REACH 423 - What are your views on the anti-scam measures introduced by IMDA? How can we better safeguard ourselves against potential scams?
(SK)
30 Jan 2023 (10am - 7pm)
REACH
[9:45 am, 30/01/2023] +REACH: Dear contributors,
Welcome back! π
⏰ We will be opening the chat from 10am to 7pm today. ⏰
House Rules (short version of our Terms of Use) to keep in mind:
1. Be kind and respectful. We all want to be in a safe space to share our views.
2. Any and all threatening, abusive, vulgar or racially, religiously and ethnically objectionable content is prohibited.
3. Consider the quiet ones among us and give them a chance to comment.
4. No need to repeat your comment or in different forms (including caps) - we heard you loud and clear the first time.
5. Let’s protect each other’s privacy and keep contact details in this group what it should always be - confidential.
6. Refrain from posting non-English comments and content (e.g videos, articles)
Full set of Terms of Use: https://go.gov.sg/reach-whatsapp-terms
We will strive to uphold these rules to ensure this is a safe space for all.
Please be assured that the points made by participants during the chat are aggregated and shared with relevant agencies.
The topic will be posted shortly.
Thank you
Megan π
[10:00 am, 30/01/2023] +REACH: π’ Topic π’
As part of the ongoing measures to combat scams, the Infocomm Media Development Authority (IMDA) has announced that messages from organisations that have not registered with the Singapore SMS Sender ID Registry (SSIR) will be labelled “likely scam” from Jan 31.
Despite the new measures, IMDA reminded the public to remain vigilant as scammers will continue to change and adapt their tactics to lure potential victims.
π¬ * What are your views on the anti-scam measures introduced by IMDA? How can we better safeguard ourselves against potential scams? *
Organisations that wish to send SMS messages with alphanumeric Sender IDs must register their sender IDs with the SSIR. Recipients of SMS messages from organisations that have not signed up with a registry by IMDA will see the text messages labelled as “likely scam” from Jan 31. “This registration is to better protect consumers against non-registered SMSes that may be scams,” said IMDA. As of January, more than 1200 organisations – including financial institutions, e-commerce operators, logistics providers, and small and medium-sized enterprises – have registered.
These new measures form a part of an ongoing multi-layered approach to combat scams. IMDA added that local telecom operators such as Singtel, Starhub and M1 have already implemented SMS anti-scam filtering solutions within their mobile networks.
π [ST]SMSes from organisations not registered with IMDA to be labelled ‘likely scam’ from Jan 31 : https://bit.ly/3jl3rE2
π [CNA]SMSes from organisations not in central registry to be labelled as ‘likely scam’ from Jan 31: https://bit.ly/3Y5rN3z
π [IMDA] Full SMS Sender ID Registration to be required by January 2023: https://bit.ly/40oD3Kv
π [ST]Retirement plans for cleaner who fell for impersonation scam put on hold: https://bit.ly/3wBCm2q
π [ST]When accessing free Wi-Fi could lead you to lose life savings to scammers: https://bit.ly/3He3PMJ
----
[10:17 am, 30/01/2023] +Kenneth Lee WM: I think IMDA should set up a team to actually follow up reported scams, pretend to become scam victim, find out who the perpetrator is and bring the person to face the law. Right now it seems that majority of reported scams are just filed up to produce statistics.
Couple of years ago, my company was sent scam email msgs to the accounts dept pretending to be the CFO asking for money to be transferred to a bank account. I made a police report and even provided the bank account. I was told that most likely it was outside Singapore's jurisdiction and they cannot enlist interpol to assist as "no one died" and "no money has been exchanged". The report was then filed away. Wasted my time and effort.
Now, I just delete and dont bother reporting because I'm not confident that anything is going to be done or can be done.
[10:23 am, 30/01/2023] +Grace: I think this is an overkill
[10:23 am, 30/01/2023] +Grace: Scammers will just find another way
[10:23 am, 30/01/2023] +Grace: We will just need to be more alert and mindful
[10:24 am, 30/01/2023] +Uncle Law: Biz whether big or small should comply with IMDA in registering their biz ID so that consumers will know if it is a scam.
Biz should also ensure good practice on pdpa, so as to prevent our data from being leaked out.
[10:24 am, 30/01/2023] +L: Good - every step helps and makes it more difficult for scammers. Good to see this measure.
[10:37 am, 30/01/2023] +Rama: The issue of outside our jurisdiction is a major headache!
[10:43 am, 30/01/2023] +Singapore Maid Agency: Agreed, me too, it was like a love scam and I reported to police and had a callback within the day.
