REACH 457 - In light of the recent scams, how have you changed the way you utilise digital services? How do you think we can better protect and support Singaporeans to act against scams?
(SK)
22 May 2023 (10am - 7pm)
REACH
[10:45 am, 22/05/2023] +REACH: Dear Contributors,
Welcome back! π
⏰ We will be opening the chat from 10.50am to 7pm today. ⏰
House Rules (short version of our Terms of Use) to keep in mind:
1. Be kind and respectful. We all want to be in a safe space to share our views.
2. Any and all threatening, abusive, vulgar or racially, religiously and ethnically objectionable content is prohibited.
3. Consider the quiet ones among us and give them a chance to comment.
4. No need to repeat your comment or in different forms (including caps) - we heard you loud and clear the first time.
5. Let’s protect each other’s privacy and keep contact details in this group what it should always be - confidential.
Full set of Terms of Use: https://go.gov.sg/reach-whatsapp-terms
We will strive to uphold these rules to ensure this is a safe space for all.
Please be assured that the points made by participants during the chat are aggregated and shared with relevant agencies.
The topic will be posted shortly.
Thank you
Megan π
[10:51 am, 22/05/2023] +REACH: π’ Topic π’
In the past week, a police report has been lodged over an unofficial Police@SG app hosted on a third-party app-hosting website, and a warning against new phishing scam variant involving fake ScamShield app has been issued. The police also urged the public to stay vigilant by not granting permission to persistent pop-ups that request access on a device, among other things.
π¬ In light of the recent scams, how have you changed the way you utilise digital services? How do you think we can better protect and support Singaporeans to act against scams?
π Phishing Scam involving fake ScamShield App
This scam involves the sale of food via social media platforms (e.g. Facebook). The scammers would then send a link to the victim and tell him to use it to download an app to make payment for the food items. Unauthorised transactions will be made from the victim’s bank accounts or credit cards. Thereafter, scammers will contact the victim posing as bank staff, claim to be following up on fraudulent transactions and recommend the victims to download the fake ScamShield app using a URL they provide, on the pretext of getting the victim to safeguard himself against scams.
π Fake Friend Call Scam
You receive a call from a “friend”. You are asked to guess the caller’s name and save the new number. You are then asked to provide financial assistance a few days later.
π Investment Scam
You are offered an investment with very high returns.
π E-Commerce/Property Rental Scam involving impersonation of real estate agents or authorised personnel
You see a deal online for a property rental on various advertising sites. The agent or “authorised personnel” asked for payment (deposit) even before physical viewing of the property.
π E-Commerce/Concert Tickets Scam
You see third-party resellers online offering sale of concert tickets. Seller would claim that the ticket sales are time-sensitive or have limited availability to convince buyers into making advanced payment for the tickets.
In 2022, scam victims in Singapore lost $660.7 million, up from $632 million in 2021, bringing the total to almost $1.3 billion lost in two years.
There were 31,728 scam cases reported in 2022, up from 23,933 cases in 2021.
π https://www.straitstimes.com/singapore/police-warn-against-new-phishing-scam-variant-involving-fake-scamshield-app
π https://www.straitstimes.com/singapore/courts-crime/phone-compromised-after-scam-target-told-to-download-fake-scamshield-app
π https://www.straitstimes.com/singapore/man-in-his-60s-loses-50000-after-scammer-claiming-to-be-his-kampung-friend-asks-to-borrow-money
[10:51 am, 22/05/2023] +REACH: [For Info]
❗️If you think scammers have a type, think again.
πShare this message with your loved ones!
ACT now against scams: go.gov.sg/actagainstscams.
Or visit www.scamalert.sg/ for more information.
-----
[10:56 am, 22/05/2023] +Jimmy Chew: I nearly got scammed because I was busy and clicked a link while rushing for my project deadline. So I am not sure if the government would look deeper into the psychology of why people got scammed rather than just warnings. Is there something in the old folks or others to make them click the link. Seems the scammers are more hardworking in understanding the audience than the authorities hahahaha
[11:00 am, 22/05/2023] +Poh S Lim: I agree. Scammers use psychology in order to prey on those vulnerable such as ignorant, easily scared or greedy people, in order to perpetrate their crimes.
[11:29 am, 22/05/2023] +Kenneth Lee WM: Education is key. Rather than just "warnings" give examples of how people got scammed on TV, radio, cartoons, etc.
Recently I saw a good poster about job scams. Instead of printing "Be careful about Job scams etc etc", the poster wrote "if they ask u for money up front, it's a scam".
[11:32 am, 22/05/2023] +Frankie Wee: Sound too good to be true
When scam smart action.
Do not try to be dream rich
Do not be greed they offer
Do not trust or believe whatever
Do not give personal details.
[11:32 am, 22/05/2023] +Frankie Wee: Everything is mind money to rich after they scam too later
[11:33 am, 22/05/2023] +Kenneth Lee WM: Another area is consistency of Singpass 2FA interface.
Old people sometimes to don't have smart phones or scared to download singpass app.
They only use SMS.
However, for non-government entities who use Singpass for authentication, the SMS 2FA option is not available. Entities just like insurance companies, NTUC, MSIG are examples. They told me that Singpass SMS 2FA is not available to them. Only for government agencies like CPF, ICA, HDB.
