Regrettably, the OCBC phishing scam likely highlighted how vulnerable Singaporeans are to online scams and fraud. This is despite us having one of the most educated populations in the world.
Age it seems, is not a deterrent either, as victims span across diverse age groups. In fact, younger and more digitally savvy users might find themselves at increased risk due to their extended reliance on such devices.
The current proliferation of digitization and online applications would have likely further expanded the means by which such scammers can access our savings and information.
It’s hard to totally avoid such digital devices and apps, but perhaps we can better understand the modus-operandi of these scams in order to avoid them.
In this blog post, we’ve complied 4 of the most common infiltration methods used by such criminals.
This knowledge, combined with a healthy dose of skepticism, should enable you to safeguard yourself and your family members against common threats found online.
The main culprit of the OCBC scam, Phishing is a scam technique which crooks use to trick unsuspecting victims into revealing sensitive individual information which they can then use to their advantage.
Such attacks generally involve sending scores of seemingly genuine messages to many individuals. Scammers target those who respond, duping them into visiting fake websites, or revealing sensitive information.
These methods run the gamut, and can come in various forms. Examples include emails, SMS, voicemails, and other communication platforms like Whatsapp.
Furthermore, the message normally involves an element of urgency or pressure, which urges the potential victim to respond by taking an action.
Other variations include CEO fraud (Scammer misleads victims into thinking he is an important person), and Spear-phishing (Directed attacks which target a particular group or organization).
Because such attacks exploit the human element of a transaction, they are normally very well-executed, and are difficult to detect.
Only by understanding how they work, and also knowing tell-tale signs, can we protect ourselves from possible threats.
Brute Force Attack
Brute Force Attacks are a form of cyber-attack which involves trying out every single possible combination on a secure account in order to find out the password.
This is achieved through the use of devices with immense processing power, such as computers and specialized CPUs. The device is able to go through thousands of combinations in seconds, at break-neck speed.
Short passwords are particularly vulnerable, as the amount of time needed to break them is relatively shorter. Longer passwords are exponentially harder to break.
Users which have previously leaked information such as phone numbers and addresses are at risk as well, as they might use this information as their personal passwords for easy reference.
Upon successful entry into a account, attackers can then conduct a variety of attacks, or collect personal information for other means.
Such attacks can be avoided by using a longer, and stronger password, not using the same password across different accounts, and using 2 factor authentication.
Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. While it comes in various forms, the most common ones include attacks using Email, Caller ID, or Website domains.
Like Phishing, these copies trick users into inputting their classified information, believing it to be the real address or person.
A spoofed email, website or IP address on its own is generally benign. In order to create any value, the spoofer must take the added step of gathering personal information or spurring activity through phishing or social engineering techniques.
Prevent such attacks by looking out for discrepancies in the suspicious websites or addresses, and also asking for proof from individuals claiming to be from an organization or outfit.
Malware attacks are common cyber-threats where a malicious software executes unauthorized actions on the victim’s system.
These attacks attempt to install harmful software on a victim’s computer through trickery or other guises. They can then sabotage the victim by leaking private information, surveying their actions, or denying access to critical programs.
Variations of such attacks include Ransomware, Trojans, Viruses, and Spyware. These applications serve a variety of different functions, all of which are detrimental to the victim.
Malware can be avoided by installing anti-virus software and updating it regularly, avoid clicking on and downloading suspicious links, and using malware scanners.
With the apparent success of the OCBC phishing scam, do expect more such attempts on Singaporeans by other criminal groups.
In the worst case, scammers will attempt to re-target scam victims in order to prey on their emotional despair, and wring more funds from them.
Other, more generous scammers might even play the “long” game, giving out tidbits to gain trust, before reeling in the dinner dish.
Skepticism & Knowledge
It’s a enduring conflict really. While we are hard at work earning and investing, there are always others who desire to rob us of our monies.
Such actors have no rule-book, and will actively tailor their techniques to suit the victim. This makes for a truly persistent and dangerous threat.
Even if we can “defend” ourselves, our less-informed friends and family would still be at risk. It may be that we would need to update and inform them about such dangers, to prevent them from financial ruin.
After reading about the recent horror stories, the most dreadful news would be for such catastrophes to impact one of our own.