Babe Blog - Insights on News Events

REACH 454 - What are your views on the new proposed laws to better tackle scams and clamp down on money mules who sell Singpass data to scammers?

(SK)

10 May 2023 (10am - 7pm)

REACH

[10:20 am, 10/05/2023] +REACH: Dear Contributors,

Welcome back! 😊

⏰ We will be opening the chat from 10.30am to 7pm today. ⏰

House Rules (short version of our Terms of Use) to keep in mind:

1. Be kind and respectful. We all want to be in a safe space to share our views.

2. Any and all threatening, abusive, vulgar or racially, religiously and ethnically objectionable content is prohibited.

3. Consider the quiet ones among us and give them a chance to comment.

4. No need to repeat your comment or in different forms (including caps) - we heard you loud and clear the first time.

5. Let’s protect each other’s privacy and keep contact details in this group what it should always be - confidential.

Full set of Terms of Use: https://go.gov.sg/reach-whatsapp-terms

We will strive to uphold these rules to ensure this is a safe space for all.

Please be assured that the points made by participants during the chat are aggregated and shared with relevant agencies.

The topic will be posted shortly.

Thank you

Megan 😊

[10:30 am, 10/05/2023] +REACH: 📢 Topic 📢

What are your views on the new proposed laws to better tackle scams and clamp down on money mules who sell Singpass data to scammers?

Yesterday (9 May), the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) (Amendment) Bill and Computer Misuse (Amendment) Bill was tabled in Parliament for its second reading. It aims to empowers the police to act against money mules who hand over control of their payment accounts or Singpass credentials to criminals, or who abuse them to receive or transfer money for criminals. Under the bill, new provisions will also be added to introduce the offences of rash and negligent money laundering.

Speaking in Parliament, second Minister for Home Affairs Josephine Teo said that the number of scams in Singapore has increased sharply. She added that the Police reported over 31,000 scam cases in 2022, more than a five-fold increase since 2018. With the launch of ScamShield app in November 2020, more than 7.4 million SMSes that are suspected to be part of a scam have been filtered out.

Minister Teo also said that between 2020 and 2022, scammers exploited more than 38,000 bank accounts to launder their proceeds from local victims. Over the same period, more than 19,000 money mules were investigated by the Police. She added that while there were around 120 money mules suspected of helping scammers in the phishing scams targeting OCBC Bank customers from December 2021 to January 2022, only nine could be charged because of limitations in the law.

Minister Teo said the government will step up its efforts in areas such as education and preventing scammers from reaching victims as well as detecting scams and enforcement.

📌 New laws passed to give police more powers to prosecute money mules, those who sell Singpass details to scammers

https://www.channelnewsasia.com/singapore/new-laws-police-powers-prosecute-money-mules-sellers-singpass-details-scammers-3474996

📌 Tougher laws passed to clamp down on money mules, sale of Singpass and bank accounts

https://str.sg/iorj

-----

[10:48 am, 10/05/2023] +Smiley face: "hanging a sheep's head and selling dog meat"(挂羊头卖狗肉)

- - folklore

[11:05 am, 10/05/2023] +Frankie Wee: Is there a QR when don’t know scam it and open SingPass

[11:05 am, 10/05/2023] +Frankie Wee: Why don’t remove QR

[11:06 am, 10/05/2023] +Ken: Have 2 step

[11:06 am, 10/05/2023] +Ken: Even scan you need to approve

[11:07 am, 10/05/2023] +Frankie Wee: Too risk approve, when they don’t know this from scam.

Played by fooled

[11:09 am, 10/05/2023] +Ken: Convenient then you remove then how to use? Lol

Remove cause for risk is not the way 😂

[11:10 am, 10/05/2023] +Ken: For those that need those information need to have a opt in system for them to register.

In order for them to have API linkage to SingPass

[11:10 am, 10/05/2023] +Ken: Not that hard I think

[11:10 am, 10/05/2023] +Ken: Like how Apple control there apps application… I believe Singapore load should be much lower bah

[11:12 am, 10/05/2023] +Ken: And a reporting system to temporary shut off access to the API holder. When reporting scam very high. Or evaluation via some systems

[11:43 am, 10/05/2023] +REACH: Dear Contributors

We want to HEAR MORE from you!

💬 What are your views on the new proposed laws to better tackle scams and clamp down on money mules who sell Singpass data to scammers?

We have had good feedback from this group and hope that we can keep the discussion robust and active!