Initially, when I used NTUC/MSIG websites, I thought the singpass authentication section was hacked.
[11:34 am, 22/05/2023] +Frankie Wee: They need to go senior Center committee
[11:37 am, 22/05/2023] +Kenneth Lee WM: The SMS costs is minuscule compared to the amount of money people have lost to scams.
[11:38 am, 22/05/2023] +Kenneth Lee WM: Go there also no help if senior no smart phone. Only rely on SMS for singpass 2FA.
[11:39 am, 22/05/2023] +Kenneth Lee WM: Hv to rely only on username/pswd in company's records
[11:52 am, 22/05/2023] +Frankie Wee: They need to go senior group activity and share their experience.
If they are lonely it’s really touch to understand when scam will took them away money.
[0:11 pm, 22/05/2023] ☸️ Danny εΏ:
Some people may think SMS OTP is safe.
If SMS OTP land on the same smartphone that access the bank account - SMS OTP can be hijack and diverted away to hacker phones and hackers can access the victim bank account.
[0:24 pm, 22/05/2023] ☸️ Danny εΏ:
REACH - Bank 2FA is not foolproof in protecting bank customer savings. Tackling the issue of money mules and prevent unsuspecting victims from bank transfer against their will.
11 May 2023
1. Tackling the money mules and unsuspecting victims from bank transfer against their will - currently bank rely on 2FA for bank transfer - that can be compromised by scammers in releasing their user id, password and 2FA - through malware and other means without the victims realising their bank savings are being stolen against their will.
2. However, if MAS mandate bank to do call back by bank personnel, or AI/robotic or branch verification - for all local and overseas bank transfer - then a scam cannot be pull off.
3. If local money mules are call back by banking staff or AI to verify if they intend to transfer their funds to overseas - and if they say yes - will be a strong evidence that they willingly perform as money mules and can be prosecuted in courts.
4. As for scam victims, if bank call back to verify the bank transfer, victims will straight away be alerted that an unauthorized transfer has been taking place - and the unauthorised transfer can be stopped immediately - and the scam will fail.
This is the most effective way to stop scam.
Now the onus fall heavily on the victim - and the current bank security features are not foolproof.
Also with more fail scam - less police efforts are needed to trace and prosecute scammers as all scams will fail with bank verification.
5. Even if scammers try to circumvent this bank personal check, by masquerading as bank calling the victims, victims will straight away be alerted that unauthorised transfer is taking place - and scammers will not be so stupid to do such verification.
6. Hence bank call back verification is "scam-proof", "foolproof" and "fail-safe" to stop all online scamming.
7. Wonder will MAS be seriously considering mandating bank call back verification for all bank transfer - to intercept and stop all online scams at its source?
8. Stopping scams must not be heavily weight on the onus of the bank customers.
9. It must be equally weighted on:-
a. MAS
b. Banks
c. Customers
Hence I believe bank call back verification is the only foolproof way to stop scam.
=======
[0:24 pm, 22/05/2023] ☸️ Danny εΏ:
REACH - Current Bank 2FA is not foolproof in protecting bank customer savings. And the full onus of scam weight heavily on bank customers.
11 May 2023
1. Totally relying on online tools and online 2FA security features for bank transfer (local and overseas) - are not foolproof in the advent of AI and quantum computing.
As id, password, digital token, SMS OTP, biometric fingerprint, face recognition, email OTP - all fall into one device - the smartphone.
Once a malware compromise the handphone, multi- factor authentication = no authentication - because AI malware will easily disable biometric authentication or pick up all the password, pin etc from the smartphone.
The multiple factor authentication gives only superficial and false security assurance that can be hacked.
https://www.tomsguide.com/news/this-new-android-malware-is-stealing-passwords-and-2fa-codes-what-you-need-to-know#:~:text=This%20new%20Android%20malware%20is%20stealing%20passwords%20and%202FA%20codes%20%E2%80%94%20what%20you%20need%20to%20know
2. Bank call back verification for all overseas and local bank transfer - serve as real 2 factor authentication - as without customer confirmation, all online transfer cannot be authorised and approved.
If the current bank security features 2FA are considered foolproof with the touted userid, password as 1FA and digital token or SMS OTP as 2FA.
Rightfully, scammers despite getting the 1FA userid and password - cannot and shouldn't have acquire the 2FA - digital token or SMS OTP - to successfully login and access the bank account - if bank security is foolproof.
But the real fact is, scammers can acquire both the 1FA and 2FA through the compromise handphone - because bank online access allows all 1FA and 2FA to be landed on the same device - the victim handphone.
Previously, a hard token is issued to the customers. But now no longer the case - as banks increasingly use soft digital token or SMS OTP that land on the same handphone.
This is a security breach - according to the security best practices.
Hence if the customer are scam by malware or fool by scammers to release their 1FA, rightfully if security practices are tight, scammers will not be able to access the 2FA .
But bank online implementation make it do so.
So banks have equal accountability and responsibility - if a customer bank account is scam - and should have implemented a foolproof login process.
And if the bank account is breached due to the inadequacy of login security process, then banks should also have accountability to compensate customers for the loss suffer by the customers.
