DECENTRALAND.
Four advertisements impersonating the original decentraland.org
6:28 Reading URLs
8:18 Petition to "Stop SMS Phishing Scams in Singapore By Requiring Pre-Registration for SMS senderId"
www.change.org/p/imda-stop-sm...
9:13 Bonus point
Article by captain sinkie: captain-sinkie.com
#ocbcscam #phishingscam #ocbcsmsscam
*******
🔥 JOIN our MEMBERS channel TODAY
► / @joshconsultancy
TIER #3 "LETS MAKE A DIFFERENCE " and TIER #2 "PRIVATE INVESTMENT VIDEO"
Will UNLOCK ALL VIDEOS especially those with VALUE/Momentum matrix on certain stocks!
TIER #1 Support our channel tier will unlock ONLY the cryptocurrency videos
All proceeds will be donated away via JOSH TAN BURSARY for needy students or towards promoting financial literacy.
*******
✅ Why you do NOT need to spend thousands on investment courses?
LEARN HOW to research into stocks and identify multi-baggers (at least in Josh Tan's way). Course price at $29 to cover ongoing cost.
Follow this link - jtinvestacademy.thinkific.com...
All sales will be donated away via JOSH TAN BURSARY for needy students
*******
► Get your free stock from Moomoo: www.moomoo.com/en-sg/act/welc...
► NEW The Josh Tan Show: / @joshtanlive
By Spotify - open.spotify.com/show/7Hdw7jm...
- FASTEST WAY TO GET RICH
- NOT ENOUGH INCOME TO HAVE CHILDREN?
- HOME PRICES GETTING CRAZY? WILL YOU SUPPORT PROPERTY COOLING MEASURES?
► For REIT Investing and passive income discussions, JOIN Telegram group "PASSIVE INCOME 2.1k" here - t.me/pi21k
► Looking For A Career With Us www.theastuteparent.com/conta...
✅ ENGAGE Josh Tan on a fee for financial planning to build towards for your retirement!
► www.theastuteparent.com/josh-tan
*******
We do not make any recommendations on whether a security is a buy/sell as every investor has different investment goals and risk profiles. The presentation of ideas from Josh Tan and TheAstuteParent are strictly for education purposes. You are advised to perform independent research yourself or seek a qualified financial adviser. We will not be liable for any losses directly or indirectly from the material. Some of the referral links in the video summary are products and services personally used by Josh Tan and they may pay an affiliate commission or referral bonus.
It is not an endorsement of the product unless explicitly stated and we will not be liable for any losses. The content in this video and any promotions mentioned is accurate as of the posting date.
*******
About Josh Tan:
Josh holds a degree in Accounting from NTU. In 2016, he co-founded the financial education website TheAstuteParent to provide detailed insurance plan analysis and financial planning tips.
As a ChFC Charterholder, Josh has agreed to be bounded by the ChFC®/S Code of Ethics. This includes, among others, acting in a professional manner when it comes to conducting due diligence on primary and secondary sources of investment-related data, and articulating his investment opinions based on his research and beliefs. Based on his research and analysis, he highlighted his beliefs and opinions, and illustrated the concept of time value of money, as of the time of the video.
Learn more on financial planning and insurance concepts, visit
► theastuteparent.com
✅ ENGAGE Josh Tan on a fee for financial planning to build towards for your retirement!
► www.theastuteparent.com/josh-tan
Thank you Josh, for your invaluable sharing!
Thank you for making this video and create awareness to everyone on phishing links.
Kudos man for sharing. Keep up the solid work.
Thank you Josh. Very helpful.
Great vid for awareness. Not sure if you know, Kevin (fellow Singaporean) also did a vid from a programmer's perspective on how these scammers do their thing.
Havent seen it yet but im sure it has valuable insights to protect ourselves better
@@joshconsultancy th-cam.com/video/G-KzvcSd6Yk/w-d-xo.html
Excellent sharing! Thanks Josh
Thank you for the sharing !
Welcome! Share the message...
I think banks should let us specify our fund transfers shall be limited to local transfers only i.e. oversea transfers are permanently disabled or better still, the function is made not available at all.
We can always identify the transferee (or the scammer) in a local transfer. Occasional oversea fund transfers could be done by the old fashion filling up a form and paying the banker a fee for a wire-transfer.
Another alternative is for the banks to provide non-online bank account to keep our larger sum of money away out of reach; and then provide us another bank account to keep a limited sum on free flow online.