Megan 😊

[11:46 am, 10/05/2023] +KL: Simple those money mule will be barred from owning any internet and phone number :)) permanently or a length of time :)) . Those people help these mules to register for numbers will also be punished

[11:46 am, 10/05/2023] +KL: I know is harsh but no choice they are helping scammer to harm local

[11:47 am, 10/05/2023] +KL: So to undigital them

[11:47 am, 10/05/2023] +Rama: Agree

[11:47 am, 10/05/2023] +KL: It will mean no job , no mean of survive

[11:47 am, 10/05/2023] +KL: It seem not harsh but it a extreme harsh punishment

[0:23 pm, 10/05/2023] ☸️ Danny 心:

1. Personal banking credentials and financial credentials are confidential and should not be released to others - even to family members.

2. Releasing credentials for scammers to scam victims and assist in scamming as money mules - should be deterred - since in OCBC scamming cases where only 9 money mules are charged out of 120 money mules.

3. I support strengthen the law to nab money mules who deliberately release their financial credentials to assist in scam.

[0:27 pm, 10/05/2023] +Rama: Likewise

[1:00 pm, 10/05/2023] ☸️ Danny 心:

4. However, if MAS mandate bank to do call back by bank personnel, or AI/robotic or branch verification - for all overseas bank transfer - then a scam cannot be pull off.

5. Because if local money mules are call back by banking staff or AI to verify if they intend to transfer their funds to overseas - and if they say yes - will be a strong evidence that they willingly perform as money mules and can be prosecuted in courts.

6. As for scam victims, if bank call back to verify the bank transfer, victims will straight away be alerted that an unauthorized transfer has been taken place - and the unauthorised transfer can be stopped immediately - and the scam will fail.

This is the most effective way to stop scam.

Now the onus fall heavily on the victim - and the current bank security features are not foolproof.

Also with more fail scam - less police efforts are needed to trace and prosecute scammers as all scams will fail with bank verification.

7. Even if scammers try to circumvent this bank personal check, by masquerading as bank calling the victims, victims will straight away be alerted that unauthorised transfer is taking place - and scammers will not be so stupid to do such verification.

8. Hence bank call back verification is "scam-proof", "foolproof" and "fail-safe" to stop all online scamming.

9. Wonder will MAS be seriously considering mandating bank call back verification for all bank transfer - to intercept and stop all online scams at its source?

10. Stopping scams must not be heavily weight on the onus of the bank customers.

It must be equally weighted on:-

1. MAS

2. Banks

3. Customers

Hence I believe bank call back verification is the only foolproof way to stop scam.

[1:07 pm, 10/05/2023] ☸️ Danny 心:

11. Totally relying on online tools and security features - are not foolproof in the advent of AI and quantum computing.

As id, password, digital token, SMS OTP, biometric fingerprint, face recognition, email OTP - all fall into one device - the smartphone.

Once a malware compromise the handphone, 6 factor authentication = no authentication - because AI malware will easily disable biometric authentication or pick up all the password, pin etc from the smartphone.

The 6 factor authentication gives only superficial security assurance that can be hacked.

Bank call back verification - serve as real 2 factor authentication - as without customer confirmation, all online transfer cannot be authorised and approved.

[1:07 pm, 10/05/2023] +~N: There are many seniors/older persons who have SingPass and who don't know how to use it. It will be good to put in place either a compulsory 2-step verification for seniors/elders, or an automated trigger alert to next-of-kin if Singpass is accessed.

[1:53 pm, 10/05/2023] ☸️ Danny 心:

If the current bank security features 2FA are considered foolproof with the touted userid, password as 1FA and digital token or SMS OTP as 2FA.

Rightfully, scammers despite getting the 1FA userid and password - cannot and shouldn't have acquire the 2FA - digital token or SMS OTP - to successfully login and access the bank account - if bank security is foolproof.

But the real fact is, scammers can acquire both the 1FA and 2FA through the compromise handphone - because bank online access allows all 1FA and 2FA to be landed on the same device - the victim handphone.

Previously, a hard token is issued to the customers. But now no longer the case - as banks increasingly use soft digital token or SMS OTP that land on the same handphone.

This is a security breach - according to the security best practices.

Hence if the customer are scam by malware or fool by scammers to release their 1FA, rightfully if security practices are tight, scammers will not be able to access the 2FA .

But bank online implementation make it do so.

So banks have equal accountability and responsibility - if a customer bank account is scam - and should have implemented a foolproof login process.

And if the bank account is breached due to the inadequacy of login security process, then banks should also have accountability to compensate customers for the loss suffer by the customers.