This means that if a scam victim sue in court if he/she got scammed even if the victim is wrong by releasing their id and password credentials or even 2FA via malware or fool by scammers - banks are still accountable if the victims has no wish to transfer their money to the scammers.
Because banks if do call back verification to check with the victim if the online transfer is authorised - and if the victim say no - the money will still be intact and not be scammed. The call back only requires 5 minutes - but go a long way to stop a scam.
By making the joint responsibility of banks and customers against scam - successful scam can be greatly reduced if not totally eliminated.
Then police involvement, prosecution, drastic rise in scam cases will not arise.
Why such a simple step not implemented?
In fact for the $1.3 billion scam victims, alot more time, manpower and resources are needed to trace, track, investigate by multi agencies hoping to recover the lost fund - a big portion cannot recover.
It cost alot more not only to banks, but also police, Telcos, IT experts, prosecutors, courts times, foreign affairs and so many others to nab the scam.
And yet victims suffer money loss and mental distress.
Not worth it to implement a slew of efforts to nab scam - as scam can in fact be stop at the source.
====
[0:34 pm, 22/05/2023] ☸️ Danny εΏ:
https://youtu.be/QxRy9sVUMQU
[0:43 pm, 22/05/2023] +SL: Scamshiew should be the default software installed on the new phone; continuing education and awareness of Scamshield. improve the ability of Scamshield to Blcok fake number in whatapps.
[0:49 pm, 22/05/2023] +SL: Package file is commonly used in Android. It is impossible to block all websites containing apk download pages. Users need to maintain their own responsibility by not downloading non legitimate software.
[0:51 pm, 22/05/2023] +SL: All internet-connected or network-connected devices have the risk of being victimized by hackers.
[0:52 pm, 22/05/2023] +Edwin: knowledge is the best form of firewall
[0:53 pm, 22/05/2023] +SL: According to website search, Man in the middle technique is commonly use to intercept 2fa.
[0:54 pm, 22/05/2023] +Frankie Wee: Setup copyright law
[0:55 pm, 22/05/2023] +SL: On surface it may work, in reality, will both work?
[0:56 pm, 22/05/2023] +Smiley face: Apple and Android?
[0:57 pm, 22/05/2023] +Frankie Wee: I think both.
But I noice more likely android unsecured
[0:57 pm, 22/05/2023] +SL: This usually happen after the telco breach.. Isn't it?
[0:59 pm, 22/05/2023] +SL: Sorry, I mean enact a law, but hackers will Still continue to hack, right?
[0:59 pm, 22/05/2023] +Smiley face: Perhaps so ..why so?
How about the play store?
[1:00 pm, 22/05/2023] +Frankie Wee: I suspected the shop mobile which sale used (second handphone) technically are skill backup the data all the inform passwords unsecured
[1:01 pm, 22/05/2023] +Frankie Wee: All thing are in spy
[1:01 pm, 22/05/2023] +Smiley face: Verifying the original ACCOUNT holder or no laws can apprehend these anonymous accounts? Or could stakeholders verify each account to a physical person+address?
[1:02 pm, 22/05/2023] +SL: excessive desire? Want to Make quick money?
[1:02 pm, 22/05/2023] +Smiley face: Whenever you trade or dispose off your faulty or good condition phone, how to clean your phone to factory settings?
Will deep cleaning really helps?
[1:03 pm, 22/05/2023] +SL: Security apps only working on android and harmony os
[1:03 pm, 22/05/2023] +Smiley face: Hi SL...
Greed and short cuts. Two temptations of modern human behaviors.
Thank you.
[1:03 pm, 22/05/2023] +Frankie Wee: How about the chip memory system if they are skill can backup all data file
[1:04 pm, 22/05/2023] +Smiley face: Backdoors to android system
[1:04 pm, 22/05/2023] +SL: R u refeting to state sponsor? Individual non high profile data is not common target in black mkt
[1:05 pm, 22/05/2023] +Smiley face: Unless stakeholders use quantum computing coupled with advanced synthesis of Algo and analytics! It's a big capital investment plus the essential IT staffs to maintain and on the 24/7 ops!
All scams will continue to thrive!
[1:06 pm, 22/05/2023] +SL: It is not the back door. Hardware and software manufacturers require continuous monitoring of the health of the devices/apps. Which is unfortunately explored by an unauthorised person.
[1:07 pm, 22/05/2023] +Smiley face: One thing first, each system update will send many of your data to the phone manufacturer!
[1:08 pm, 22/05/2023] +Smiley face: Likewise, any apps asking users to update or upgrade; all data especially this app will be uploaded to the application.
[1:09 pm, 22/05/2023] +Smiley face: Is like aspiring for Nuclear energy but lacking the nuclear scientists and staff!
So how to start a nuclear reactor?
[1:09 pm, 22/05/2023] ☸️ Danny εΏ: https://identitymanagementinstitute.org/sim-card-swapping-and-cell-phone-hijacking/
SIM CARD SWAPPING AND CELL PHONE HIJACKING
[1:09 pm, 22/05/2023] +SL: The resources of Enforcement of the law in this focus point light be x times as compared to the effectiveness. Hackers don't verify account. Any domain can be set up by them.