I like your suggestion about some amount of money kept in asset forms such as bonds so that it is out of reach of scammers.
Very good points raised Victor
Wow that is insane! The decentraland ads are just... sick...
Click on them to waste their ad budget LOL. Cya around Gerald
Your videos are all very useful and I learned a lot from them.
Thank you for the high praise WK
Google, fb even steam have advance security features, like trusted device, oversealogin alert, proper 2fa that works.
I think local banks have been very complacent and did not keep up with latest trends in security. So it's the bank fault for not protecting customers savings. Is there a simple option of disable oversea transfer?
Disable overseas transfer is a good idea
Josh, i hope thur ur channel ppl is clearer and have better understanding phishing not speculate which entity or bank is good or bad.
OCBC has a responsibility. It has been reported that as customers suspected the scams and tried calling the OCBC hotline...it was almost unreachable ...and eventually when the callers got thru, the person on the hotline was reportedly unsympathetic.
Callers suspecting scams should be able to reach OCBC staff immediately and not made to listen to all the time-wasting options and then made to hold. In these urgent cases, time is of the essence.
yup id agree
What to do even employees of bank also get charges?
Thanks for sharing
Keep up yr invaluable advice
Thanks Woo Fei
How did scammers get the telephone numbers in the first place?
Sms from banks can be diverted, that's scary.
Ocbc bank is a victim too.
Data breaches are where your numbers are leaked to.
scammers just need to spam 1million numbers and get 1% of them correct.
When anybody got your no why entertain their request
Obviously it’s a “insider’s” problem , I’m not saying the scammers are from the bank but what I meant here was , the customer’s personal data or information was leak out by their own people or someone have access to it .
Hi Josh, some of us hold a trading platform On IOCBC. What will happen if the trading platform is affected. Will there be a trading account freeze? How do we navigate around this
The trading platform is a separate entity in my understanding. In any case depends on whether iOCBC custodian or CDP, custodian assets cannot be siphoned away like this cash lost example. Bottom line is assets are less liquid and hard to transfer. Hope it answers =)
On a side note, what comes as unsurprising & has been confirmed through this whole saga is that many people are sitting on huge sum of money in the bank. They choose not to invest, divest or whatever. Maybe they just want to see the huge amount in their bank accounts to feel secured.
I would agree. Hopefully more realise its better to move into ASSETS. FIXED dep or SSB or CPF at least
@@joshconsultancy so you need to produce more videos on investment starting from 2022. I have $500k in my bank now and wants to do something abt it. 😂😂😂
Yes...to feel secure!
Excellent video. I guess the devil is in the details. A single letter difference in the URL can mean a totally different webpage.
I like what you mentioned why ppl have so much cash in their bank accounts
I always disagree with the replacement of physical tokens with soft tokens. I feel insecure with everything installed on my mobile phone. The hacker can easily take control of our soft token once he has our login credentials. I am still using the hard tokens, except for DBS which there is no option given.
Its digitalization push. Hard tokens are less convenient and can get lost/spoilt
Same here. I still prefer the physical tokens even though the banks are trying to phase out.
Banks love fraud, they can write off more money than actually lost. No? Take credit/debit cards as proof, printing the cvv on it is stupid. Nets req pin.
@@joshconsultancy guess has to balance between security vs convenience….. there is no perfect solution, personally I rather deal with inconvenience… maybe bank should give options 🙂
@@AW-tc4hy LOL
Hi Josh, my colleagues was advised by AIA agent to convert his whole life policy to an annunity. How does this work? Also it is worth doing so?
In my understanding only some older generation WL plans can convert.
Newer wholelife plans some have a feature of allowing guaranteed amounts to be drawn out.
But its plan specific, not all plans have the benefit. Hope it helps and smash the like & subs =)
If I received this kind of SMS on suspension of my account or card, first thing I would do, call the bank first to find out why & at the same time, log into my account to check if the account is in order.
If any SMS telling me good offer of any amount, so long as the organization is in SF, call them to find out.
When calling, never use the number provided in the message, get the official number, it's at the back of your ATM or Credit Card, can't be wrong!
Agree. Just park essential cash for daily needs. Invest the rest. Won’t get cashed out so quickly
Why can't the banks who created the apps have an emergency Abort transaction button on the banking app. Or reverse transaction or cancel transaction button on the apps. Why is it only one way ? This is the question I hope the banks can answer to all online banking users.