[1:54 pm, 10/05/2023] +Ken: 2FA not foolproof 😂

Don’t assume

[1:54 pm, 10/05/2023] +Ken: Just harder not impossible

[1:54 pm, 10/05/2023] ☸️ Danny 心:

Yes.

That's why banks equally accountable if a customer account is scam.

Unless bank implemented a foolproof login process.

[2:03 pm, 10/05/2023] ☸️ Danny 心:

This means that if a scam victim sue in court if he/she got scammed even if the victim is wrong by releasing their id and password credentials or even 2FA via malware or fool by scammers - banks are still accountable if the victims has no wish to transfer their money to the scammers.

Because banks if do call back verification to check with the victim if the online transfer is authorised - and if the victim say no - the money will still be intact and not be scammed.

By making the joint responsibility of banks and customers against scam - successful scam can be greatly reduced if not totally eliminated.

Then police involvement, prosecution, drastic rise in scam cases will not arise.

Why such a simple step not implemented?

Can touch the nose by the front, why need the hand wrap around the head to touch or struggle to touch the nose?

[2:07 pm, 10/05/2023] +REACH: 📢 Topic 📢

What are your views on the new proposed laws to better tackle scams and clamp down on money mules who sell Singpass data to scammers?

Speaking in Parliament, second Minister for Home Affairs Josephine Teo said that the numbe…

[2:10 pm, 10/05/2023] +Ken: AI to identify scams… still in the works

[2:10 pm, 10/05/2023] +Ken: Not so fast to able to determine scammers more rely on the ground.

Cause usually scam would prefer cash transfer

[2:10 pm, 10/05/2023] +Ken: Less able to track

[2:11 pm, 10/05/2023] ☸️ Danny 心:

https://www.cnbc.com/2019/01/04/how-secure-is-your-account-two-factor-authentication-may-be-hackable.html

You can't relax': Here's why 2-factor authentication may be hackable.

[2:11 pm, 10/05/2023] +Ken: In between attacks will able to hack whatever system, just takes smart people to figure out how to do it only…

[2:19 pm, 10/05/2023] ☸️ Danny 心:

IT security people know how to bypass 2FA - that's why we don't feel bank login process has a foolproof system to protect bank customers.

Hence, human verification by banks as 2FA to plug the online login vulnerability - is now the only solution to prevent scams.

This is not a joke but a serious message.

Else why few hundred million dollars or even a billion dollars are scam in Singapore if the 2FA is foolproof?

It obviously is not, hence the urgency to plug this loopholes.

[2:21 pm, 10/05/2023] ☸️ Danny 心: https://www.businesstimes.com.sg/singapore/scam-victims-spore-lost-s6607-million-2022-almost-s13-billion-past-two-years

[2:22 pm, 10/05/2023] ☸️ Danny 心:

If bank 2FA is foolproof, how can so much money be scam?

[2:22 pm, 10/05/2023] ☸️ Danny 心:

Bank call back verification - will have make this scam $0.

[2:39 pm, 10/05/2023] ☸️ Danny 心:

Vulnerability of 2FA in mobile phone.

[2:48 pm, 10/05/2023] +Smiley face: 10 May, 2023

Our Honorable CJ Yong Pung How

"One has to recognise that different

jurisdictions hold, and are entitled to hold,

different ideas about the principles and

rules which their citizens are enjoined to

live and abide by. For example, certain

countries may place a higher emphasis on

rehabilitation of the offender while to others,

general deterrence and the protection of the

community at large takes precedence to the

rights and freedom of the individual accused I did not think therefore that it was useful

or practicable to adopt blindly the attitudes

evinced by the English courts on sentencing.

On the contrary, I was mindful of the different

social and moral considerations which prevail

in the two countries, and in particular of the

divergence between Asian conservatism and

the more liberal western society..."

- - CJ Yong Pung How,

[2:50 pm, 10/05/2023] ☸️ Danny 心:

All IT security people knows that the current bank 2FA that landed in the same mobile phone - is a security breach.

Provide false sense of security.

Because scammers can capture all the 1FA and 2FA in the same mobile phone and carry out a successful scam - because bank implementation facilitate such process - a security breach, a security loopholes.

[3:06 pm, 10/05/2023] +Smiley face: Standard Chartered on-line app now requires keying in the user's passwords.

Previously, users could auto-fill login and passwords via the phone memory.

Is this a safer way against phone been hacked?

[3:09 pm, 10/05/2023] ☸️ Danny 心:

Rightfully, when a person login to the bank account, user should clear all cache, cookies, password memory, URL history and should not allow auto-fill login.