[1:09 pm, 22/05/2023] +Frankie Wee: Example when you use the app bitcoin wallet once u deleted there will still on activated. However clip may backup
[1:10 pm, 22/05/2023] +Frankie Wee: And trying to get all contact personal details
Scam likely known their name or whatever
[1:11 pm, 22/05/2023] +SL: Use a hammer to physically destroy it is the highest level of security best practice
[1:11 pm, 22/05/2023] +Frankie Wee: 100% destroyed but they want trade in $$$
[1:11 pm, 22/05/2023] +Smiley face: One way.
[1:12 pm, 22/05/2023] +SL: How about apps developer?
[1:12 pm, 22/05/2023] +Smiley face: Microsoft and Google may have the solution to all of these scams, spams and etc!
The old days of Norton and so on...
The Internet Police?
[1:13 pm, 22/05/2023] +Smiley face: Yes, like a kickback, like a Dividend to them!
No free lunch!
Thanks, SL for bringing it up.
[1:14 pm, 22/05/2023] +SL: The only way, I think, non-physical destroy on a phone is 80% clean, there is residual data sets if use software cleaning. I excluded those clould backup related topic because it will ruin everything discuss in this answers.
[1:14 pm, 22/05/2023] +Smiley face: So what are the best protocols to avoid all these unnecessary cheats and scams?
[1:14 pm, 22/05/2023] +Smiley face: Cloud is another BIG LOOPHOLES!
[1:15 pm, 22/05/2023] +Smiley face: Data is money?
[1:15 pm, 22/05/2023] +SL: The user might need to trade he/she security appetite with trade-in amount that he/she is willing to accept.
[1:15 pm, 22/05/2023] +Smiley face: Cloud is the money bank!
[1:15 pm, 22/05/2023] +SL: No way to fix.... π€£
[1:16 pm, 22/05/2023] +SL: The most economical way is continue education and awareness and some IT control and law enforcement ?
[1:17 pm, 22/05/2023] +SL: You sure? π€
[1:17 pm, 22/05/2023] +Smiley face: 9/10 users will trade in their old phones for the new ones!
Never in their mind to hammer or to bbq the old phones?
There is value for all these old phones that will be recycled or repaired to be resold to other less developed or developing countries!
Hopefully, scammers don't buy over these old phones?
[1:18 pm, 22/05/2023] +SL: π€£π€£
[1:18 pm, 22/05/2023] +Smiley face: IT control needs some knowledge.
[1:19 pm, 22/05/2023] +SL: Remotely you means?
[1:20 pm, 22/05/2023] +SL: Telco, anti virus company + govt agency?
[1:21 pm, 22/05/2023] +Smiley face: What if you are Microsoft or Google?
Are you pitching for the best AI or the most powerful chat?
In this chat, perhaps the developer will offer a Security package to SECURE all scams and spams?
After all, it is wise for either one to sell an internet security pack to all users including corporates?
Money making opportunities?
[1:22 pm, 22/05/2023] +Smiley face: Will Microsoft or Apple or Google do an anti-virus pack?
[1:22 pm, 22/05/2023] +Smiley face: Telco is a connector
[1:24 pm, 22/05/2023] +Smiley face: How then Norton sold the idea of an antivirus package!
Fear: fear of computer crashed and the lost of data!
[1:25 pm, 22/05/2023] +Frankie Wee: All control by IMDA
[1:25 pm, 22/05/2023] +Frankie Wee: Norton is evil
[1:26 pm, 22/05/2023] +Smiley face: How to educate across all age groups, gender, race?
Awareness wise, many folks know there are scams on the net!
So how?
[1:26 pm, 22/05/2023] +SL: I hope the retail shop does erase the data Securely and resets to factory mode ethically. Otherwise, residual data will fall into the wrong hands.
[1:26 pm, 22/05/2023] +Smiley face: Wow!
How about other providers?
[1:27 pm, 22/05/2023] +Smiley face: Integrity of the shop.
It can be a Telco shop or a neighborhood hp shop.
[1:29 pm, 22/05/2023] +Smiley face: Are these patterns of sequential logic deployed by these scammers? Or are they operating on a blitz manners of hit and run?
[1:29 pm, 22/05/2023] +SL: Wow... You also observe how the Business world is. π I think this topic abt the AI and 2 companies is too sensitive.. shall we stop here?
[1:31 pm, 22/05/2023] +SL: Usually, tech companies push out patches to fix coding vulnerabilities. Anti-virus software company taking care of antivirus.
[1:33 pm, 22/05/2023] +SL: there are many many viruses out there. Hence antivirus is required. Another sensitive topic? π
[1:34 pm, 22/05/2023] +Edwin: impossible to mitigate..scam and phishing email are targeting 3 elements of human weakness..fear, uncertainty and doubt
[1:35 pm, 22/05/2023] +Edwin: or perhaps one more..greed
[1:35 pm, 22/05/2023] +SL: Continue via school, community projects, newspapers, tv shows, posters, events, cinema advertisements etc.
[1:36 pm, 22/05/2023] +SL: The human handles these old phones that matter.
[1:37 pm, 22/05/2023] +SL: From a criminology perspective, for this type of crime, scammer (group?) use all methods to increase the hit rate.
[1:38 pm, 22/05/2023] +SL: Greedy too..