Are we not allowed to have a ABORT transaction button we can activate without waiting for a call through to a customer service worker that we have to press, press, hold , select , wait, wait , hold ,hold, .
Where is our Abort button.
best is to educate ourselves on how to safeguard against phishing, hence this sharing^
Hope Q4 dividend payout next mth not affected. Hope clients don't click on the hyperlink on the sms . Just ignore it . At most , bank will call if a/c got issue. $8.5M can buy many OCBC shares, leh.
Think thats CEO pay only. Anyway brand v important. Cannot afford a bank run. Thats worse to shareholders
When you lose public confidence, all depositors will withdraw. OCBC didn't contest $8.5m because they fear $8.5b withdrawal. Smart move for now 😌
Does it make a difference where is the OCBC? Singapore or Hong Kong or somewhere else.
Think doesnt. Can actually be any bank. Log-in phishing risk exist hence this tutorial
The weakness link is always the people. The best protection is to educate ourselves and exercise vigilance.
Yes. Share with someone who should hear this message
If MAS forced OCBC to compensate ALL the losses, then why should ppl be wary and careful? Get scammed lo, I can get back my money anyway :) Then ppl will not bother anymore since they know they can get their money back.
@@davidtan9101 MAS got force OCBC? I thought it’s OCBC doing it out of good will and they never disclose how much.
Brightyization So do u think Ocbc will pay in full or just goodwill amount as the victims can’t disclose the compensation?
@@angiesx13 honestly I cannot tell because we have no idea how much is the goodwill amount. Goodwill amount may or may not equal to the full amount.
Now after we listen to this, we don’t think we are safe from scammers! Because they also listen to this and evolve to get even smarter to go a few steps ahead!! 😞
They will always evolve faster than we can. Its like vaccine vs virus
Great content.
Thank you for the high praise
Negligence rather than carelessness...
Just wonder $8.5m end of the day how the scammer draw out the money from which country and bank?
we'd never know these bad guys
But assets , depending on volatility and other factors, can be just as risky. You can lose your principal as well.
Put to SSB or annuity plans at least? A lot of ways to approach it
I don't click any link in SMS or email, always type in the web address or use the saved link in my bookmark.
the phishing is redirected from the mobile. not desktop log-in. Hence I illustrated how impersonating sites work in the example of this video
Good, next time anyone got scammed can ask for compensate of full sum. MAS just set the rule already. They better compensate if not unfair to potential victims next time.
still assessing based on case by case.
I never liked ocbc ... closed account a few years ago and never looked back.
Deploy into different places. Adopt a distributed architecture.
Fully agree
Terrible OCBC 500 customers bank account becomes zero, out going no control measures like above certain amt as pending in hold mode until confirm clearance from a/c holder this was done in the past why not now, also strict measures if incoming fund as KYC check as source of fund and all transaction address can be traced why no action taken for other bsnks snd scammers. Apparently, bank staff are all sleeping on the job.
maybe its transferred to overseas accounts and not within our laws. Scamming syndicates are sophisticated
Hyflux bond and shareholders must be very angry now :)
that is an investment gone wrong. different
@@joshconsultancy yes I know but bond is sort of savings too. So the bank that misrepresented hyflux bond to the bondholders never compensate them. The feeling of unfairness will be there :) Both set of ppl can be considered got scammed :) This OCBC is due to the carelessness of the victims so the hyflux will ask why OCBC compensate the victims for their carelessness while Hyflux bondholders did nothing wrong, in fact they listened to the bank's advice and bought the bond. Sort of unfair ... Why OCBC reward the 400+ ppl for their carelessness?
choose DBS or UOB and don't choose the lousy Ohsee ! Ohsee in cantonese mean pang sai BC Ohsee pun busy....
Oops I’ve most in oc
Josh Tan - TheAstuteParent Can I ask why luckily some of us who have Ocbc accounts didn’t get the fake sms?
if we bring back hard token, would it mitigate this kind of phising smses?
yes imo but its not inline with digitalization push
All victims must group together n made a police report n hold the persons /banks responsible for transferring the money to known or unknown accounts.
scammers are likely international and beyond out laws
Such heartless scammers! Like in the movie : Final Destination >>> Nobody can runaway from The Universal Laws of Karma! 🕯
Time for telcos to review their security seriously to stop all these spams call/SMS from the source
Yes! sign the petition!
did OCBC say they will pay for all losses of all customers?
investigating the losses, 30 paid out thus far according to reports
@@joshconsultancyhope all those affected will be made good.
wow..