Malware will be the first to look into such features to capture login information.

[3:10 pm, 10/05/2023] +Smiley face: Many busy folks or older folks rely heavily on these auto-fill functions...just too many things to remember and to recall especially during rush time!

[3:11 pm, 10/05/2023] +Smiley face: Then comes using common passwords for all on-line apps...lazy folks!

[3:12 pm, 10/05/2023] +Smiley face: Including singpass?

[3:12 pm, 10/05/2023] ☸️ Danny 心:

Always do clear browsing data after accessing bank accounts, Singpass login or other login.

This will prevent scammers from capturing all browsing history, password, pin, cookies etc.

[3:12 pm, 10/05/2023] ☸️ Danny 心:

Yes for all financial transactions.

[3:12 pm, 10/05/2023] +Smiley face: Many folks don't know how to clear caches etc...

[3:14 pm, 10/05/2023] ☸️ Danny 心:

Sigh...

That's why expecting layman to do all these and putting all the onus on bank customers - is too onerous - if bank don't implement a failsafe login process for bank customers.

[3:16 pm, 10/05/2023] +Smiley face: The question of authentication via 2FA as discussed in addition today and yesterday.

This FAs will run out of time and there is a need to constantly look for new protocols to secure these crucial and sensitive entities starting from our Singpass.

Scammers or hackers, they thinking alike and highly technical too.

It's like a never ending in search of the best secured ways to safety for all users!

Trust is what users depend upon...once broken, all H break loose!

H means Havoc

[3:16 pm, 10/05/2023] ☸️ Danny 心:

Don't check save password and auto fill form data.

Malware will pick these all up - even though you didn't supply your password.

[3:16 pm, 10/05/2023] +Smiley face: One way to teach folks how to do it!

Thanks, Danny!

[3:18 pm, 10/05/2023] +Smiley face: Let's tighten our laws, further!

[3:29 pm, 10/05/2023] +Rama: Yes

[3:30 pm, 10/05/2023] +Rama: So, managed password function should not have on phone!? These currently helps when logging in to different secured apps!

[3:31 pm, 10/05/2023] ☸️ Danny 心:

Only human verification can break the online scam.

Totally relying on digital verification is not a scam proof solution.

With advent of AI and quantum computing - human verification on top of digital verification is the only scam-proof solutions to defeat scam.

[3:33 pm, 10/05/2023] ☸️ Danny 心:

Better don't save your password in your smartphone or laptop.

Malware or keylogger or network analyser will first target these save password features.

[3:35 pm, 10/05/2023] ☸️ Danny 心:

Some apps use md5 to encrypt the password but it can be easily decrypted.

So don't think that encrypted password is safe.

[3:54 pm, 10/05/2023] ☸️ Danny 心:

Because once a malware or AI malware capture your id and password - the malware will have full access to your mobile phone or your laptop because the malware has the full admin rights.

With full admin rights, malware can access all the files in your mobile phone and laptops to extract all your vital login credentials stored in your device cache, memory or access to your login history, which bank webpage, insurance web page, Singpass CPF etc.

Once your login credentials is stolen, AI malware will go one by one to access your accounts and steal your money.

AI malware will be very smart to do all these in double quick time.

Even if victims don't release their login credentials to scammers, scammers can intelligently compromise your life savings even without you knowing.

Hence I take the current bank login process very seriously because I find that it is not foolproof.

If AI become prevalent - it can do more harm at a breakneck speed - if banks don't tighten the login process.

Depending on only digital online login - will be the biggest failure.

Only augmented by human verification before confirming bank transfer can stop the scam.

Government given mandate to shut down scam websites or remove malicious mobile apps preemptively - is the only way to protect unsuspecting victims.

Block scam messages from SMS, WhatsApp and telegram is an important step.

Else we will lose our wars against scammers.

[3:57 pm, 10/05/2023] +Smiley face: How easy is it to empty a person's on-line bank savings?

[3:58 pm, 10/05/2023] ☸️ Danny 心: https://tnp.straitstimes.com/news/singapore/retiree-loses-70k-savings-after-installing-fake-google-play-app

[3:58 pm, 10/05/2023] ☸️ Danny 心:

Woman who scanned QR code with malware lost $20k to bubble tea survey scam while she was sleeping

https://www.straitstimes.com/singapore/woman-who-scanned-qr-code-with-malware-lost-20k-to-bubble-tea-survey-scam-while-she-was-sleeping

[3:59 pm, 10/05/2023] ☸️ Danny 心:

As simple as ABC.

[3:59 pm, 10/05/2023] +REACH: 📢 Topic 📢

What are your views on the new proposed laws to better tackle scams and clamp down on money mules who sell Singpass data to scammers?

Speaking in Parliament, second Minister for Home Affairs Josephine Teo said that the numbe…

[4:01 pm, 10/05/2023] ☸️ Danny 心:

If he is an expert hacker.

[4:14 pm, 10/05/2023] +Smiley face: What's the profile of an expert hacker?

[4:18 pm, 10/05/2023] ☸️ Danny 心:

IT experts.

[4:19 pm, 10/05/2023] ☸️ Danny 心:

Malicious IT experts.

[4:54 pm, 10/05/2023] +Frankie Wee: I think the issue is QR scam

[4:55 pm, 10/05/2023] +Frankie Wee: https://www.cybersecurityconnect.com.au/strategy/9031-she-just-wanted-some-tea-but-a-fake-qr-code-offer-cost-her-20-000

[5:04 pm, 10/05/2023] ☸️ Danny 心:

The actual intent of the scammers is to want her to access a scam website so that a malware can be downloaded into her mobile phone.

When she is trick into scanning the QR code, she is directed into the scam website, and a malware is downloaded into her mobile phone.

Once malware is downloaded, the malware will attempt to capture her bank login credentials and then steal her life savings from her bank account.

[5:04 pm, 10/05/2023] +Rama: Yes

[5:04 pm, 10/05/2023] +Frankie Wee: This QR without logo name company and unknown when people purchase the shop

[5:08 pm, 10/05/2023] ☸️ Danny 心:

Likewise, previously when I scream about activating Bluetooth being turn on on the handphone to do tracetogether - I was worried about expert hacker able to do a pairing and download a malware into people's handphone.

Then through 4G the malware will steal the victim bank credentials and their life savings.

Luckily we are in Singapore, though there are IT experts - mostly they are not scammers.

If we are in US, many people will get scam as there are many expert black hackers around.

[5:09 pm, 10/05/2023] ☸️ Danny 心:

That's why don't anyhow scan the suspicious QR code.

They could be scam sites ready to download malware into victims handphone.

[5:09 pm, 10/05/2023] +Frankie Wee: Clever to crate QR without licensing so person is trying scam people money or open SingPass sale money mule

[5:11 pm, 10/05/2023] ☸️ Danny 心:

Similarly turn off WiFi in public and don't use public WiFi - as hackers can capture user credentials through rouge WiFi AP.

Also keep NFC (near field comm) off.

US plenty of NFC hackers.

[5:12 pm, 10/05/2023] ☸️ Danny 心:

Sigh...

Wonder how do layman understand....

[5:22 pm, 10/05/2023] ☸️ Danny 心:

Wireless analysers can capture userid and password that associate with the rouge WiFi AP.

[5:29 pm, 10/05/2023] ☸️ Danny 心:

But people turn on NFC to do simplygo to scan their mrt or bus ezlink - I think.

In US, NFC hackers carry an NFC reader and transmitter - go near people's wallets or handphone.

If victims NFC turn on - hackers will transmit the malware to the mobile phone via NFC because no authentication is needed.

As simple as ABC.

[5:30 pm, 10/05/2023] ☸️ Danny 心:

So when someone ask, how easy to scam a life saving?

As simple as ABC - for an expert hacker.

[5:33 pm, 10/05/2023] ☸️ Danny 心:

Thus bank relying on digital verification is not foolproof.

Additional human verification to authorise bank transfer is needed.

[5:34 pm, 10/05/2023] +Frankie Wee: This is case serious

I think all mobile user with NFC must have license to protection authentication

[5:35 pm, 10/05/2023] +Rama: Is there a valid software currently!?

[5:35 pm, 10/05/2023] ☸️ Danny 心:

NFC protocol (IEEE) specifications don't dictate authentication.

[5:36 pm, 10/05/2023] +Frankie Wee: https://support.apple.com/en-sg/HT209143

[5:36 pm, 10/05/2023] ☸️ Danny 心:

It is meant for convenience - software don't authenticate.

[5:36 pm, 10/05/2023] +Rama: OK

[5:36 pm, 10/05/2023] +Rama: None for android!?

[5:37 pm, 10/05/2023] +Frankie Wee: Android I not familiar

[5:37 pm, 10/05/2023] +Rama: No problem

[5:37 pm, 10/05/2023] ☸️ Danny 心:

The best turn off NFC for your mobile phone.

When want to board the bus and MRT, turn it on.

Don't sit beside an expert hacker.

After deembarking from a bus and MRT, turn off the NFC.

[5:38 pm, 10/05/2023] +Frankie Wee: Last time I use android but I note it’s can easy download unknown from website jailbreak

[5:38 pm, 10/05/2023] +Rama: Thanks

[5:38 pm, 10/05/2023] +Frankie Wee: Many unsecured

[5:39 pm, 10/05/2023] +Rama: Much appreciated your assistance

[5:40 pm, 10/05/2023] +Frankie Wee: I prefer apple iOS more safe and proof setting certification or license

[5:41 pm, 10/05/2023] ☸️ Danny 心:

iOS cannot protect a person from malware transmitted via NFC, rouge WiFi, or Bluetooth.

[5:41 pm, 10/05/2023] +Rama: I see

[5:43 pm, 10/05/2023] +Frankie Wee: Then USA Apple case will pay to Singapore 😂

[5:43 pm, 10/05/2023] ☸️ Danny 心:

For NFC, sit 1 meter away from hacker.

For Bluetooth, sit 10 meter away from hacker.

For WiFi, sit 100 meter away from hacker.

If want to sit next to a hacker without the fear of being hack, turn off NFC, Bluetooth and WiFi.

[5:44 pm, 10/05/2023] +Rama: Can android protect!?

[5:44 pm, 10/05/2023] +Frankie Wee: Nope

[5:44 pm, 10/05/2023] +Frankie Wee: Very hard

[5:44 pm, 10/05/2023] +Rama: OK

[5:49 pm, 10/05/2023] +Frankie Wee: I really don’t know what it can solve.

Only clever IT will know everything development

[6:00 pm, 10/05/2023] +REACH: 📢 Topic 📢

What are your views on the new proposed laws to better tackle scams and clamp down on money mules who sell Singpass data to scammers?

Speaking in Parliament, second Minister for Home Affairs Josephine Teo said that the numbe…

[6:17 pm, 10/05/2023] +~L: People used to rob Banks. They didn't ban banks. They worked out how to catch the criminals.

[6:17 pm, 10/05/2023] +~L: Good to see this.

[6:17 pm, 10/05/2023] +Rama: Still robbing and catching

[6:30 pm, 10/05/2023] +Frankie Wee: What if oversea will hardly catch criminals

[6:31 pm, 10/05/2023] +~L: Remember HV robbery? He was arrested overseas :)

[6:32 pm, 10/05/2023] ☸️ Danny 心: https://www.businesstimes.com.sg/singapore/scam-victims-spore-lost-s6607-million-2022-almost-s13-billion-past-two-years

[6:34 pm, 10/05/2023] ☸️ Danny 心:

$1.3 billion scam.

Is concentrating on catching this scammers more important or if preventing scam from taking place more important to the victims?

Probably some people think that when their life savings have been scam - it is less important to them.

Catch scammers but unable to recover their life savings more important.

[6:37 pm, 10/05/2023] ☸️ Danny 心:

Then can forget about installing ScamShield to block scam sites and callers.

Because not important mah.

Come across scam sites, don't block, let more victims download malware - not important mah.

Send WhatsApp or telegram with malware - don't block, not important mah.

Freedom more important.

[6:37 pm, 10/05/2023] +~L: Yes, prevention better than cure. But prevention through elimination isn't the solution. Education, regulation, enforcement, safety valves are the best way.

[6:38 pm, 10/05/2023] +~L: Same in construction. We don't ban construction when there are deaths. We improve regulation, education, checks etc.

[6:38 pm, 10/05/2023] ☸️ Danny 心:

Then how come $1.3 billion kenna scam - when all of what you say have been used?

[6:39 pm, 10/05/2023] +~L: Clearly not. Downloading malicious apps is a sign of lack of regulation, lack of education, and lack of safety checks.

[6:39 pm, 10/05/2023] ☸️ Danny 心:

Hahaha....

[6:40 pm, 10/05/2023] +~L: We do agree I think on the desired outcome, and both understand enough to know that users need protection, but eliminating tech that has huge benefits is not the answer.

[6:41 pm, 10/05/2023] ☸️ Danny 心:

Did you install ScamShield?

[6:41 pm, 10/05/2023] +Rama: I did

[6:41 pm, 10/05/2023] ☸️ Danny 心:

That's elimination

[6:42 pm, 10/05/2023] +Rama: Yup

[6:43 pm, 10/05/2023] ☸️ Danny 心:

Did you install firewall or anti-virus?

[6:43 pm, 10/05/2023] ☸️ Danny 心:

That's elimination

[6:44 pm, 10/05/2023] +~L: Ah, I meant elimination by banning paynow for example. Scam Shield is protection

[6:44 pm, 10/05/2023] +SL: Basic element on antivirus for computer and headphone

[6:44 pm, 10/05/2023] +~L: Both protection not elimination.

[6:45 pm, 10/05/2023] +SL: The firewall is required, especially for home nas network

[6:45 pm, 10/05/2023] ☸️ Danny 心:

Elimination refer to filtering all undesirable contents including malicious web site, malware etc.

[6:45 pm, 10/05/2023] +~L: Virus still exist, but the software filters out 99% of the them. Like Dettol for the phone.

[6:45 pm, 10/05/2023] +~L: Ok, we are playing with semantics. 😆

[6:45 pm, 10/05/2023] +REACH: Dear Contributors,

⏰ We will be closing the chat in 15 minutes ⏰

Thank you very much for being part of our WhatsApp chat and participating actively.

Goodnight!

Megan 😊

[6:46 pm, 10/05/2023] +SL: Anti Virus for known signature, excluded new and zero day malware

[6:46 pm, 10/05/2023] ☸️ Danny 心:

So how does firewall, anti-virus, firewalls different from banning malicious website, prevent platform from downloading malware?

They are all elimination techniques?

[6:47 pm, 10/05/2023] +SL: Help in a way but effectiveness need to be monitor and banning website us best to he managed by AI learning

[6:48 pm, 10/05/2023] +SL: In the cyber world, I don't think elimination is full proof as the system need to updated the rule in real time

[6:49 pm, 10/05/2023] ☸️ Danny 心:

Are you suggesting not filtering out malware sites, allowing platform to host malware and let victims download malware or let shops allowing malicious qr code to be pasted in their shops and let victims scan and download?

How does education help here?

How is this different from ScamShield, firewall, ips, anti-virus elimination contradict what the government are trying to do in the name of education?

[6:50 pm, 10/05/2023] ☸️ Danny 心:

Agree, need to continuously update especially with proliferation of AI.

[6:50 pm, 10/05/2023] +~L: All virus are eliminated by the software. I'm suggesting we don't eliminate all websites.

[6:51 pm, 10/05/2023] ☸️ Danny 心:

Agree rules need to continuously catch up.

[6:51 pm, 10/05/2023] ☸️ Danny 心:

Including malware websites?

[6:51 pm, 10/05/2023] ☸️ Danny 心:

Knowing that it meant to scam victims?

[6:51 pm, 10/05/2023] +~L: How do we know what website or qr code is malicious?

[6:51 pm, 10/05/2023] +SL: In the speed of the website creation, it might need multiple super powerful system to have 99.9% filter for a size as big as Singapore users.

[6:52 pm, 10/05/2023] ☸️ Danny 心:

Then what is the purpose of ScamShield?

[6:52 pm, 10/05/2023] +~L: Of course we want to stop mallard websites.

[6:52 pm, 10/05/2023] +SL: Filtering is one way to reduce/manage the risk, education, awareness is also important

[6:52 pm, 10/05/2023] ☸️ Danny 心:

What is the purpose of firewall?

[6:53 pm, 10/05/2023] +~L: Well I still get calls and sms from "possible scam" numbers that are legitimate businesses.

[6:53 pm, 10/05/2023] ☸️ Danny 心:

I don't disagree with education.

But leaving entirely to education and not blocking malicious website are foolish.

[6:53 pm, 10/05/2023] +SL: Only known viruses that are submitted to antivirus will be updated in their product virus signatures as antivirus mostly are the signature-based engine

[6:53 pm, 10/05/2023] ☸️ Danny 心:

What if don't report and block - let it be?

[6:53 pm, 10/05/2023] +~L: It would be. Does anything think we shouldn't stop malicious websites?

[6:54 pm, 10/05/2023] +~L: The point is that to stop all malicious websites we have to stop all websites, which isn't a good option.

[6:55 pm, 10/05/2023] +~L: We can't possibly know all the malicious websites that exist.

[6:55 pm, 10/05/2023] ☸️ Danny 心:

Then why install ScamShield firewall ips anti-virus since you think education more important?

Must as well education will do.

Let it be.

[6:55 pm, 10/05/2023] +~L: It's not one or the other, it's a combination

[6:55 pm, 10/05/2023] +SL: Malicious website might not due to there are malware on website, it might be a payload that have targeted code

[6:55 pm, 10/05/2023] +~L: Correct. Many different ways to scam.