[1:53 pm, 22/05/2023] +Anne: What I do:
1) Don’t share personal and family information including photos in social media unless necessary
2) I have two phones. One with only 1 banking app, the other to receive OTPs. My accounts at the banking app hold very little money, enough for normal transactions. My long term savings are not there. When I receive my income I will quickly transfer out my long term savings and pay my bills immediately. I may also prepay some of my bills that are not due yet. The other phone receiving the OTPs do not have any financial apps installed.
3) I do not store user ids and passwords on my phone and computer.
4) I do not pick up calls from unknown numbers. I do not click on links from unknown numbers.
5) I installed anti-virus and anti-malware and cleaning software from reputable companies on my computer and run them regularly.
6) I cover my video cam with a tape and only uncover it with I need to to video conferencing.
The idea behind what I do is I cannot totally prevent myself from getting scammed, but I can minimize the damage if I happened to get scammed.
[1:55 pm, 22/05/2023] +Smiley face: ChatIT #3 - How to identify, intervene and implement changes to almost every existential living environments?
How to test these critical identifications of early adaptations of becoming the future Digital normads? (thinking like Genghis?)
[2:00 pm, 22/05/2023] +REACH: π’ Topic π’
In the past week, a police report has been lodged over an unofficial Police@SG app hosted on a third-party app-hosting website, and a warning against new phishing scam variant involving fake ScamShield app has been issued. The police also urged the public to stay vigilant by not granting permission to persistent pop-ups that request access on a device, among other things.
π¬ In light of the recent scams, how have you changed the way you utilise digital services? How do you think we can better protect and support Singaporeans to act against scams?
π Phishing Scam involving fake ScamShield App
This scam involves the sale of food via social media platforms (e.g. Facebook). The scammers would then send a link to the victim and tell him to use it…
[2:06 pm, 22/05/2023] +Edwin: fake friend scam - always verify that is indeed your friend
[2:07 pm, 22/05/2023] +Edwin: investment scam - anything that is too good to be true avoid it
[2:07 pm, 22/05/2023] ☸️ Danny εΏ:
Authenticator apps such as Singpass apps is safer than SMS OTP - cannot be intercepted by man in the middle attack.
Unless the victim smartphone is remotely controlled by hacker, than the authenticator apps won't help the victim.
[2:07 pm, 22/05/2023] +Edwin: ecommerce scam/concert scam - again too good to be true
[2:08 pm, 22/05/2023] +Edwin: verify, verify and again verify
[2:09 pm, 22/05/2023] ☸️ Danny εΏ:
Likewise banks authenticator apps acting as digital token are safer than SMS OTP - as man in the middle attack cannot happen.
But if hacker remotely control victim handphone - then scam can still be carried out.
[2:23 pm, 22/05/2023] +Jimmy Chew: Anyone knows where thumb prints data are in the phone ? If so, once there's a phone takeover everything is there. They take over your phone when you're sleeping and use phone banking to do the needful
[2:25 pm, 22/05/2023] ☸️ Danny εΏ:
Biometric authentication can be disabled if malware take over the handphone.
[2:28 pm, 22/05/2023] +Singapore Maid Agency: When u when to scam ppl you will
Plan…..
[2:30 pm, 22/05/2023] +Singapore Maid Agency: That’s the point what scam wants was $$$$$ that’s what I share with all around me.
[2:45 pm, 22/05/2023] +Smiley face: 22 May, 2023
"It all started with a person or a group of people, no magic wane...!"
- - anonymity
Perhaps, these hackers are unstoppable because there will always be one loophole to enter and transact!
So how to begin the beguine?
Key areas are banking, shopping and public services. These three big providers of services and goods must DESIGN a common layered security platform so much so to the extend of STANDARDIZING critical information policing through AI without third party especially not to "outsource" in parts or "friend source" in small portions these highly strategic data assets! All these security measures are temporary fencing because it will be hacked in just a matter of time and/or the ripe timing (embedded)! High flow of data and low volume both have vulnerable spots in the information highways.
One exception to prevent hacking is a super computer with a highly sophisticated and unique machine "language" which the Chinese, the Russians, the Israelis and the Americans are currently driving their national securities from tradings to sensitive documents all secured in these deep "vaults" not in the clouds! Cloud computing can be simulated as well as easily compromised with breachable key attributes aka codes!
One final word, do we need to collaborate with the BEST to learn (from Denmark), to exchange infor and to proactively upgrade our dynamic systems?
- - in progress - -
[3:12 pm, 22/05/2023] ☸️ Danny εΏ:
1. I don't want to sound alarmist.
2. Even though 4G network is deem safe - because of authentication and encryption - touted to be safer than bluetooth, wifi etc.
3. But theorectically, the mobile 4G network has inherent vulnerailibilities at its layer 2 - the link layer.
4. Mobile 4G network is difficult to hack - but State hackers with intricate knowledge, skillsets and resources - can hack a 4G network by penetrating the layer 2 vulnerabilities.
a. Passive attacks - website fingerprinting.
b. Active attacks - aLTRe user data redirection, DNS spoofing
5. Of course such sophisticated mobile 4G hacking will not be directed to any man-in-the-street - mainly directed at highly prized individual.
6. Hence, to summarise, mobile network is not entirely safe.
Putting the onus entirely on the people, and putting the entire burden of the loss through hacking and scam on the people - is not entirely fair.
There must be some foolproof mechanism - which i have suggested - bank manual "call back verification" - for all oveseas and local bank transfer - is now the only safest way (2FA) to ensure people's money are not scammed, transfer away against their wish and authentic approval of bank transfer by the bank customers.
7. I can't think of any other "digital foolproof" method of authentication or ensuring people are not scam ----- if "digital only authentication" are used.
[3:13 pm, 22/05/2023] ☸️ Danny εΏ:
https://alter-attack.net/
Hacking 4G network.
[3:19 pm, 22/05/2023] +Frankie Wee: 5G high speed than 4G / LTE
The world market going to fast transfer data. Next new 6G network
I ensure whole world will developing new security.
Time for old user.
[3:20 pm, 22/05/2023] +Smiley face: Internet banking is one big concern for the not so savvy and digitally fluent folks?
[3:21 pm, 22/05/2023] +Smiley face: Perhaps, the future new phones will come with antiviral software apps, payable on an annual fees basis?
If one chooses not to renew the annuals, the risks of hacking will be real and more frequent too?
[3:23 pm, 22/05/2023] +Frankie Wee: Business security for money
[3:25 pm, 22/05/2023] +Smiley face: Higher paid jobs locally or abroad or part time jobs are areas for scammers to cheat the innocent people who are desperate to find a better pay job or second job or go overseas in hope to earn more money!
[3:25 pm, 22/05/2023] +Smiley face: Hi Frankie,
Finding growth and profits!
Thanks for your pointer!
[3:29 pm, 22/05/2023] ☸️ Danny εΏ:
Anti-virus software not effective against passive and active hacking.
You will need IPS (Intrusion prevention system), siem (security incident and event management), apt (advanced persistent threat management system) to prevent hacking.
All these are out of reach for even many big organisations including MNC.
Only security organisation, government, home security and military have expertise, skillset and resources to manage it.
They are entirely out of reach and out of depth from the man in the street including IT workers.
[3:32 pm, 22/05/2023] ☸️ Danny εΏ:
SingHealth network was attack by state hackers employing apt (advanced persistent threat) - it go undetected for months.
Reasonably, all the above security systems are not in place to detect such sophisticated state attack.
[3:41 pm, 22/05/2023] +Smiley face: Thanks Danny,
We all know now that stopping these scammers is almost impossible to neutralise and apprehend them.
So the next sensible and prudent for people or businesses ways are?
[3:45 pm, 22/05/2023] ☸️ Danny εΏ:
Bank call back for all bank transfer - overseas and local.
[3:47 pm, 22/05/2023] ☸️ Danny εΏ:
Else bank compensate all bank transfer loss if failure to do so.
[3:47 pm, 22/05/2023] ☸️ Danny εΏ:
MAS mandate this
[3:47 pm, 22/05/2023] ☸️ Danny εΏ:
Compensate bank customers.
[3:55 pm, 22/05/2023] +Frankie Wee: All bank system can frozen their account when got alert scam from transfer and received large amounts.
CAD will reach investigation every monthly.
[3:56 pm, 22/05/2023] +Rama: Account freeze for local banks can be initiated by customers.
[3:58 pm, 22/05/2023] +Frankie Wee: Possible imitation by customers but they can’t withdraw cash or transfer unit clear case closed.
[3:58 pm, 22/05/2023] +Rama: Yes
[3:59 pm, 22/05/2023] +Frankie Wee: I read the story malaysia got scam by moneylenders.
[3:59 pm, 22/05/2023] +Rama: Hugh!?
[4:00 pm, 22/05/2023] +REACH: π’ Topic π’
In the past week, a police report has been lodged over an unofficial Police@SG app hosted on a third-party app-hosting website, and a warning against new phishing scam variant involving fake ScamShield app has been issued. The police also urged the public to stay vigilant by not granting permission to persistent pop-ups that request access on a device, among other things.
π¬ In light of the recent scams, how have you changed the way you utilise digital services? How do you think we can better protect and support Singaporeans to act against scams?
π Phishing Scam involving fake ScamShield App
This scam involves the sale of food via social media platforms (e.g. Facebook). The scammers would then send a link to the victim and tell him to use it…
[4:00 pm, 22/05/2023] +Frankie Wee: To top it off, Lisa was threatened into giving up her ATM card, and her account was used to transfer illicit funds. She was eventually given a conditional warning by the police for being a money mule.
Latest figures released by the police in August showed another increase in scams - 85 per cent up in the first half of 2022 compared to the same period last year - driving up the total reported cases of crime.
https://www.channelnewsasia.com/singapore/scam-money-mule-loanshark-laundering-police-2918461
[4:04 pm, 22/05/2023] +Smiley face: Three dimensional, geometric.
[4:06 pm, 22/05/2023] +Smiley face: Geometric?
A line is one dimension
A cut and paste onto another page is one dimension
A thumbprint is one dimension
A signature is one dimension
A OTP is one dimension
A 2FA is two dimensions
A QR code is two dimensions
A Cubic is three dimensions
What if someone can breakthrough using dimensional ways of security logs?
