security

At least $2m in savings prevented from being stolen in malware … – The Straits Times


SINGAPORE – Scammers who took control of the phones of more than 30 OCBC Bank customers were prevented from stealing at least $2 million, following the release of a security measure that blocks access to the bank’s internet banking services in the presence of a suspicious app.

Since the update to the OCBC internet banking app was released on Aug 5, no losses from malware scams were reported by its customers who were using this version of the app, said OCBC in a statement on Thursday.

The security feature, which blocks access to the banking app if it detects apps from non-official platforms and flags those with risky permissions settings, was rolled out as a response to malware scams that provides hackers with control over a victim’s device.

It was released after a meeting among banks and the authorities to crack down on malware scams and roll out stronger security features to tackle them, The Straits Times understands.

OCBC received reports from more than 30 customers about their Android mobile phones being hacked by sideloaded apps from non-official sources, such as those outside the Apple App Store and Google Play Store.

The virus allowed fraudsters to take control of the victims’ device, but they were not able to make fund transfers through the OCBC app, said the bank.

The security measure also prevents scammers from logging on to OCBC internet banking via a web browser to access customers’ bank accounts as it would require a physical hard token since the digital token has been frozen, said the bank.

Readers Also Like:  Two Americans arrested on charges of selling tech to Russia - KWQC

OCBC added: “While there was already more than $2 million in these customers’ savings accounts, the amount that might have been lost to scammers could have been much higher as scammers have previously redeemed fixed deposits and unit trusts early or drawn down cash advances under customers’ credit cards.”

The security measure drew criticism from some users who said they were unable to concurrently use apps from non-official platforms, such as China-centric apps for business.

The Monetary Authority of Singapore has since backed the bank’s security feature and said on Aug 8 that any unintended inconveniences are in the nature of new innovations, and that it will work with the banks to learn from these experiences.

It said: “Security measures will come with some measure of added inconvenience for customers, but they are necessary to maintain security of and confidence in digital banking.”

OCBC is among the first local banks to roll out anti-malware scam measures. It is not known yet what other security measures will be introduced by other banks to tackle malware scams.

Such incidents have grown in numbers in past months. In August, at least 27 victims lost around $325,000 after sellers advertising mooncake sales on social media directed them to install Android Package Kit (APK) files that contained viruses.

Scammers employed a similar modus operandi to siphon more than $20,000 from a 54-year-old woman who was looking online for food options for her elderly parents.

The scourge of malware scams has prompted more organisations to raise cybersecurity measures over third-party apps, like an antivirus that seeks out suspicious third-party installations and viruses, bundled into the latest suite of Singtel phone plans.

Readers Also Like:  How To Secure Your Twitter Account Without Sms-Based Two-Factor Authentication - Ghacks

Mr Beaver Chua, head of anti-fraud at OCBC, said, “Malware scams targeting Android mobile phone users have increased significantly in the past few months, with social engineering by scammers having become increasingly sophisticated. Sideloaded apps are the main conduits used by such scammer.”

He added: “There was therefore an urgent need for a much stronger defence.”



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.