Recently, we always read news about “money been transferred without OTP” be it on mainstream or social media! It’s been rumoured that bank with inside man. But, you never know maybe it’s trap that you set it for yourself..
Credit Wenjing / Facebook | Lee Shi Wei
A software engineer took social media to reveal modus operandi of hackers/scammers nowadays. The reason why they are able to transfer your money from bank account without OTP! Actually it’s very much depends on the way how we use our mobile phone!
The post read:
Hi, I’m a software developer that developing mobile app. Today i wanted to talk about the modus operandi of the scammers that i frequently read on social media. This post is a bit lengthy but it’s very informative.
*First, let’s talk about Android app. How are they(hacker) transfer your money from your bank*
Normally, some sponsored ads in Facebook & Instagram will be doing a great promotion. But, you will need to download certain app for the payment.
Especially Chinese will easily fall into the trap. Because you already allowed “install from unknown resources” in your security setting when you are playing online games from China like “Honor of Kings 王者荣耀”, “Game for Peace 和平精英” . This setting is to prevent you from installing any malware. But once you allowed it then installing malware is easy-peasy.
OK, Let me tell you what happen after you installing the apk? you will need to sign up for an account. Everything seems normal until the SMS verification. You will be asked to grant the SMS permission or else you will not be allow to continue for the registration.
Once you authorised the SMS permission to app. The app will be able to read and delete all your SMS.
After you done adding everything to your cart, it’s time for payment. Even the payment gateway is a fake one, including interface for credit card, FPX, Maybank, Ambank and whatsoever e-banking. Whatever you enter will lead you to the under maintenance page, then please try again with other bank/card.
Those who still not realising what is going on will continue with other bank/credit card until they give up on the payment. Their customer service will be comforting you ” Dear customer, our system is in the midst of upgrading, please try again later.”
Here come the fact, You are the one who disclose your username and password! Ops~
Now is the highlight of the show, just depends when the scammer wanted to take action. There is a few ways to obtain your OTP :
1. Sometimes not all the app can work freely without your notice. But when your phone is under the power saving mode, it will automatically killed off. So to make sure their app is working. They will send you an SMS to ensure their app link with your mobile. (If you are receiving SMS like this, delete all your running app and check your app list and ensure those app are genuine app.)
2. When they received your SMS. It basically means they are sure they can read your SMS. Once log in to your account. They will change the Phone number that you registered for your banking transaction. Yes! They didn’t transfer any money but change your phone number that bind to your bank account.
Once they change the binding phone number. They don’t even need the OTP sending to your phone number for any transaction. You will not receiving any notification on the transaction until you check your bank account.
3. Then you will start to suspect, why your money been transferred without OTP? Remember the app already grant your permission to read your SMS in the beginning. They will read and delete your SMS. No one will ever know when the process happen.
They will only read your SMS once, getting the OTP to change the binding Phone number, then it’s up to them what to do next.
This is why everyone is complaining didn’t receive OTP but receiving some weird SMS and money been transferred. But how to prevent them?
- Do not installed app from China! This is important! Especially downloading apk. Do not allow setting for installing from unknown resources.
- In the case, you wanted to download the games. Once you done downloading please turn off the setting of ” allow installing from unknown resources” immediately.
- Check the apps in your phone regularly. Delete the unused app.
- Remember the picture for e-banking verification. In the case, you didn’t see the picture then it’s not the real e-banking portal.
- Remember to check which apps are given the rights for SMS Permission. Make sure you only granted the rights to the genuine app.
- Only install app from Play Store. Do not install any app that is not in the Play Store
That’s what in overall. I will write about iOS next time.
Everyone was asking why never investigate those bank account owner that the hacker transfer to? Those hacker rent the bank account for the bank transfer for a few hundred ringgit. They are just sitting there doing nothing for the money. When they were reported, they will be telling the police officer that IC been stolen.
You probably will be reacted this way : Wah … Internet banking is not safe. I don’t want to do any online transaction anymore.
But i was thinking: Time is changing and this is the trend. If you carry a lot of cash, you stand a chance bump into a robber too, the risk is the same. So, best is to share and learn together, stay alert all the times. Somehow, your school will not teach you knowledge about this. As long as we understand their modus operandi we will be able to avoid it.
It’s not that Android is not secure. It’s just more flexible. Don’t ever think iOS is much better.
Chinese sort of with higher risk as they like to install apk from China. I think we can’t blindly blaming the bank or suspecting bank with inside man but we maybe the one that disclose the OTP.
▼(Picture for illustration purpose only)
▼ Netizen A: To add on, if you are using an old version of Android phone. The app can even take over you to root your phone. Don’t even need your permission. In overall, do not download app from unknown resources.
Netizen B: Thanks for taking your time explaining all this. Some people still very naive and blaming the bank all the times. It’s time for some knowledge.
▼Q : What about the FD been transferred?
A: I’m going to tell you more in the next post.
Info via :Ah Hong VS / Facebook
=============================
Trending news at your fingertips!
=============================
Follow us in Telegram :【Click here】
Gifts & Flowers : 【Click here】
Shopee June Sales :【Click here】
Lazada Vouchers :【Click here】