Fourth dimension is related to electromagnetism, is impossible!
[4:07 pm, 22/05/2023] +SL: Starhub got a service on broadband shield or cybersecurity shield for PC and headphones. I agree that not all organisation is able to hire cybersecurity expertise. Ips and apt is an expensive gadgets. For those who really can afford, use the enterprise version of antivirus antimalware solution for own home, it give addition comfortable, if can buy the hardware firewall and ppoe.
[4:07 pm, 22/05/2023] +Suma pamu: Just wanted to share
My daughter Mobile number no ones knows except we parents.
But she got many scam calls and Whatspp msgs.
Who is actually sellling data
Many times we observed Its this Singtel Fellows sharing our mobile numbers
They are leaking the data
It happend few times alrdy
And How many number of scam calls i get
Can not remember
All claiming govt agencies
This digital world is real crazy
How much we care, scammers learning new methods
[4:08 pm, 22/05/2023] +SL: I means for home, it will reduce the opportunity of hackers lacking home network with enterprise version solution /hardware.
[4:08 pm, 22/05/2023] +Rama: Telco staff owe loan sharks so this is one way how they pay back their illegal loans
[4:09 pm, 22/05/2023] +Frankie Wee: Staff is illegal borrowing unlicensed moneylender
[4:10 pm, 22/05/2023] +Suma pamu: π³π³π³
[4:10 pm, 22/05/2023] +SL: Defense-in-depth under the nist framework is a good defense point.
[4:14 pm, 22/05/2023] +SL: Covering the build in camera is the basic hygiene. Auto update of virus signature is crucial and, importantly, performs routine scanning. To store password on a gadget, better use the reputable password manager software.
[4:15 pm, 22/05/2023] +SL: Hi ~π, your question is?
[4:16 pm, 22/05/2023] +Smiley face: What's your answer? Chatmate?
[4:18 pm, 22/05/2023] +SL: There is another risk : Remote recording by hacker and key loggers if the phone do not have proper patching and anti malware/virus
[4:28 pm, 22/05/2023] +SL: There r commercial tools out there that can bypass fingerprint lock. If I remember correctly for Android, the fingerprint is stored in tee. Similar to iPhone.
[4:30 pm, 22/05/2023] ☸️ Danny εΏ:
Digital transaction still not 100% safe and foolproof.
[4:34 pm, 22/05/2023] +Frankie Wee: Three dimensional show has 3rd time of paste and copy at same line multiple create and 4th final hide seek in point centre.
[4:35 pm, 22/05/2023] +Frankie Wee: Three dimensional show has 3rd time of paste and copy at same line multiple create and 4th final hide seek in point centre.
[4:35 pm, 22/05/2023] +Smiley face: Hi Frankie,
Chatmate!
Thank you for SEEING it!
[4:36 pm, 22/05/2023] +Frankie Wee: But key point is a code where begin the begin line to open unknown
[4:36 pm, 22/05/2023] ☸️ Danny εΏ:
Hence I advocate a hybrid authentication procedure - Digital + manual.
Rather than totally relying on full digital Authentication and transaction.
[4:36 pm, 22/05/2023] +Smiley face: What if multidimensional microchips plus multiples sequencing taking from Fibonacci
[4:36 pm, 22/05/2023] +Smiley face: Frankie, you are on the run!
Bravo!
[4:37 pm, 22/05/2023] +Smiley face: What is QR code?
[4:37 pm, 22/05/2023] +Smiley face: Each dimension of length can be continuous or broken!
[4:37 pm, 22/05/2023] +Smiley face: Frankie, please deep dive more!
You got it!
Thanks!
[4:38 pm, 22/05/2023] +Smiley face: How electric pulse flows...
0 or 1 or something more!
[4:40 pm, 22/05/2023] +Smiley face: In nano second....
[4:41 pm, 22/05/2023] +Smiley face: A P French, an Old MIT physics professor once wrote text on vibrations and pulse
[5:11 pm, 22/05/2023] +SL: Level 2 is just abv infra, it is the basic foundation of communication. There is no foolproof mechanism to eliminate all risks. We can only hope the current solution is able to managed the risk within the open system connection.
[5:13 pm, 22/05/2023] ☸️ Danny εΏ:
Hence cannot mandate digital transaction as foolproof and make bank customers inherit the full loss in a scam bank transfer - as we know that all internet connection are not zero risk proof.
[5:20 pm, 22/05/2023] +SL: IPhone only can work on enterprise version anti malware
[5:23 pm, 22/05/2023] +SL: Apt usually is targeted and explored zero-day weaknesses. Generic commercial off the shelf is not able to detect it.
[5:23 pm, 22/05/2023] ☸️ Danny εΏ: https://www.straitstimes.com/singapore/new-website-for-residents-to-search-for-budget-meal-options-at-hdb-coffee-shops-near-the
Just to share some good news.
[5:23 pm, 22/05/2023] ☸️ Danny εΏ:
Budget meals go where.
https://www.gowhere.gov.sg/budgetmeal/search?sort=relevance
[5:25 pm, 22/05/2023] +SL: I do not understand the initial question you ask. Can you further clarify your question? Appriciated π
[5:28 pm, 22/05/2023] ☸️ Danny εΏ:
To detect apt - they need high end security devices and systems to detect.
