Friday, September 8, 2023

Malware Scam At least $2m in savings prevented from being stolen in malware attacks after OCBC app security update

×
The Straits TimesSPH Media Limited
INSTALL

At least $2m in savings prevented from being stolen in malware attacks after OCBC app security update

The security feature blocks access to the banking app if it detects apps from non-official platforms and flags those with risky permissions settings. PHOTO: OCBC

SINGAPORE – Scammers who took control of the phones of more than 30 OCBC Bank customers were prevented from stealing at least $2 million following the release of a security measure that blocks access to the bank’s Internet banking services in the presence of a suspicious app.

Since the update to the OCBC Internet banking app was released on Aug 5, no losses from malware scams had been reported by the bank’s customers who were using this version of the app, OCBC said in a statement on Thursday.

The security feature, which blocks access to the banking app if it detects apps from non-official platforms and flags those with risky permissions settings, was rolled out as a response to malware scams that give hackers control over a victim’s device.

It was released after a meeting among banks and the authorities to crack down on malware scams and roll out stronger security features to tackle them, The Straits Times understands.

OCBC received reports from more than 30 customers about their Android mobile phones being hacked by sideloaded apps from non-official sources, such as those outside Google Play Store.

The apps introduced a virus that gave fraudsters control of the victims’ device, but they were not able to make fund transfers through the OCBC app, said the bank.

The security measure also prevents scammers from logging on to OCBC Internet banking via a web browser to access customers’ bank accounts as it would require a physical hard token since the digital token has been frozen, said the bank.

OCBC added: “While there was already more than $2 million in these customers’ savings accounts, the amount that might have been lost to scammers could have been much higher as scammers have previously redeemed fixed deposits and unit trusts early, or drawn down cash advances under customers’ credit cards.”

The security measure drew criticism from some users, who said they were unable to concurrently use apps from non-official platforms, such as China-centric apps for business.

The Monetary Authority of Singapore has since backed the bank’s security feature, and said on Aug 8 that any unintended inconveniences are in the nature of new innovations, and that it will work with the banks to learn from these experiences.

It added: “Security measures will come with some measure of added inconvenience for customers, but they are necessary to maintain security of and confidence in digital banking.”

DBS said on Thursday in reply to ST queries that it is working with the authorities and industry partners on ways to tackle malware scams.

Its spokesman said: “There is a need to take a considered approach for this.

“As we work to provide a robust level of protection for our customers, we also want to keep the customer journey as frictionless as possible.”

DBS Bank’s active surveillance measures protected customers from various scams, including malware scams, with at least $16.5 million in losses prevented over the past three months, said the spokesman.

Malware scams have grown in numbers in past months. In August, at least 27 victims lost around $325,000 after sellers advertising moon cake sales on social media directed them to install Android Package Kit (APK) files that contained viruses.

Scammers employed a similar modus operandi in July to siphon more than $20,000 from a 54-year-old woman who was looking online for food options for her elderly parents.

The scourge of malware scams has prompted more organisations to raise cyber-security measures over third-party apps, like an antivirus that seeks out suspicious third-party installations and viruses. Such an antivirus is included by default in the latest suite of Singtel phone plans.

Mr Beaver Chua, head of anti-fraud at OCBC, said: “Malware scams targeting Android mobile phone users have increased significantly in the past few months, with social engineering by scammers having become increasingly sophisticated. Sideloaded apps are the main conduits used by such scammers.”

He added: “There was therefore an urgent need for a much stronger defence.”

Read the full story for $0.99/month

Save more than 90% on your subscription and get over 500 subscriber-only articles every month.

Unlock these benefits

  • Get subscriber-only articles on ST Web and app

  • Easy access on up to 4 devices

  • 2-week e-paper archive to ensure you never miss out on news that matters to you

Join ST's Telegram channel and get the latest breaking news delivered to you.

YOU MAY LIKE

No comments: