REACH 312 - What are your views on the introduction of additional measures to bolster the security of digital banking? How can we be more vigilant, as more of our activities go digital? (SK)
21 Jan 2022 (10am - 7pm)
REACH
[9:45 am, 21/01/2022] +REACH: Dear Contributors,
Welcome back! π
⏰ We will be opening the chat from 10am to 7pm today. ⏰
House Rules (short version of our Terms of Use) to keep in mind:
1. Be kind and respectful. We all want to be in a safe space to share our views.
2. Any and all threatening, abusive, vulgar or racially, religiously and ethnically objectionable content is prohibited.
3. Consider the quiet ones among us and give them a chance to comment.
4. No need to repeat your comment or in different forms (including caps) - we heard you loud and clear the first time.
5. Let’s protect each other’s privacy and keep contact details in this group what it should always be - confidential.
Full set of Terms of Use: https://go.gov.sg/reach-whatsapp-terms
We will strive to uphold these rules to ensure this is a safe space for all.
Please be assured that the points made by participants during the chat are aggregated and shared with relevant agencies.
The topic will be posted shortly.
Thank you
Megan π
[10:00 am, 21/01/2022] +REACH: π’ Topic π’
Banks in Singapore will have to put in place more stringent measures to bolster the security of digital banking, such as removing clickable links in SMSes or e-mails sent to customers, within the next two weeks.
These additional measures were introduced in view of the recent spate of SMS phishing scams targeting bank customers, the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) said in a joint statement on Wednesday (Jan 19).
π¬ What are your views on the introduction of additional measures to bolster the security of digital banking? How can we be more vigilant, as more of our activities go digital?
The more stringent measures which banks will work to put in place in the next fortnight will lengthen the time taken for certain online banking transactions but also provide an additional layer of security to protect customers' funds, they added.
However, they also cautioned that customer vigilance remains key, as scammers are quick to adapt in targeting unsuspecting customers.
The new measures for banks include:
▶️ Removal of clickable links in SMSes and e-mails to customers
▶️ Dedicated customer assistance teams to deal with feedback on potential fraud cases
▶️ Setting a default threshold of S$100 or lower for funds transfer transaction notifications
▶️ Having a delay of at least 12 hours before activation of new soft token on mobile device
▶️ Notifications to be sent to existing mobile number or e-mail for requests to change these details
▶️ Cooling-off period before implementing requests to make key changes, such as contact details
ππ» https://www.straitstimes.com/business/banking/new-measures-introduced-to-beef-up-digital-banking-security-in-spore
ππΌ https://www.straitstimes.com/singapore/courts-crime/police-warn-of-fake-bank-hotlines-in-google-search-advertisements-victims-lost-495000
ππ» https://www.straitstimes.com/singapore/courts-crime/4-common-types-of-scams-and-how-to-recognise-them
ππ» https://www.straitstimes.com/singapore/imda-urges-more-banks-to-sign-up-with-anti-sms-spoofing-registry-to-combat-scams
-----
[10:01 am, 21/01/2022] ☸️ Danny εΏ:
Fake CPF email.
[10:02 am, 21/01/2022] ☸️ Danny εΏ:
Authentic CPF email
[10:02 am, 21/01/2022] ☸️ Danny εΏ:
Difference between a fake site and the real site:-
1. Fake site :- CB
Real Site :- CPF logo
2. Fake site :- CPF Board
Real Site :- CPF Board <intouch@e.cpf.gov.sg>
3. Fake site :- CPF Board
Real site :- CPF logo
4. Fake site :- Password login (DOB + last 4 characters NRIC).
Link expires on ...
Real site :- Singpass required.
Note:- Almost all REACH participants think is a real site.
All if use the "CPF" email will "Kenna scam".
[10:04 am, 21/01/2022] ☸️ Danny εΏ:
One more local financial institution come under phishing scam attack - GE.
Because GE uses Singpass for SSO sign on. If compromise, will means hackers can access all government website.
[10:04 am, 21/01/2022] ☸️ Danny εΏ:
Received so many fake SMS from Great Eastern.
GrtEastern - Authentic.
Grt Eastern - fake.
[10:04 am, 21/01/2022] ☸️ Danny εΏ:
One more local financial institution come under phishing scam attack - GE.
Because GE uses Singpass for SSO sign on. If compromise, will means hackers can access all government website.
[10:05 am, 21/01/2022] ☸️ Danny εΏ:
Check the digital certificate to see if the website is authentic before key in all the user credentials and details.
[10:05 am, 21/01/2022] ☸️ Danny εΏ:
Issue by:- is the CA (Certificate Authority) that issue the authentic digital certificate.
[10:09 am, 21/01/2022] +Joseph: These are good first steps, but more needs to be done. For example, credit cards should have more security features, like requiring a PIN (or some other additional layer of verification) instead of just tapping on the card readers.
The SPF should also take reports more seriously.
I personally had made reports to the SPF in the past about SMS/chat messages which are obvious scams - not just Bank related phishing attempts - and the SPF did not even acknowledge/respond. I had to call to follow-up a couple of times before the SPF grudgingly told me that all they "can" do, is ask the telco to deactivate the number that the scammers used to send the messages. And that is IF they decide to investigate, and IF they establish that it is a fraud. If it is a foreign number, "there is nothing they can do".
The SPF's attitude towards this plays a part as well. Obviously, crooks are emboldened by the SPF's laissez-faire attitude.
[10:11 am, 21/01/2022] ☸️ Danny εΏ:
Also banks like DBS, OCBC are also using digital token - a soft token. Not hard token.
Only Maybank still using hard physical token.
[10:12 am, 21/01/2022] +BL: This looks like an email on a mobile phone, which is formatted differently to the email you show on a desktop. The logo isn't there because logos are dependent on having the sender in your contact list, when its on a mobile, for example.
[10:13 am, 21/01/2022] ☸️ Danny εΏ:
Government, CPF only use Singpass.
They don't use dob + IC.
There are also no expiry of link.
[10:13 am, 21/01/2022] +BL: All property, including money in your bank account, is at risk. Educating the public is the right approach, not making life difficult for everyone by adding overly complex measures and hardware devices.
[10:14 am, 21/01/2022] +BL: How many locks on your front door? How many cameras in your house? More means safer, yes. But let's be realistic
[10:14 am, 21/01/2022] +BL: Yes, this is good to educate the public about
[10:15 am, 21/01/2022] ☸️ Danny εΏ:
Singpass is the SSO mandate for all government website.
[10:15 am, 21/01/2022] +BL: Sms is old tech and should be expired
[10:15 am, 21/01/2022] ☸️ Danny εΏ:
SSO Single Sign On.
[10:15 am, 21/01/2022] +BL: 2FA with an Autheticator app is simple and secure.
[10:16 am, 21/01/2022] ☸️ Danny εΏ:
Digital token can be hijacked because it is a soft token.
This is what happens to OCBC digital token.
[10:20 am, 21/01/2022] +BL: Hardware tokens can also he rendered useless. Both hardware and soft tokens rely on the server side security
[10:22 am, 21/01/2022] ☸️ Danny εΏ:
Software token can be stolen online.
Hardware token cannot.
But big adminstrative problem to manage and costly.
[10:33 am, 21/01/2022] +BL: Yes,and if the server is hacked then doesn't matter if token is hard or soft
[10:35 am, 21/01/2022] ☸️ Danny εΏ:
ACS access control server that manage 2FA are installed oob out of band - inaccessible by internet hackers.
They are access only via onsite.
Cannot compromise ACS servers.
Unless design flaw or installation flaw.
[10:37 am, 21/01/2022] +Joseph: i think the difference is that with a soft token, the security is less tight since vulnerabilities at the enduser side will likely be easier to exploit.
The trade-off is convenience and cost.
Every layer of security has its own loopholes/vulnerabilities, hence the need for multiple layers that overlap to make it less easy to exploit. Unfortunately, there is no single fool-proof solution to any problem.
[10:40 am, 21/01/2022] ☸️ Danny εΏ:
Digital token, Singpass are installed from Google playstore.
Once hackers capture a user credentials, it key in to the digital token and the hacker hijack user soft token to login.
[10:49 am, 21/01/2022] +jimmy chew: Until hackers gain Access π€£
[10:51 am, 21/01/2022] +Joseph: I understand what you are saying about the soft token vulnerabilities...
The trade-off versus hard tokens, is convenience and cost.
Since this is not the only security feature, I am more for the retention of soft tokens (rather than revert to multiple hard tokens).. but perhaps we can have an added layer of security on top of that? Eg. an personal alpha-numeric password which needs to be used in conjunction with the randomly generated soft token PIN? or facial recognition/finger print which our phones can now handle easily? Or at some stage in the near future, retina scans?
There is no fool-proof solution.. and security/verification processes will have to evolve alongside hacker/scammer sophistication. Laws/regulations also have to be updated so that the penalties are sufficiently [unitive for not only the scammers, but also the people aiding them, a lot of whom will probably be insiders.
I personally had encountered an unauthorised credit card charge on a new card that I had never even used before and never been activated. The only way I can think of - I may be wrong - is that someone on the inside had access to the clients' card info and had sold info to hackers/scammers.
[10:54 am, 21/01/2022] ☸️ Danny εΏ:
Eg. User key in detail in fake CPF website or GE website.
Hacker then use the credentials to key in Singpass download from Google playstore.
Hacker taker over user soft token and access all government website, GE etc that uses Singpass.
[10:55 am, 21/01/2022] ☸️ Danny εΏ:
15 minutes job.
[10:57 am, 21/01/2022] ☸️ Danny εΏ:
So DBS, OCBC digital token can also be stolen likewise.
[10:58 am, 21/01/2022] +Caleb: I think when setup digital token for Singpass mobile, a 2FA will be send via the registered mobile number
[11:00 am, 21/01/2022] ☸️ Danny εΏ:
If the hacker can spoof the SMS using the user phone number, then the SMS OTP also hijack.
SMS OTP is not encrypted. It is in the clear.
[11:00 am, 21/01/2022] ☸️ Danny εΏ:
The news articles say ss7 Telco network was spoof and SMS OTP stolen.
[11:04 am, 21/01/2022] ☸️ Danny εΏ:
Land phone line cannot spoof unless tap.
Handphone using wireless 4g can be hijack by rouge base station.
Not sure how the hackers hijack the SMS OTP. If hacker use rogue base station - then they are no normal hackers.
But news say they use sophisticated software to hijack the SMS OTP using the user phone number.
[11:05 am, 21/01/2022] +Caleb: use this lor: https://www.straitstimes.com/singapore/singpass-users-can-now-verify-identity-by-scanning-faces-or-sending-otps-to-another-user
[11:06 am, 21/01/2022] ☸️ Danny εΏ:
Maybe this is safer.
But don't know yet with AI deepfake around.
[11:21 am, 21/01/2022] +Chua: I like physical token, 2FA.i feel safer and it should be promoted instead of promoting 2FA digitakal though mobile, although it so convenient.
[11:29 am, 21/01/2022] +Rama: Is it part of 2FA!?
[11:30 am, 21/01/2022] +Joseph: maybe a single hard token instead of multiple hard tokens for each bank? And requiring a PIN to access the token in case it is lost/stolen
[11:31 am, 21/01/2022] ☸️ Danny εΏ:
Yes. They are part of 2FA.
But they are difficult to manage, distribute and run out of battery.
Physical token seems to be safer among all the current solution.
[11:32 am, 21/01/2022] +Rama: I believe they are using digital token from the bank app instead of Physical hard token.
[11:33 am, 21/01/2022] +Joseph: design it to be rechargeable maybe? makes upgrades and replacements costly and inefficient though π
[11:33 am, 21/01/2022] ☸️ Danny εΏ:
Some banks like Maybank still using physical token.
DBS , OCBC switch to digital token.
[11:34 am, 21/01/2022] +Rama: Uob too
[11:34 am, 21/01/2022] ☸️ Danny εΏ:
You mean UOB use digital token?
[11:35 am, 21/01/2022] +Rama: Saw it on the app
[11:36 am, 21/01/2022] ☸️ Danny εΏ:
One do all follow.
Group think.
Need diversity.
[11:45 am, 21/01/2022] ☸️ Danny εΏ:
Some may ask why digital token and SMS OTP can intercept by hackers but not physical token.
1. SMS OTP and digital token use user handphone number in which hackers can intercept.
2. Physical token key in random number from any devices eg. Notebook, smartphone, company pc and internet with different IP address - that's why hackers cannot intercept.
Thus hard token is safer.
[0:14 pm, 21/01/2022] +RH: Your illustrations of real vs fake messages are clear examples of why and how ppl get duped.
Aside from all the technical jargon and concerns over layers of security, let's not forget tt this situation came abt because ppl are ignorant , or ppl do not know how to tell the difference btn wat's real and wat's not.
These type of msg hv become very sophisticated - the hijackers know wat we look / dun look for.
For instance, use of English language has to be near perfect.
Layout of message / site has to look authentic.
Having achieved these first ππ»two steps, they then proceed to add on their other gimmicks to trick ppl into believing the message, such as scare tactics, comfort msg, promotions.
Sori... As a layman, when u read such msg, and get lulled into thinking tt the msg is real,
* How many of us wud bother to :
-- Look at Logos?
-- Chk website address ?
-- Notice the fine print eg.
GrtEastern vs
Grt Eastern
????
-- Wud layman ppl know abt Digital Certificates?
The vast majority of ppl r still not tt IT-savvy!
So, pls dun mind me.
Go ahead w yr discussion on tokens, 2FA & wat not...
But I think the bigger issue here also lies in Education of the public...
And when we talk abt the public, it wl get complicated becos ther r Seniors who r not so savvy, Seniors who are.
But even savvy individuals in their 30's, 40's hv fallen prey to such authentic-looking scams.
How then can the public be taught or reminded abt, say,
* Wat to look for?
* How to verify?
such msg?
[0:16 pm, 21/01/2022] +RH: Can we block such messages on our email or hp, since they r fr unknown sources?
I personally had rcv the OCBC sms in Dec/Jan - abt 3 of them, but I deleted them & called the bank.
[0:17 pm, 21/01/2022] +Rama: The sending of a password to a trusted number means both parties must be in close proximity or the same room? Otherwise, does it help to send sms to and fro the trusted person and the one using the government Web site?
[0:19 pm, 21/01/2022] +RH: Can Google, Yahoo, MSN n various email platforms block such unknown msg fr coming thru to the user?
[0:34 pm, 21/01/2022] ☸️ Danny εΏ:
Incredibly easy to spoof': How SMS scams work and what can be done.
https://www.channelnewsasia.com/singapore/sms-phishing-scams-ocbc-fake-messages-2444446
[0:46 pm, 21/01/2022] +RH: While we're at it, wat abt the telcos?
Can they block such spam SMS from getting thru?
Can they re look into their systems to add on a layer of security?
Like, chk if number is unknown to user Or chk the qty of numbers tt the unknown number is sending to & set a limit... Like What's App can forward only to 5 ppl at a time...
Perhaps the telco can do sth like tt : if the number is sending to more than 5, deem it as a spam?
Or add on tag msg like "This may be a spam msg. Pls verify before u click any links."
after the spam msg is sent ?
Just some thots.
It's abt time telcos also look into updating their systems to cater to the demands of a new world.
Dun u think? π
[0:52 pm, 21/01/2022] +REACH: Iras warns of scam e-mail telling recipients to buy pass to receive funds from Bill Gates
The Inland Revenue Authority of Singapore (Iras) on Friday (Jan 21) warned of a scam e-mail where recipients are told to buy an "approval pass" to receive funds from billionaire Bill Gates.
The e-mail would purportedly be from Iras, signed off in the name of the Commissioner of Inland Revenue, Mr Ng Wai Choong.
More: https://str.sg/wA5d
[0:55 pm, 21/01/2022] ☸️ Danny εΏ:
Also user using different devices like hp, pc, notebook in different network - home, public, company, internet bar etc are issued with dynamic IP that are use once if using physical token.
Dynamic IP are issue by DHCP servers of different network that are used once.
So hackers cannot intercept physical token OTP random number because IP address are not static.
So hard token very safe.
[0:59 pm, 21/01/2022] +Alvin Lee: https://www.firstpoint-mg.com/blog/ss7-attack-guide/
SS7 attack guide.
[1:03 pm, 21/01/2022] +Alvin Lee: https://www.geeksforgeeks.org/how-to-spoof-sms-message-in-linux/
How to spoof sms message in linux.
[1:04 pm, 21/01/2022] +Alvin Lee: https://www.channelnewsasia.com/singapore/sms-phishing-scams-ocbc-fake-messages-2444446
[1:05 pm, 21/01/2022] +Stella Yip: I wonder if the situation is considered drastic enough for MAS to implement currency controls like China. People cannot suka suka transfer SGD to other currencies in large amounts out of the country. As long as money stays in SG, our G will be able to retrieve the scammed money and therefore the general public will feel safer.
[1:07 pm, 21/01/2022] +Rama: Food for thought!
[1:13 pm, 21/01/2022] +Joseph: Sure have financial services and commerce collapse... why not? π
[1:14 pm, 21/01/2022] +Joseph: all because a small % of our people have itchy fingers resulting in (less than) 10m in losses last month.. why not π
[1:16 pm, 21/01/2022] +Stella Yip: must examine all possibilities to save the general public mah. The financial services and commerce sectors wont die so easily one. But general public has been shedding tears of blood when their life savings gone leh
[1:18 pm, 21/01/2022] +Stella Yip: Our G and China G has always maintain good relationship, so no harm in exchanging points on this matter mah. We dont have to 100% adopt their method, our G+MAS can adjust accordingly to suit our security needs.
[1:19 pm, 21/01/2022] +Joseph: you sound like you have no idea how Global transactions and basic cross border commerce works ... do you even know where the food on your table comes from? If $ cannot flow out - to pay overseas suppliers - and we produce only a miniscule proportion of our daily food/necessities in Singapore... then seriously .. I think losing $ to scammers is the least of our worries
[1:20 pm, 21/01/2022] +Joseph: hmm... what magical process are you thinking that China is implementing that no one else is?
[1:20 pm, 21/01/2022] +Stella Yip: why u think money cannot flow out? My China customers has been paying me just fine.
[1:21 pm, 21/01/2022] +Joseph: You obviously have only been doing this for a short time π
[1:22 pm, 21/01/2022] +Joseph: other than processing Payment receivable orders .... would be good to understand how Global Money transfer/flows work
[1:23 pm, 21/01/2022] +Stella Yip: if more than 20 years is a short time, okay
[1:23 pm, 21/01/2022] +Joseph: wow.. and yet after all this time, you still have no idea how it works π€¦♂️
[1:24 pm, 21/01/2022] +Rama: As our late founding PM once said- we don't copy everything we observe from other countries .
[1:27 pm, 21/01/2022] +Stella Yip: no 2 countries are same same, of course cannot copy blindly. Our G and MAS can just reference and then adjust our current controls.
[1:27 pm, 21/01/2022] +Joseph: I think it would be cheaper to just reimburse the losses, than do what you are proposing ... oh wait.. that exactly what OCBC did ... hmmm....
[1:27 pm, 21/01/2022] +Stella Yip: seems like it works to the advantage of the scammers so far
[1:28 pm, 21/01/2022] +Stella Yip: as long as the general public is protected, the banks can do what they want with their money
[1:29 pm, 21/01/2022] +Stella Yip: but if the general public is not protected, then....how can
[1:29 pm, 21/01/2022] ☸️ Danny εΏ:
Cannot do capital control.
Singapore is a financial hub.
Once done, economy collapse.
China is a big country and manufacturing hub.
They are different.
[1:30 pm, 21/01/2022] +Rama: Yes
[1:31 pm, 21/01/2022] +Rama: Some experts are saying banks should not be held accountable still if no fault on their part in light of the recent goodwill payments.
[1:31 pm, 21/01/2022] ☸️ Danny εΏ:
We are managing 3.5 to 4 trillion now
If we impose capital control, we lose our financial hubs status.
All finance and investors will leave - and massive job loss - because investment profit cannot be taken out.
[1:32 pm, 21/01/2022] +Stella Yip: For large corporations, they can continue to do what they need to do. But for individuals, whereby they do not trade with overseas, citizens should be able to not fear for their life savings.
[1:32 pm, 21/01/2022] ☸️ Danny εΏ:
Individual are big bosses as well.
[1:32 pm, 21/01/2022] +Rama: SIDC possibly needs to be relooked and strengthen.
[1:34 pm, 21/01/2022] +Stella Yip: Big bosses should have registered companies/organisation bank accounts, can dont not use personal account to move large sums of money, right?
[1:36 pm, 21/01/2022] +Joseph: (less than) 10million last month ... versus 1.16 TRILLION in imports/exports value in 2021 .... if you still think what you are suggesting makes sense .. then really there is nothing more for me to say π
[1:39 pm, 21/01/2022] +Stella Yip: u really shouldnt say anything anymore bcos u have no clue of :-
House Rules (short version of our Terms of Use) to keep in mind:
1. Be kind and respectful. We all want to be in a safe space to share our views.
[1:41 pm, 21/01/2022] ☸️ Danny εΏ:
Personal is personal.
Business is business.
It don't mix.
Else cad come to investigate.
[1:45 pm, 21/01/2022] ☸️ Danny εΏ:
Eg I own shares in Singtel.
I can't use Singtel business account to transfer my money outside right?
Else cpib or cad come to ask me to drink coffee.
Isn't it?
[1:48 pm, 21/01/2022] +Joseph: i think there has to be a balance and everyone recognising that this is a shared responsibility.
Making either side sole responsible for security will lead obvious negative outcomes.
Importantly, we need to also recognise the increasing sophistication of scammers as well as the penetration of Tech/AI into our daily activities.
The problem we face today, is partly because IT security is lagging developments elsewhere. It is not just in cyber-security itself, but also in human behavioral science, data collection/data sciences etc. The increasing pace of implementation of ever more sophisticated technology to raise productivity, reduce costs, improve convenience/UX, allows bad actors to exploit the gap between the Tech, and the end-user.
It is a step in the right direction that our Govt is working with our Banks to urgently look into bridging this gap, but I hope it will be a sustained effort rather than a once and done. It is unlikely enforcement will be ahead of the crooks, but hopefully we are never too many steps behind.
[1:49 pm, 21/01/2022] +Rama: NΓ²teΔ
[1:51 pm, 21/01/2022] +Joseph: For those who fear internet banking, there is the option to cancel internet banking access, go back to passbook banking - don't even use ATM card, because, yhou know, can be cloned easily - stand in line at the Bank branches\ to withdraw cash and buy only from brick-and-mortar retailers.
[1:52 pm, 21/01/2022] +Rama: Yes
[1:53 pm, 21/01/2022] +Joseph: What? Hackers nowadays only hit personal/individual accounts? That's news to me π
[1:56 pm, 21/01/2022] +Stella Yip: My point is that personal accounts of the general public needs more protection.
[1:56 pm, 21/01/2022] +Joseph: I can't help you if you feel disrespected because I am explaining to you why your thoughts may be misguided/incomplete/naive... unfortunately thesaurus does not offer "kind" alternatives to those words.. maybe they don't exist.. can't be 100% sure.. not that smart myself π€·♂️
[1:59 pm, 21/01/2022] +Joseph: and for those who can't follow simple instructions like don't click on any and every link.. the best protection for them is to go offline .. use a passbook.. queue up at the Branch to withdraw cash .. use cash, go shop, buy.
For the rest, remember that danger is omnipresent, exercise more caution, and get on with life .. hopefully move forwards and not back into the stone ages
[2:00 pm, 21/01/2022] ☸️ Danny εΏ:
I don't disagree.
Government should look into it.
[2:02 pm, 21/01/2022] +Joseph: i think when we say more protection.. part of that, is in education as well. People need to be equipped with the knowledge. To learn to identify red flags and take personal responsibility for security as well. The strongest defense is still only as strong as the weakest link.
[2:03 pm, 21/01/2022] +RH: ππ»ππ»ππ»
[2:03 pm, 21/01/2022] +RH: ππ»ππ»ππ»
[2:07 pm, 21/01/2022] ☸️ Danny εΏ:
Education and knowledge is important to fight against hackers.
[2:07 pm, 21/01/2022] +RH: Just to add on...
Telcos & email platform providers can also look into using keywords to identify if the msg r scam msg..
If they r so clever in being able to identify our shopping habits on e-commerce, surely, they can use similar techniques to suss out the scamming msg b4 they're sent thru ... π³
I think they just dun wanna spend money... which is not the 'right' thinking...
Whatever happened to Customer Service?
This shd still apply even tho we r now talking abt Digital Age. ....
[2:10 pm, 21/01/2022] +Stella Yip: Looks like u need help. Maybe u have no respect for opinions that differ from yours and enjoy a good laugh to put your opinion above that of others. U are perhaps also incapable to "agree to disagree". What is crystal clear is that u are unable to conduct yourself in a feedback group and adhere to :
House Rules (short version of our Terms of Use) to keep in mind:
1. Be kind and respectful. We all want to be in a safe space to share our views.
[2:11 pm, 21/01/2022] +Stella Yip: Agree
[2:19 pm, 21/01/2022] +Joseph: You are right.
Now, lets hear you say the same..... or do you intend to double down on the "stop $ from flowing out of SG" idea
[2:25 pm, 21/01/2022] +Stella Yip: of course, cannot STOP money movement in and out of the country lah. But cannot let the scammers suka suka move money out of SG and out of the legal reach of our G/Interpol.
[2:27 pm, 21/01/2022] +Stella Yip: The scammed money moved out of SG not pocket change, it is large sums of money
[2:29 pm, 21/01/2022] +Joseph: Law of diminishing returns...and also cost and effect ..
I shall not attempt to explain nor elaborate in case you think I am being disrespect. Also, hope I am not being unkind by not explaining/elaborating.
[2:30 pm, 21/01/2022] +Stella Yip: u dont need to explain anything
[2:30 pm, 21/01/2022] +Stella Yip: I am just providing feedback to Reach.
[2:32 pm, 21/01/2022] +Valli: Thanks for the info
Luckily I did not click on the link
[2:44 pm, 21/01/2022] +Joseph: If you haven't realised, this is a discussion forum.
If you want to only send feedback - and not risk someone else commenting about your comment - then I think the more appropriate/safer channel is π
https://www.reach.gov.sg/feedback#:~:text=If%20you%20have%20attachments%20for,you%20have%20submitted%20this%20form.
Don't worry, this link is legit, you can click on it....or..... π±
Whenever I post a comment in a groupchat/forum, I am prepared for disagreeements/feedback.. and even ridicule. Especially that last one... it is this, that makes me perform at least some basic factchecking before I blast a comment off. I still get a lot wrong. And I am thankful for anyone who corrects my mistake/misconceptions/misinterpretations etc. No hard feelings. I would rather be corrected early, than to go through life thinking I am right because I stop anyone from telling me otherwise.
Maybe that's why I never feel the need to copy and paste REACH forum Rule 1 as a response to anyone's comments.
[2:46 pm, 21/01/2022] +Rama: New year and we are behaving still like!?
[2:47 pm, 21/01/2022] +Stella Yip: then u should start reading properly, I never say "stop $ from flowing out of SG", I said "I wonder if the situation is considered drastic enough for MAS to implement currency controls like China. People cannot suka suka transfer SGD to other currencies in large amounts out of the country. As long as money stays in SG, our G will be able to retrieve the scammed money and therefore the general public will feel safer.
[2:48 pm, 21/01/2022] +Stella Yip: jumping to conclusion and making nasty remarks is not nice.
[2:49 pm, 21/01/2022] +Stella Yip: When Andrew does not agree with someone, he is nice about it. U might wanna learn from him
[2:52 pm, 21/01/2022] +Valli: Even India has restrictions in place
[2:52 pm, 21/01/2022] +Joseph: New Year .. so hoping to set the record straight.
I don't know any of you here.. so my comments are directed at the comment itself... but I see many people taking it personally when their "precious" comments/ideas are challenged/corrected.
Sure, sometimes I am intentionally sarcastic, but that is part of language no? How else to express disagreement and (sometimes) disgust? π
[2:53 pm, 21/01/2022] +Rama: π€¦♀️π€·♂️πππ
[2:54 pm, 21/01/2022] +Joseph: If you only want Andrew to respond to your comments, why don't you private chat him? π or maybe, suggest to REACH that we all need to take a questionnaire before being added into the chat? Only certain "approved types" can join in?
[2:56 pm, 21/01/2022] +Stella Yip: are u insisting on your own rules and refusing to accept:
House Rules (short version of our Terms of Use) to keep in mind:
1. Be kind and respectful. We all want to be in a safe space to share our views.
[2:56 pm, 21/01/2022] +Joseph: Sorry mate .. just clarifying that .. in case people don't realise yet.. I am not the kind who sugar-coat my words π
[2:57 pm, 21/01/2022] +Rama: It's OK for me
[2:59 pm, 21/01/2022] +Joseph: π
[2:59 pm, 21/01/2022] +Stella Yip: see? This is what makes Andrew a valued person in this group
[3:00 pm, 21/01/2022] +Stella Yip: Andrew is not a yes man, he can agree to disagree. And he is a kind and respectful person.
[3:00 pm, 21/01/2022] +Stella Yip: He observes House Rule #1.
[3:02 pm, 21/01/2022] +Stella Yip: He also does not twist the words of others.
[3:02 pm, 21/01/2022] +Joseph: Luckily i don’t need validation from anyone in order to live on π
[3:06 pm, 21/01/2022] +REACH: Dear Contributors,
Please be reminded to keep to the topic that is being discussed. We have had good feedback from this group, and we hope that we can keep the discussion robust and active!
Thank you!
Megan π
[3:09 pm, 21/01/2022] +Joseph: oh.. so we were only off topic π€
[3:12 pm, 21/01/2022] +Joseph: Are you suggesting that i am twisting your words? I am outraged π€… not ππ
[3:15 pm, 21/01/2022] +Rama: π±π¨π€£π π
[3:24 pm, 21/01/2022] +Joseph: Anyway, only you will know what you were really thinking when you made that statement. I am not here to prove anyone right or wrong, liar or not.
I saw, interpreted your comments and responded. I don’t need you/anyone to agree. Whenever i respond, i hope for 1 of 2 outcomes (1) the person relooks at what they said to check if their comment is still valid and/or (2) the person responds with something that makes me check my own understanding/facts.
No one has a monopoly on facts. Discussions where ideas/viewpoints are constantly challenged yield better outcomes than echo chambers.
[3:30 pm, 21/01/2022] ☸️ Danny εΏ:
Ok let us all take a break.
Count 10 deep breath.
And refocus on the topic.
[3:31 pm, 21/01/2022] +Rama: π΄☕π₯π½️π₯π°
[4:00 pm, 21/01/2022] ☸️ Danny εΏ:
Very curious.
Scamshield apps seems to be available in iOS but not Android phone.
Wonder will scamshield block off most phishing emails, SMS and malicious URL websites?
[4:07 pm, 21/01/2022] ☸️ Danny εΏ:
All organisations should adopt anti-SMS spoofing measures, say cyber-security experts.
https://www.straitstimes.com/tech/tech-news/all-organisations-should-adopt-anti-sms-spoofing-measures-say-cyber-security-experts
[4:07 pm, 21/01/2022] +Rama: Understand that scamshield app will appear for android sometime this year.
[4:09 pm, 21/01/2022] ☸️ Danny εΏ:
I see.
But it will only protect the mobile phone users on SMS and telephone call.
Data traffic like web link, email maybe not protected.
Also notebook and PC users also not protected.
[4:11 pm, 21/01/2022] +Rama: Details will be once its rolled out. I expect to be similar for IOS.
[4:11 pm, 21/01/2022] +Caleb: Hope Gov can give press release on how businesses can sign up
[4:13 pm, 21/01/2022] +SL: Isn’t the SMS spoofing a 2009 technique?
[4:16 pm, 21/01/2022] ☸️ Danny εΏ:
Last time, when Telco voice call network is a separate entity from internet - no hackers want to hack SMS.
The moment when 3G and 4G network is invented - that not only transmit voice, but also data, image and video - hackers suddenly become interested to hack the unprotected SMS because banks start to use it for SMS OTP banking.
[4:23 pm, 21/01/2022] +REACH: ➡️Singapore likely to see 'significant' Omicron wave, measures in place to cut risks
More: https://str.sg/wAS5
➡️Now is not the time to gamble and remove Covid-19 vaccination differentiation measures: Ong Ye Kung
More: https://str.sg/wASS
➡️Group size for CNY remains at 5 people, Omicron surge likely to continue into February
More: https://str.sg/wASc
➡️Youths aged 12 to 17 must take booster to be fully vaccinated from March 14
More: https://str.sg/wASN
➡️Daily testing regime for VTL travellers stopped, no more need to report ART results
More: https://str.sg/wASq
➡️Isolation period cut from 10 days to seven days for those fully vaccinated against Covid-19
More: https://str.sg/wAST
➡️Businesses must prepare for Omicron's impact on manpower and operations
More: https://str.sg/wASG
[4:35 pm, 21/01/2022] +SL: Curious that SMS protocol vulnerability was not being discussed and fixed worldwide
[4:36 pm, 21/01/2022] +REACH: ➡️ Visits to hospital wards, nursing homes suspended for 4 weeks amid Covid-19 Omicron surge
More: https://str.sg/wASW
➡️ New VTL testing rules, suspension of hospital visits: New Covid-19 rules at a glance
More: https://str.sg/wASA
[4:36 pm, 21/01/2022] +Caleb: Go where and register?
https://www.straitstimes.com/singapore/imda-urges-more-banks-to-sign-up-with-anti-sms-spoofing-registry-to-combat-scams
[4:37 pm, 21/01/2022] +Rama: What?! Analysts say customers should not expect banks to reimburse their money lost in a scam!
SINGAPORE — OCBC bank's move to fully reimburse all its customers who were victims of a recent SMS phishing scam should not set a precedent for the banking industry, professionals in business, law and cybersecurity sectors said.They suggested instead that banks and the authorities could work together to come up with broad guidelines that set out the specific situations or parameters where reimbursements should be given to scam victims.
https://news.nestia.com/detail_share/8236651?media_type=1&nestiaShareChannel=whatsapp
[4:40 pm, 21/01/2022] ☸️ Danny εΏ:
Unless the whole world throw away the ss7 Telco network and develop a new one - as the ss7 protocol is vulnerable.
Some Telco invented the VoIP using SIP and H.320 and H.323 protocol - riding on IP network.
They introduced encryption and authentication like in IP network.
But the world Telco did not pick it up in a big way.
[4:41 pm, 21/01/2022] +BL: Perhaps the Analysts should focus on helping banks to fix things on their side before making the victims feel bad and uneasy?
[4:42 pm, 21/01/2022] +Rama: Good point
[4:45 pm, 21/01/2022] +SL: Ss7 protocol is without encryption, integrity validation, etc. Agree with you that too many telcos @ globe are not able to upgrade to a newer protocol
[4:46 pm, 21/01/2022] ☸️ Danny εΏ:
Just like oil company won't throw away oil and start to sell solar panels.
[4:51 pm, 21/01/2022] +Dan: The message is targeted at the scammers instead of the victims. Scammers should know that there are preying on people and cannot expect banks to bail them out all the time.
[4:52 pm, 21/01/2022] +Rama: Yes
[4:56 pm, 21/01/2022] ☸️ Danny εΏ:
Eg. Zoom, Skype and other video conferencing system are using SIP, h.320, h.323 IP network.
Cisco, avaya, etc are using VoIP - SIP IP network.
But they are all big organisation.
Public like us use ss7 Telco network.
Cheap mah.
[5:00 pm, 21/01/2022] ☸️ Danny εΏ:
Omicron taking over Delta liao.
[5:14 pm, 21/01/2022] +Joseph: Lets not forget that the last step in the scam, is the enduser clicking on the link and providing the necessary information to login and steal the money.
It has to be a shared responsibility. If the onus/burden is placed only on 1 party and not the other, no amount of rules/safeguards will be enough to prevent another hack.
Making the banks solely responsible for the fraud will encourage and lead to the proliferation of moral hazard.
[5:16 pm, 21/01/2022] ☸️ Danny εΏ:
Everyone must play their parts.
Cannot be one party take all precaution but users keep making mistake.
[5:20 pm, 21/01/2022] +Joseph: i have witnessed how an act of goodwill from a corporation - making good on a financial loss that a consumer incurred due to the consumer's own fault - open the floodgates to frivolous lawsuits on all kinds of unreasonable claims based on precedent.
In the end, its not just the corporation that pays the price, but the consumers at large, because Corporations will be forced to institute more safeguards at ever increasing costs which eventually gets transferred to the end cleints/users in the form of higher charges.
Better protection through Deposit insurance or similar saefty nets? Sure.. the banks will have to pay higher premiums to insurers providing the cover, and that, in turn, will be recovered from consumers through higher bank charges.
[5:21 pm, 21/01/2022] ☸️ Danny εΏ:
Agree.
[5:24 pm, 21/01/2022] +Joseph: Why are our Deposits only insured up to 50k? Why is deposit/savings rate so low? Why not insure the full amount? Will we be willing to PAY the bank a fixed rate to hold on to our money (safekeeping service)?
[5:28 pm, 21/01/2022] +65 9818 1463: Can bank discontinue the use of paywave feature in our ATM, debit and credit card as once you loss your card, anybody who pick up can just use it !!! Tap and go at the merchants outlet without checking the ownership of the card until one reported the lost !!!!
[5:30 pm, 21/01/2022] +Caleb: Customers can disable the paywave function by informing their banks
[5:30 pm, 21/01/2022] +Rama: Agree
[5:31 pm, 21/01/2022] +Rama: Got to relook goodwill gesture
[5:31 pm, 21/01/2022] +Rama: I believe it is being considered to be raised in due course
[5:32 pm, 21/01/2022] +Rama: Worth considering
[5:33 pm, 21/01/2022] +Caleb: ART still a bit expensive, hope the price can even go downwards
https://fb.watch/aGdQSMK532/
[5:36 pm, 21/01/2022] +Rama: Possibly to max at sgd3
[5:40 pm, 21/01/2022] +Caleb: +1
[5:43 pm, 21/01/2022] +REACH: ➡️ Children aged below 12 starting to make up the majority of Covid-19 cases admitted into hospitals
More: https://str.sg/wASH
➡️ MOH to stop differentiating between Omicron and non-Omicron cases in daily Covid-19 reports
More: https://str.sg/wASh
[5:43 pm, 21/01/2022] +Caleb: Only six organisations registered with it. π
https://www.straitstimes.com/tech/tech-news/all-government-agencies-to-be-on-anti-sms-spoofing-registry?utm_medium=social&utm_source=telegram&utm_campaign=sttg
[5:56 pm, 21/01/2022] +REACH: ➡️ All government agencies to be on anti-SMS spoofing registry after spate of scams
More: https://str.sg/wATk
➡️ OCBC introduces new security measures, including lower default PayNow amounts
More: https://str.sg/wATT
[5:59 pm, 21/01/2022] +Joseph: Actually having experienced first hand an entire household coming down with CV19, my take is that the ART test kit and process is NOT a suitable tool for preventing spread. In fact, it may be the cause. Let me explain why.
When the member in my household started to exhibit flu-like symptoms, the person immediately did an ART test. It turned out NEGATIVE. The test was repeated the (within) every 24hr period (as prescribed). Although the symptoms escalated within the first 48hrs, the first 2 tests were NEGATIVE.
It was only on the 3rd day that the ART registered POSITIVE,
So, the problem with this is:
- Quite obviously, the person was already infectious when symptoms first presented, but the ART was still NEGATIVE during the initial 48 hrs. We know this because every member within my household, gradually - over the next few days - got infected despite our best efforts to isolate and segregate the moment the first POSITIVE ART test was registered.
The chronology was similar for all of us - mild symptoms (scratchy throat, mild fever, slight dry cough) started presenting within 48hr after last contact with confirmed case... BUT ART was negative for next 48-72hrs. Of course by now, we are aware that presenting mild flu-like symptoms + negative ART + last contact with confirmed case within 48hr period = most likely will test ART +ve within next 48hrs + already infectious and spreading the virus. So, from the 2nd member onwards, we started to isolate/segregate further.
So, the problem with the current protocol of "Negative ART result is good for 24hrs" is clearly giving everyone a false sense of security/safety which in fact may be the cause of a sudden wave of infections because people who are infections but ART -ve are unknowingly spreading the virus by being out and about (which the protocol allows).
[6:03 pm, 21/01/2022] +Smiley face: https://youtu.be/bnMMYJKZvnU
[6:04 pm, 21/01/2022] +Caleb: Maybe we got to learn once not well to onself isolation. Regardless is it covid or cold or other virus
[6:04 pm, 21/01/2022] +Joseph: So, once we have established that the ART may be too slow to detect and prevent spread, maybe we can switch back to simple common sense - the moment you feel unwell/off, isolate/segregate. THEN arrange with a G/MOH approved clinic (costs covered by G/MOH) to see the doctor. He/She will decide whether to perform an ART or PCR test.
Once the test is conclusively positive, MOH will notify the patient via SMS with instructions to list household members/close contacts.
Everyone on that list, will be eligible to collect free ART test kits - no need to buy yourself.
But remember.. exercise common sense and err on the side of caution .. if feeling unwell, immediately self isolate first.
[6:05 pm, 21/01/2022] +BL: Friends were paying $150 in the US due to shortages!
[6:05 pm, 21/01/2022] +BL: Good example of why education is needed.
[6:06 pm, 21/01/2022] +Joseph: yup... that is the main take-away
[6:06 pm, 21/01/2022] +BL: π
[6:16 pm, 21/01/2022] +Rama: π±π³π¨π€¦♀️πππ
[6:17 pm, 21/01/2022] +BL: Yes that's a real scam. People who needed the test to catch a flight had to pay crazy money... that's Capitalist America for you!
[6:44 pm, 21/01/2022] +REACH: Dear Contributors,
It is everyone’s responsibility to make this online space a safe and conducive one for all contributors to share your views and feedback on national issues. Please be reminded of the Terms of Use: https://go.gov.sg/reach-whatsapp-terms
Thank you.
Megan
[6:48 pm, 21/01/2022] +REACH: Dear Contributors,
⏰ We will be closing the chat in 15 minutes ⏰
Thank you very much for being part of our WhatsApp chat and participating actively.
Goodnight!
Megan
[6:48 pm, 21/01/2022] +Rama: No doubt
[6:58 pm, 21/01/2022] +Smiley face: 21 January, 2022
To: Distinguished MTF and All Honorable Members
"From The Extremists To The Outliers - How nations play this pest control game? "
"At the end of the day, is about headcount..."
- - anonymous
China ?
In extreme, China 0 covid strategy, it has capacity to master thousands of resources and millions of test kits, nimble the O down to 0!
Many Nations ?
So what's the middle path?
The world is dealing with one big variable that is a quick, cunning and evolving virus (pest) , that itself is a catch-22!
To chase this pest, one has to have mighty stamina, big heart and great wit just to run "on par" with it? To win this pest race, perhaps a wishful thinker will think so, for history have proven that pest of these sorts are hard to defeat, at best to kick it to a corner?
A country partially open and the other half closed? What will other countries/global villagers perceive these midway strategies? Will it be viewed as smart, optimistic or cautiously optimistic towards these displays of the reality show, these case daily lives of a modern city.
For the proper function of a typical daily normal living (rural village to mega city) can be defined as all most FREE from all inconveniences. How much one can stomach a blow or in multiple punches? These punches perhaps can meant as one's capacity to withstand these blows given a fix time line. No path is safe, these instances being an extremist or sitting on the fence or standing outside the fence, the later will at most be seen to be a safe bet for winner or loser, big or small, time will tell!
Brazil ?
This mambo jumbo, its President even encouraged natural infections to ride out the covid wave?
South Africa ?
Perhaps an outlier, self declaring the end of the O, thousands strolling, suntanning along sandy beaches and drinking cocktails!
Afterwords:
The metaphoric game of an American/ European/Asian roulette -
All players gather, eyeball and spread his/her wagers (from 1 chip to high stack of chips; side bets allowed) of up to 20% positions on the table and forgo his/her lucky hand on the 80% most unlikely to win at the same time the probabilities of the number 0 for a freak outcome which yield 35 times payout!
In a zero sum game experiment, a player could placed all his/her chips and spread across 50% in various bet configurations, the outcome will be a net lost after minus his initial wagers. In worse case this player will walk away from the table empty pocket.
What it takes to win? Smart, timing & frequency, positioning, risk taking, good maths, forecasting or pure luck to beat this roulette game coming out as one of the winners?
How about being an extreme player (seasoned & old hands θζ) or follow (mitigator ηΌθ§£) that "lucky" few or abstain (beginners εε¦) for a few rounds?
How about scaling up to hundreds of roulette tables? This scale up model can be applied to a country's segment of economy and also competitive nations at large. What's the dynamics and outcomes? What's the profile of of each loser and the stakes? How about that few winners and their formula in gaming it?
ONE big variable risk is zero, few winners and many walked away pockets emptied?
(Disclaimer - Not promoting the game of chance and do not gamble! )
News:
https://youtu.be/bnMMYJKZvnU
https://youtu.be/CxF9HrG9Jzs
https://www.straitstimes.com/singapore/1448-new-covid-19-cases-in-spore-infection-growth-rate-rises-to-176
https://www.straitstimes.com/singapore/health/no-serious-adverse-events-associated-with-covid-19-vaccine-reported-for-children-between-5-to-11-years-old
https://youtu.be/r9iiQKhnj1Q
https://sg.news.yahoo.com/chinas-covid-scare-over-post-171148761.html
https://www.thelancet.com/journals/lancet/article/PIIS0140-6736(22)00090-3/fulltext
https://twitter.com/bmj_latest/status/1483086712532348931?s=20
https://www.cnbc.com/2022/01/10/covid-vaccine-pfizer-ceo-says-omicron-vaccine-will-be-ready-in-march.html
https://www.businesstimes.com.sg/companies-markets/cruise-operator-genting-hong-kong-files-to-wind-up-company
[6:59 pm, 21/01/2022] +REACH: Dear Contributors,
We will be closing the chat for today.
Thank you very much for being part of our WhatsApp chat and participating actively.
Goodnight!
Megan π
======
No comments:
Post a Comment