However, was told we are not being scam and no loss hence no action will be taken. The “Law” have to be upgraded that even such message will be an infringement of “LAW” and not till “someone got scam or till incident happens” then take action. This will cut/reduce more people from being scamπ
Even PHD can get scam so surprisingly!!! PREVENTION IS BETTER THAN CURE π
[10:45 am, 30/01/2023] +Rama: A retired female Chinese journalist got scammed of sgd3M and end up selling two properties to pay off loan shark debt!
[10:45 am, 30/01/2023] +Rama: Not to mention lawyer and financial consultant!
[11:08 am, 30/01/2023] +Kenneth Lee WM: >However, was told we are not being scam and no loss hence no action will be taken.
This is the crux of the problem and why scammers are having a free reign here.
Couple of years ago, living on the ground floor condo, killer litter has been a common problem. When someone threw a vacuum cleaner head down into my garden I made a police report. They mentioned that because no one was hurt, they couldn't do anything and proceeded to just file the report. I asked them can't they use the evidence in hand and start the investigation of who threw the vacuum cleaner head? They repeated no one was hurt. I said, so I have to wait until I get injured before they will take action? What about being pro-active and doing something like educating the neighbours upstair…
[11:11 am, 30/01/2023] +Kenneth Lee WM: Follow the money ....
[11:14 am, 30/01/2023] +Kenneth Lee WM: I'd be happy to volunteer my time to be in that team.
[11:15 am, 30/01/2023] +Rama: Great
[11:16 am, 30/01/2023] +Rama: That's the trouble with our laws!
[11:20 am, 30/01/2023] +AdMinister: There are numeorus way professional hacker who basically expert about law, that able to hack us in any method. (in my case a lawyer hacked mine to lead offence and to win his case, intrusion by using open wifi and eSims. I am glad my voice was heard at police and court that favour is on me. Just imagine those who are not aware or not IT savvy. Please beware. I have no trust on IT anymore.
[0:25 pm, 30/01/2023] +Shobith: All steps taken by IMDA to tackle current and developing scams are welcome.. it would certainly help..
[1:50 pm, 30/01/2023] ☸️ Danny εΏ:
I will liken the current Government strategies of engaging public to fight scam as "BAR".
B = Block (or Filter)
A = Avoid Bait
R = Report Scam
And I will rate these anti-scam strategies as relatively effective and efficient exploiting communication tools to achieve the anti-scam objectives.
1. (B)lock
a. By inducing organisations to register with SSIR, only legitimate organisations can send official or commercial SMS to the public - and this will effectively block or filter illegitimate people or organisations or hackers from sending SMS to the public --- effectively blocking and filtering likely phishing links, scam messages or scam contact to the public.
b. Public who have downloaded ScamShield (Android or ioS) - will be another very effective tools to filter out likely scam calls and scam SMS - as it is a central national database that sieve out such calls and messages.
To make the ScamShield watertight, public who still received scam calls and scam SMS should report them to the ScamShield - so that the database will be keep up to date to keep out new scam calls or messages ---- so that other public members will be protected.
I guess ScamShield are aided by AI machine learning to be able to intelligently identify likely scam calls and messages to block, filter and provide intelligent information to the anti-Scam units to conduct investigation and take actions when concrete leads are established.
c. Both of this "Block" strategies have greatly reduced the scam calls and messages - that have landed on the public smartphones especially those who have installed "ScamShield".
2. (A)void Bait
a. Education will be the best way for public to avoid bait - by not clicking on investment sites that look incredulously lucrative, jobs that look suspicious, online betting, casino, suspicious friends messages or calls, scan suspicious QR codes etc.
b. By avoiding Bait, public won't be scam as long as public don't bite the bait.
c. Always double, triple confirm from official sources - to ascertain any calls or messages received are legitimate.
d. Anything that do with surrendering bank credentials, money, offering personal information etc --- should send an alarm bell ---- and we should cut off contacts immediately.
3. (R)eport
a. Report all scam calls or messages - through the ScamShield - so that an updated ScamShield database will help the Authority to filter out latest scam sources, provide leads to help Authority to investigate and establish identlity and sources of scammers - so that appropriate actions can be taken; train the AI model to be more and more intelligent - so that scammers will not be given any chances to reach the public.
So far, I think the Government has done relatively well in these 3 areas.
But our public also need to wise up - as only joint effort can be effective - if public does not fall into the bait.