Probably needs to buy heavy duty safe and put at home. Safer, after all the deposit bank rates so low.
Have it in assets. Fixed dep or ssb. No need too much sitting around
This is to share with everyone a story about my son Wong trying to open an OCBC savings account in 2012. He was rejected by the Bedok branch staff, saying his name is similar to a Taiwanese criminal. This is despite the fact he had an account with them when he was a kid. My son was so humiliated that he swore off OCBC products even since. You offend people for life = OCBC. Bad, insulting and sometimes NO service.
sorry to hear that... take care
OCBC - Only Can Borrow Coins haven't you heard this before? 😆
Digital banking/currency is risky! Ban SMS or spoofed SMS at least.
Go to the petition in the summary
@@joshconsultancy Signed!
Internet is too vulnerable. At this juncture, may be the govt should slow down on encouraging internet transaction a bit. Presently, most scammed are the younger gen cos they thot nothing shld go wrong as this type of msg received is rather common. Once the older gen are encouraged and mastered internet skills, more scamming were to happen.
Older generation yes its hard but we've to keep up with times for younger working adults. I think online risk education is crucial
Sg is the most efficient n safest country in the world? Crime do not always mean violence. In fact this is an eye opener. The lost can be enormous. It is so safe as claimed?
Sg is safe but if something is on internet its not within our laws
All SG banks has been saying for years they will never ask for our personal details in SMS. I thought Singaporeans very good at following instructions ones? Or maybe we r wrong ..... only from bank then do not follow.... sianzzzz.
Correction: The reasons they called... ........was to connect...
The public need security awareness training and threat intelligence. Government should setup an agency to improve it. When technology evolves, there is a need to know the risk vs benefits. Let hope govt will do something about it.
Some corporations have phishing training. My wife's one then are tested regularly on their emails
@@joshconsultancy but there isn't any for the public masses...
@@boonguantan2895 Ninjio relies on resellers of their education. Anyone can take it up, get the government on board and fight back. Ninjio is American but get the right people on board for dubbing into Mandarin, Hokkien, Teochew, Bahasa Melayu and Tamil. Education can keep up and we can make it more available.
Their video trailer on smishing. th-cam.com/video/o28MfpCY3KY/w-d-xo.html You may never know. Ninjio might use this OCBC case as a real case study. The most recent one I remember is the Garmin ransomware case. Garmin unfortunately paid ransom to release their system to work with their customers.
Smart is enough
Don't act smart
Don't apply online banking
but we've to keep up with times. I think online risk education is better
@@joshconsultancy
No need
A lot of people also never had online banking, including me.
One of the bank that I have an account with, keep telling me to set up online banking and encouraged to download their bank app. In the end I have to download that bank app, as there will be charges for sending out hard copy of the monthly bank and credit card statement. Finally, there is no choice, I download the bank app. 😭😭
What about the developers of these websites of these banks. They know the codes. Can the security be compromised by the carelessness or otherwise of these developers ?
From the example i used for decentraland, Very easy to build identical. Anyone with web development experience can chime in?
If you dealt with banks before, you know how hard is it to get them to pay you back in disputes. OCBC has been making goodwill payments to customers according to ST. To me, this is a tell-tale sign of guilt. They probably realised they had a "oopsy" somewhere, just undisclosed. Also, on the victims' part, many of the victims did not disclose whether they actually input their login credentials and OTP (2:52, for example was silent on this), this would have helped banks (not just OCBC) to narrow down the possible scenarios of what had happened as soon as possible and address the gap, if any. Precious time and resources would have been wasted when bank ops team got led on a goose chase by victims who are only upfront about losing their money but not exactly how.
Valid points raised
cannot totally blame on bank. bank keep on remind us does not click on sms on e mail link
So Banks better not pay anything, else will be blamed
Good will only. Give you $10 also constitute a goodwill payment. This is not a restitution in any way or manner.
Its hard to get the bank to pay you back because in most cases the victims are at fault.
The bank has to take full responsibilities, how come its system is not strong.
phishing means the end user is tricked into giving access. No matter how strong the gate is, if the end user gives the keys, the intruder can still enter. Thats why this video to educate on preventing "giving the keys away"
Here's what I do; park most of my money with a foreign bank instead of local banks. Scammers target local banks for volume. Targeting foreign banks happens less often. I'm Malaysian, so most of my money is in OCBC Malaysia.
fair enough. Safest is still prevention which is reading URLs carefully
No to online banking.
