Out of the box How did the scammer took money from a victim's bank account
A computer expert suggested that the scammer operated in the following manner:

a) The scammer sends a notification SMS to the customer to say that the account has been frozen or a transfer has been made. The SMS provided a link to a website for the customer to unfreeze the account or to stop the transfer.

b) The customer is not aware that the website is a fake one. When the customer enters the login ID and password, the scammer uses them to access the bank's website. The bank sends a OTP by SMS to the customer.

c) The customer enters the OTP into the fake website. The scammer retrieves it and immediately enters the bank's website to access the customer account and take out the money.

This is one way in which the scammer can work. It does not require the scammer to have access to the platform of the SMS operator or to the bank itself.

There could be other more sophisticated way for the scammer to work, which may even involve working in cahoot with the bank's insiders.

Customers are warned on many occasions directly and through the mainstream media to avoid clicking on a link contained in a notification SMS, as it may lead to a fake website.

This warning is likely to be forgotten by some customers under some circumstances. 

We need a better way to stop the operations of this scam. I will give my suggestion in a separate post.

Tan Kin Lian


 

Add Comment

---