back to article Singapore monetary authority threatens action on bank over widespread phishing scam

The Monetary Authority of Singapore says it is considering supervisory action against Southeast Asia's second largest bank, Oversea-Chinese Banking Corporation (OCBC), which was criticised for its incident response to a widespread phishing scheme across the island nation. Customers waiting to be served in OCBC Bank in …

  1. This post has been deleted by its author

  2. sitta_europea

    If I get an email that even smells like it's from a bank I report it as a scam.

  3. Tree
    Alien

    Avoid all online accounts

    After losing some money, I say to all "never set up a password for a credit card, bank, or other financial account." If one does not have a password, they can't guess it to drain the account.

    1. katrinab Silver badge
      Alert

      Re: Avoid all online accounts

      But they could potentially set up their own password on your account.

      1. Aitor 1 Silver badge

        Re: Avoid all online accounts

        Seen that happen.

  4. ShadowSystems

    Follow the money.

    Customer claims to be the victim of fraud, bring up the account & find the transaction(s) that emptied it. Unless someone physicly entered the bank to pull cash, there will be a digital trail to follow to get the money back. If they DID physicly enter the bank, you will have their likeness on multiple security feeds, their (digital) signature on the (virtual) credit slip, and possibly the plates of the car they entered to drive away. Follow the trail.

    Getting their money back shouldn't be difficult: the source bank marks it as fraud, the target marks it as fraud, the target refunds the fraud funds, and any attempt by the end-account-holder to withdraw the funds gets met with a police response to figure out WTF happened. If it's not fraud & the transaction legit, that will come out in the wash. The source that claimed fraud will then be arrested, the money refunded to the target, & all's good. If it IS fraud, the end-account holder gets arrested & all's well.

    TL;DR: Follow the money. Find the crims. Arrest them.

    1. Anonymous Coward
      Anonymous Coward

      Re: Follow the money.

      With this type of fraud the funds are usually withdrawn from the destination account(s) as soon as they are deposited (either in cash or to another account elsewhere). This way there are no funds to be handed back when the original account holder reports the fraud to their bank

      1. ShadowSystems

        Re: Follow the money.

        Let us assume the original-target-account-holder tries to move the money out. They will do so in one of two ways:

        1. They will physically enter the bank to manually pull the funds. This will invariably leave video records, (digital) signatures on the (virtual) receipt, and possibly even the plates of the car used to arrive/leave in. The police can then follow those leads.

        2. The person will do a purely digital transfer to another account in a different bank. This will leave a digital trail to follow. The transfer-marked-as-fraud-flag from the original bank to the original target would then persist to the third bank.

        In either case you're left with a trail of evidence to follow that may lead you to the person whom eventually gets the money.

        Yes the person could do a zillion digital transfers to try & mask the money, but every single digital-transfer will leave a digital trail to follow. Manual withdrawls should result in the video evidence local law enforcement can use to find the local perp.

        It will be a long, hard crawl through the crap, you may have to follow a thousand blind-alley-red-herrings, but eventually the trail will lead you to someone whom took the money. Once the trail stops, once you have that last person in custody for questioning, you can then sweat them for where the money went.

        "I have no idea. I just put it in an envelope & handed it over to some guy in the bar."

        Nope, we'll just arrest you as an accessory, charge you with the full crime, & prosecute your sorry arse into a very deep hole. You can make that hole a lot less deep, a lot less dark & dank, & your likelihood of ever being a free man again by coughing up everything you know about the bigger fish in the chain. You don't cough up anything (useful), we lock you up & throw away the key.

        TL;DR: Follow the money as long as it takes. Run down every lead, eliminate every red herring, until you find the last link in the chain.

        1. dave 76

          Re: Follow the money.

          "Yes the person could do a zillion digital transfers to try & mask the money, but every single digital-transfer will leave a digital trail to follow. Manual withdrawls should result in the video evidence local law enforcement can use to find the local perp."

          That's assuming that it hasn't bounced through a bank account in a country that won't give up details, or a digital only bank account where KYC wasn't done properly, or the money used to buy bitcoin....

          Money Laundering is an issue that has been been going on for years for huge sums of money and is not yet a solved problem. If it appears simple to you, that's because you don't understand financial fraud in the real world.

  5. Furious Reg reader John
    Thumb Up

    What a great video

    Bravo Mr Brown.

  6. clyde666

    It started with an SMS

    Goodness me, whatever could go wrong?

    Staff in my local bank have looked at me blankly when I've said it's much more secure using my big old heavy bulky PC for online banking, and even entering a series of passwords, than having almost instantaneous access on a small handheld device where security is next to non existent.

    1. tiggity Silver badge

      Re: It started with an SMS

      I don't do online banking on any device.

      Every time I see these sort of stories I feel justified - despite all the Luddite insults from family members.

      Not a Luddite, just cautious - I have no need for online banking so its just one less attack vector (obviously can see use cases where online banking really useful for some people, I'm just not in that demographic).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022