[6:56 pm, 10/05/2023] +SL: Qr code that will trigger key in bank info, for example

[6:56 pm, 10/05/2023] ☸️ Danny 心:

Now you talk sense.

Combination of everything.

Then I don't have arguments.

[6:56 pm, 10/05/2023] +SL: Blocking known scam call / scam SMS that reported to spf

[6:56 pm, 10/05/2023] +~L: Good to see Gov taking steps, but should be careful not to be too restrictive.

[6:57 pm, 10/05/2023] +SL: Are you referring to Hardware or software firewall?

[6:57 pm, 10/05/2023] +SL: Logic is unclear whether the number is legitimate or scam call no

[6:58 pm, 10/05/2023] +Smiley face: Is there a centralised website or hotline?

[6:58 pm, 10/05/2023] +SL: Multiple mode is required, soly education or technology will not work

[6:58 pm, 10/05/2023] +Rama: Sometimes, it creeps in.

[6:58 pm, 10/05/2023] +SL: I think scam number will continue remain high

[6:59 pm, 10/05/2023] +Smiley face: 10 May, 2023

"Everyday, families and businesses depend on the law for order and protection. In the larger scheme of things, we partake of the business of nation-building efforts by strengthening our nation's legal infrastructure, which is one of the pillars of Singapore's success."

- - CJ Yong Pung Howe, addressed on the

Admission of Advocates and Solicitors 2005

"How to punish?"

Basics?

Besides jail and fines of up to 5 years with NO remission for first time offender.

The banning of Mobile devices shall commence and apply to all offenders after serving the full term of the jail sentence.

The banning of Mobile devices for a period of up to 10 years. Telco will blacklist these offenders from opening an account. During Police spot checks, in the event of the offender using mobile devices, the offender will be immediately handcuff, devices confiscated as evidence and charged under the penal code that carries a fines of up to $10,000 and or jail. For repeat offenders will face jail sentence of up to two year with no remission.

Interpol?

All offenders name and personal particulars will be lodged with the Interpol under the crimes of money laundering and or organised and syndicated criminals up to the term of the sentencing. Thereafter, subject to review and approval prior to discharge the offender from this listing.

Financials?

The money mule will have a lifetime ban on all financial instruments except CPF and one savings account with a local bank for the purpose of livelihood.

This savings account will be under lifetime survillance by the bank and or MAS. Any large amount of inward or outward of funds ($2000 onwards) from this account needs documentation to be submitted to the bank and MAS prior to the transfer of this fund. This rule applied to all involved parties. All offenders shall be banned from holding any offshore bank accounts, credit facilities and equities including crypto instruments for a minimum period of 10 years or longer.

Recalcitrants?

For repeat offenders shall face double penalty to include jail term, fines and the confiscation of the passport for up to 10 years or longer. This rule applied to all involved parties.

Special Treatments?

For the ring leader or boss or immediate recruiter of these mules, a minimum jail sentence of 10 years with no remission. Fine of up to 20x the amount of illegal laundered money and all or any or co-owned personal assets will be subject to confiscation at the pleasure of the court.

For foreign including PR, a permanent ban from entering SG with the recorded biometric of this person. All penalties and jail sentences to be doubled compared to citizens.

Catching the Big Guys?

For all categories of offenders; an offender if proven beyond the doubt, is a reliable and a helpful resource to break and convict a local and/or overseas syndicate or an international organised criminal activities such as collaborations, scams, money laundering, drugs related, on-line or off-line gaming bets, human trafficking, tax evasion, illegal financing, falsified accounts/audit/tax documents to deceive, corruptible practices involving private and/or public, legitimate business entity operating undercover as vice and/or one more of the above offenses and other illegal activities deem to infringe upon all the laws of the Republic of Singapore including immigrations and/or manpower and/or taxes and/or national developments and/or communications; this offender shall have a chance to mitigate for lighter sentences or waiver of certain charges by the PP office and the AG chamber.

- - in progress - -

[7:00 pm, 10/05/2023] +SL: Report to authority when discovering a malicious website, this will help the govt to track it

[7:00 pm, 10/05/2023] +REACH: Dear Contributors,

We will be closing the chat for today.

Thank you very much for being part of our WhatsApp chat and participating actively.

Goodnight!

Megan 😊

====

Babe Blog - Insights on News Events

Wednesday, May 10, 2023

No comments:

Post a Comment