[2:04 pm, 30/01/2023] +REACH: π’ Topic π’
As part of the ongoing measures to combat scams, the Infocomm Media Development Authority (IMDA) has announced that messages from organisations that have not registered with the Singapore SMS Sender ID Registry (SSIR) will be labelled “likely scam” from Jan 31.
Despite the new measures, IMDA reminded the public to remain vigilant as scammers will continue to change and adapt their tactics to lure potential victims.
π¬ * What are your views on the anti-scam measures introduced by IMDA? How can we better safeguard ourselves against potential scams? *
Organisations that wish to send SMS messages with alphanumeric Sender IDs must register their sender IDs with the SSIR. Recipients of SMS messages from organisations that have not signed …
[2:09 pm, 30/01/2023] ☸️ Danny εΏ:
1. However, I noticed that are still some loopholes that the current SSIR and ScamShield have not addressed :-
a. WhatsApp, Telegram messages
b. Email
c. QR codes
2. I understand the above come from the "data" network and not from the "voice" network - in which both SSIR and ScamShield - can engage our Telcos to filter out the scam calls and scam messages.
3. The above scam messages source come in through the internet which are IP-based - in which a totally different set of anti-scam tools will be needed.
4. What are needed will be IP tools such as :-
a. Firewall
b. IDS or IPS (Intrusion Detection or Prevention System)
c. Content Filtering
d. Proxy
e. assisted by AI based tools
5. However, the above communication tools used by scammers provide a big hurdle :-
eg. WhatsApp have end-to-end encryption using signal protocol encryption with strong keys.
Telegrams also have end-to-end encryption.
Unless the above IP tools are able to decrypt, filter out the scam messages before reaching the public, blocking and filtering scam messages from WhatsApp and Telegrams will be an extremely difficult task - without the help from WhatsApp and Telegram administrator.
6. Most open public emails such as Yahoo, Gmail, etc are unsecured.
It is possible for the above tools to do deep packet inspection or content inspection, filter it, block it before it landed on the public devices.
But secured emails with encryption will not be possible.
[2:19 pm, 30/01/2023] ☸️ Danny εΏ:
For public, anything coming from WhatsApp, telegram or email - especially from strangers - don't trust.
Ignore.
Then public won't be bait.
[2:27 pm, 30/01/2023] ☸️ Danny εΏ:
Of course, there is also another way.
[2:34 pm, 30/01/2023] ☸️ Danny εΏ:
Eg. Of WhatsApp job scam.
Protected by end to end encryption.
[2:42 pm, 30/01/2023] ☸️ Danny εΏ:
Need to "P" out such scam messages from WhatsApp, telegram or email.
[3:17 pm, 30/01/2023] +Jimmy Chew: I love government tag lines and acronyms, like BLOCK, BAR, got your shots, etc. show their ingenuity in the civil service.
[3:20 pm, 30/01/2023] ☸️ Danny εΏ:
Er...
That's not the government tagline.
I use my taglines to describe government anti-scam strategy.
[3:21 pm, 30/01/2023] +Jimmy Chew: oh, haha
[3:23 pm, 30/01/2023] +Smiley face: "One final word, do we need to collaborate with the TRUSTED BEST to learn, to exchange " intell and to proactively update our security dynamic data systems?"
- - anonymity
[3:24 pm, 30/01/2023] ☸️ Danny εΏ:
Data network is currently the missing piece.
[3:24 pm, 30/01/2023] +Smiley face: Additional readings:
"Machine Platform Crowd"
- - Andrew McAfee / Erik Brynjolfsson
Code Breakers
- - Walter Isaacson
The code Breakers
- - David Kahn
Human + Machine
- - Daugherty / Wilson
The Bitcoin Standard
- - Saiffdean Ammous
The Digital Matrix
- - Venkatraman
The Q-Loop
- - Brian Klapper
Bank 4.0
- - Brett King
The Pentagon's Brain
- - Annie Jacobsen
Fortress Israel
- - Patrick Tyler
Decoding Boys
- - Dr Cara Natterson
[3:32 pm, 30/01/2023] ☸️ Danny εΏ:
Oh forgot to mention another thing.
Scammers also used video conferencing to communicate with scam victims.
Must also able to do deep inspection into video conferencing content which is also encrypted end to end.
Notably, video conferencing system use SIP protocol or H.232 protocols.
[3:33 pm, 30/01/2023] +Smiley face: "An aspiring young Olympian training hard in hopes to stand sooner on the world podium, that's an inspiration! However in the 'dog eat dogs' world, you must be up to speed (skills & structures) to enable the punches and surprises of all competitions! Any forms of 'masak-campur' will yield no way and worse get decimated?"
- - anonymity
[3:39 pm, 30/01/2023] +Rama: Yup
[3:45 pm, 30/01/2023] +Smiley face: Hi Andrew!
[3:45 pm, 30/01/2023] +Rama: Good wet afternoon
[4:03 pm, 30/01/2023] +REACH: π’ Topic π’
As part of the ongoing measures to combat scams, the Infocomm Media Development Authority (IMDA) has announced that messages from organisations that have not registered with the Singapore SMS Sender ID Registry (SSIR) will be labelled “likely scam” from Jan 31.
Despite the new measures, IMDA reminded the public to remain vigilant as scammers will continue to change and adapt their tactics to lure potential victims.
π¬ What are your views on the anti-scam measures introduced by IMDA? How can we better safeguard ourselves against potential scams?
Organisations that wish to send SMS messages with alphanumeric Sender IDs must register their sender IDs with the SSIR. Recipients of SMS messages from organisations that have not signed up with a r…
[4:32 pm, 30/01/2023] +RH: π Sadly, we humans r 'predictable' creatures ... Be it curiosity, over confidence or pure ignorance ... there wud always be some victim
[4:33 pm, 30/01/2023] +Rama: True
[4:35 pm, 30/01/2023] +RH: 1. 'common sense' not so common ... Lol ... Alarm bells dun ring ... π 2. Not everyone is tech savvy. Not everyone can be bothered to report, for diff reasons...
[4:37 pm, 30/01/2023] +RH: Education is the key. However, not everyone is interested nor wants to learn , again for various reasons ...
[4:45 pm, 30/01/2023] +Rama: True
[4:47 pm, 30/01/2023] +Smiley face: 30 January, 2023
"Years (months) ago, when you build your home from scratch, your architect, your suppliers, your contractors, the workers, the passersby and the nosy neighbors all know the layout... trespassed - is an open secret?"
- - anonymity
Just In Case & Self Vigilant?
To our Seniors, don't answer phone call from numbers you don't know? Is it a life and death call?
To all Internet banking customers, make a printed copy from the monthly e-statement sent by your bank, especially people with more than 2 accounts. Just in case comes one day the digital banking systems crack?
- - in progress - -
[5:19 pm, 30/01/2023] ☸️ Danny εΏ: https://www.straitstimes.com/singapore/when-accessing-free-wi-fi-could-lead-you-to-lose-life-savings-to-scammers When accessing free Wi-Fi could lead you to lose life savings to scammers.
[5:24 pm, 30/01/2023] ☸️ Danny εΏ:
"Cybercriminals are altering QR codes — How to avoid getting scammed"
https://sg.yahoo.com/finance/news/how-to-stay-safe-while-using-qr-codes-200405170.html#:~:text=Cybercriminals%20are%20altering%20QR%20codes%20%E2%80%94%20How%20to%20avoid%20getting%20scammed
[5:24 pm, 30/01/2023] ☸️ Danny εΏ: https://www.straitstimes.com/opinion/forum/forum-ordering-with-qr-codes-at-eateries-can-be-exploited
Ordering with QR codes at eateries can be exploited and scam.
[5:25 pm, 30/01/2023] ☸️ Danny εΏ:
Experts: Never scan a QR code sent to you.
Beware of scam.
https://www.asiaone.com/digital/experts-never-scan-qr-code-sent-you
[5:25 pm, 30/01/2023] ☸️ Danny εΏ:
Police warn against scanning of Singpass QR codes sent via SMS, WhatsApp.
https://www.tnp.sg/news/singapore/police-warn-against-scanning-qr-codes-sent-sms-whatsapp
[5:45 pm, 30/01/2023] ☸️ Danny εΏ:
My close friend comments:
Qr code is equivalent of internet link.
My comments:
Yes.
Currently ScamShield don't block.
That's why I bring up to REACH that the data network piece is missing.
[6:02 pm, 30/01/2023] +REACH: π’ Topic π’
As part of the ongoing measures to combat scams, the Infocomm Media Development Authority (IMDA) has announced that messages from organisations that have not registered with the Singapore SMS Sender ID Registry (SSIR) will be labelled “likely scam” from Jan 31.
Despite the new measures, IMDA reminded the public to remain vigilant as scammers will continue to change and adapt their tactics to lure potential victims.
π¬ * What are your views on the anti-scam measures introduced by IMDA? How can we better safeguard ourselves against potential scams? *
Organisations that wish to send SMS messages with alphanumeric Sender IDs must register their sender IDs with the SSIR. Recipients of SMS messages from organisations that have not signed up with…
[6:46 pm, 30/01/2023] +REACH: Dear Contributors,
⏰ We will be closing the chat in 15 minutes ⏰
Thank you very much for being part of our WhatsApp chat and participating actively.
Goodnight!
Megan π
[6:55 pm, 30/01/2023] ☸️ Danny εΏ:
All reported cases, including police reported cases are feedback to the anti-scam unit.
1. Information gather such as scammers phone number, URL phishing link, date and time stamp, scam messages etc - are feed into the anti-scam database so that:-
1. AI model can be trained.
2. Data analytics can be done.
3. Network route can be trace and track.
4. Data forensics and fingerprinting can be done.
I believe it is not nothing is done upon report.
The backend work to be done are humongous - to catch the big whale and sharks.
Not to catch the small fry and shrimp.
Recent many scam crack down locally and overseas are a result of such efforts.
[6:57 pm, 30/01/2023] ☸️ Danny εΏ:
Because the number of devices, software, logs etc to be correlated and compiled to establish a big scam picture is humongous.
[6:59 pm, 30/01/2023] +Smiley face: 30 January, 2023
To: Our Distinguished Leaders, Cyber Experts and All Honorable Members
Modus Operandi (MO)?
Before we start our ambitions of digitising the entire nation or the whole organisation, there are important milestones to achieve that's called the "modus operandi"!
"Digits can be conquered than human to human, the entry only needs one key...?"
- - anonymity
[6:59 pm, 30/01/2023] +Smiley face: What is this MO about?
Welcome to the world of spies and intelligence services, they trade horses in exchange for other "favors". That's how complex this cyber world was, now and the future will be even more efficient too! It is not simple!
Internally, do we fully understand these hackers organized, their means and tools in obtaining vital personal data and the multiple gateways of entering (traces) into the clouds and /or simply starts hacking?
How about black mailing or "co-opting" staff from strategic entities within key organisations (private) to key public offices?
What are the past experiences from millions of dollars scam out of individual bank accounts and how about our CPF accounts (hope not)? What's the common path of break-ins for these highly smart hackers? We are not referring to those "love" crimes nor "shopping" scams, these are small timers. More sophisticated hackers will go for bigger and valuable tangibles in exchange for other interests. It is a global horse tradings of data for money or for access to other domains that are economically accountable and of national strategic interests. An example of a defence domain is a submarine unit or a drone unit. The future wars will be fought via the Space, Cyber and integrated with the Air, Sea and Land forces, that's dimensional!
Where are the cyber loopholes aka "lobangs"?
From your WhatsApp chats, your internet banking accounts, your previous vacations, your emails, your utilities payments, your engagements with the public office and more, all of these are gateways for hackers to reach out and swam to bookmark in digital form and can be resold to other groups for their intended uses! Simply to say, the entire cyber and cloud is the BIG hole, unless otherwise, our digital protocols may include facial and/or thumb recognitions. Perhaps, these hackers are unstoppable because there will always be one loophole to enter and transact!
So how to begin the beguine?
Key areas are banking, shopping and public services. These three big providers of services and goods must DESIGN a common layered security platform so much so to the extend of STANDARDIZING critical information policing through AI without third party especially not to "outsource" in parts or "friend source" in small portions these highly strategic data assets! All these security measures are temporary fencing because it will be hacked in just a matter of time and/or the ripe timing (embedded)! High flow of data and low volume both have vulnerable spots in the information highways.
One exception to prevent hacking is a super computer using the thinnest micro processors coupled with a highly sophiscated and unique machine "language" which the Chinese, the Russians, the Israelis and the Americans are currently driving their national securities from tradings to sensitive documents all secured in these deep "freezers" not in the clouds! Cloud computing can be simulated as well as easily compromised with breachable key attributes aka codes!
"It all started with a person or a group of people, no magic wane...!"
- - anonymity
How the hack did the codebreakers broke the Nazi codes? That's a good learning point to begin understanding how to BREAK before you start to SECURE your strategic cyber spaces from the private enterprises to the highly sensitive national information?
One final word, do we need to collaborate with the BEST (Denmark) to learn, to exchange infor and to proactively updating our dynamic data systems?
- - in progress - -
[7:00 pm, 30/01/2023] +REACH: Dear Contributors,
We will be closing the chat for today.
Thank you very much for being part of our WhatsApp chat and participating actively.
Goodnight!
Megan π
=====
No comments:
Post a Comment