But we've to move ahead with digitalization. It has its benefits too
Nowsaday I don't care real or fake sms. As long as asking my bank details through online or sms, I delete it.
think i agree
come on. never put all ur money or assets in one bank. I have equal distribution of assets in hard wallets, brokerage accounts and different banks. Basic risk mgmt.
Yup. And assets better, cant get liquidated so quickly
If you must use word like phishing, explain it in lay person's words.
Why only ocbc?
Dunno, maybe the system for changing limit and overseas transaction was the easiest once acc details are phished
Correction :Recently they called again..... to siphon .....
Tks God
Ocbc pay back
paid back at least 30 people. Since ongoing with case by case assessment according to reports
OCBC going to pay for all the losses of the scam victims, is it "TRUE" ?
according to articles, they are reviewing cases and 30 have been paid already
@@joshconsultancy thank you for your clarifications. I thought "all" means all the victims.
That's why I don't have online banking.
But we've to move on with times. Like PAYNOW is important to us these days =)
@@joshconsultancy At least have peace of mind. I can still do a lot of the banking stuff. With online banking could have all your life saving wipe out even with small time scammer if people happen to know your password.
After thinking through, it is not exactly the people who are scammed but simply the bank not having enough safeguards and allowing anyone to hack the password to take someone's entire savings. The bank should be responsible as long as the people who got 'scammed' can prove that the withdrawn money did not go into their pockets. The bank with their vast amount of resources should be able to track the money, or even send agents down to retrive it from the scammers. If no money, at least beat their scammer ass till they cry for mother.
Insider job colluding scammers
not likely. Its a phishing method doable externally and this sharing is to highlight how impersonation works
examine the URL is not good enough. There are other font types that closely resemble the alphabetic and number character set. This is the scary part.
wow ok, found any impersonating websites that use the font types part as URL?
@@joshconsultancy Have not personally came across any such url. But came across a comment many months ago that highlighted this possibility. For example in a typical special character map, there is another unicode character that looks almost exactly like "o". This gives scammers an opportunity. Safest bet is to always go for the urls you always use, and not matching some google search.
i have already retired. bank less than 10k, all invested. safer to put money invest.
need money withdraw from cpf
@@ongdave3682 agree on ur idea
When I received call from oversea numbers, normally I would just ignore. I won't bother to answer it. Later that scammer sent whatsapp to me, said my parcel was at the post office bla bla bla...I immediately deleted it. Must be always alert. Always think is a scammer even though is not scammer. Safer like this. Hahaha..
Yes this scammer problem is pervasive. We can imagine for the elderly and not tech savvy, the scam hit rate might be higher than we fear
Oh yeah one more thing. Those of my friends who kena malware on their HP because they watch porn of their HP. The porn sites have the most malwares.
lol true
Singaporean are rich lots of money just don't bother the phone itchy hand to press no one can scams you la
Were the culprits caught by the highly efficient Singapore police ,I wonder?
Internet syndicates are not subjected to our laws i guess
they are based in oversea, in some cases they use locals as money mules.
@@joshconsultancy might be a good idea to withdraw all savings and FDs from OCBC. Can sleep well.
who are the scammers ?? i bet a lot from india ... ,african area ...
certainly 3rd world countries but perhaps no need to name names
I don't like the idea of solely relying on the mobile phone for everything. I think the older way was more secure. Please go back to the physical token.
But we've to move forward with digitalization. It has importance too
I will share your video on facebook. It is really good and needs to be disseminated
Yes. Too many have gotten scammed and education is badly needed
Temasek Bank Safe
If banks can be so hard hit, it's worrying. Actually OCBC is not the only one. I believe UOB had a similar issue as well.
About 3 years ago, Singapore's largest medical institution Singhealth had a data breach where patients' confidential info was stolen by hackers. It was revealed that the IT guy was not even trained to handle cyber security matters.
It's unthinkable such things can so easily happen in a country like Singapore where we think highly of ourselves as a "high tech, 1st world country". I doubt it now.
Who are the IT people? Did the organisations employ cheap labour from overseas to handle IT security matters?
this isnt a hack actually. Its a phishing scam that the customer got tricked with. Hence this video to explain to customers what to look out for