Skill security experts are needed to interpret possible penetration.
Normal IT professional may not be able to do so.
[5:30 pm, 22/05/2023] ☸️ Danny εΏ:
There are many false positives, false negatives and other scenarios that will confuse even IT professionals.
Only trained security experts who can look at anomaly and traffic patterns can map out and do forsenic to detect an apt has indeed taken place.
Of course now with the help of AI, the job may be easier.
[6:01 pm, 22/05/2023] +REACH: π’ Topic π’
In the past week, a police report has been lodged over an unofficial Police@SG app hosted on a third-party app-hosting website, and a warning against new phishing scam variant involving fake ScamShield app has been issued. The police also urged the public to stay vigilant by not granting permission to persistent pop-ups that request access on a device, among other things.
π¬ In light of the recent scams, how have you changed the way you utilise digital services? How do you think we can better protect and support Singaporeans to act against scams?
π Phishing Scam involving fake ScamShield App
This scam involves the sale of food via social media platforms (e.g. Facebook). The scammers would then send a link to the victim and tell him to use it…
[6:07 pm, 22/05/2023] +Smiley face: Hi SL,
22 May, 2023
(SL, is part of a longer essay written awhile back. Hope is useful to you and anyone?)
" When you change a structure and/or a matter into something new and new uses, you just created a new thing, a new way and a new idea. It's that simple!"
- - anonymity
Big picture?
The bigger the idea is (problem), the more you need to work with more people, the breadth and the depth. And the bigger the problem is solved, the greater will be the rewards in the waiting; think empathy for your users and enriching them with your invention or creation than the temptation of monetary gains to no ending. When you got it all rite, at the end, you will be rewarded. Finally, redefined the possibilities and go for the impossibles; personifying these three exceptionals that is Bravery, Boldness and Creativity to see beyond the reality...
How to start it?
To create is to take a raw idea or a bunch of good ideas and build it into a marketable or workable solution to benefit as many people as it could bridge it. A broad extent, what are your intentions, your markets or target population and the list of challenges to solve and the benefits this creation will bring to it (or transform)?
The Breadth?
So how to get ideas...
Gather many people to generate Ideas of all spectrum from a clear and carefully defined parameters set by the creator. (Avoid GIGO-garbage in-garbage out)
From the preliminary raw scores of ideas, identify a finite group of individuals that deem to as the best among the pool of Ideas to proceed onto the next level of the creativity game.
The depth?
Focus and Zoom-in...
In this focus portion, the group game plan is to further and deepen these qualified ideas to form several prototypes of your ultimate creations. For product, these prototypes are the tangible and quantify model towards the final product to scale.
The final stage is to select a handful of prototypes and purpose-built it and test it over and over with the selected and qualified idea contributors from the previous focus group. It is a see-saw approach mirroring the previous stages and importantly, not to lose sight of the original intent and the mission of this creativity exercise that is: to find the final solutions or the final products or the project.
"Its over and done, if it's about the capacity of the human memory and the functions?"
- - anonymity
Today, there is an urgent task to embrace and empower all of our students to know what is bots, robots and algorithm and coding and how to use the various digital tools to productive use. From basic knowledge onto higher machine learnings, deep learnings, advanced coding and maintenance of systems, automations including robots; all of these require a sets of different techniques and it will be highly technical especially for those who need to operate with the highest precision of productions in pursuing exceptional results and out of the world breakthroughs in future technological capabilities such as digital-mechanical-biochem-materials.
- - chatIT #2 - -
[6:27 pm, 22/05/2023] +Smiley face: How can we merge the existing old school of thoughts with the new digital ways of doings and a new knowledge base, that's itself transformation?
[6:28 pm, 22/05/2023] +~N: 1. PDPA needs the be taken seriously. There should be no unauthorized access of personal data or contacts in all public and private organizations across all levels of staff. There should also be control over which type of organizations or business has reasons to request for personal information/permission access.
2. Banking industry to improve on digital verification and trace of monetary transfers.
3. SingPass access for senior citizens can be linked to NOK alert trigger. It is not uncommon for senior citizens to simply pass their access to whoever they think can help them without realizing the risk.
[6:33 pm, 22/05/2023] +Smiley face: One good way to cut down exposures, that is PDs.
Thanks, N for bringing it up.
[6:45 pm, 22/05/2023] +REACH: Dear Contributors,
⏰ We will be closing the chat in 15 minutes ⏰
Thank you very much for being part of our WhatsApp chat and participating actively.
Goodnight!
Megan π
[6:59 pm, 22/05/2023] +Smiley face: 22 May, 2023
"In the meantime, the predators will have all the advantages over the prey; how to neutralise?"
- - anonymity
A game of Prey and Predator!
The common mindsets of most of us are compliant to law and order. The predators (scammers) know all of these psychological weaknesses; how the way we respond to matter of urgency, how the way we react when rules, laws or opportunities arise and the sequence of our daily routines?
Are these patterns of sequential logic deployed by these scammers? Or are they operating on a blitz manners of hit and run?
"It is not when it will happen, it will happen sooner than later."
- - anonymity
Going forward within five years, with AI and humanoid voice and/or video capabilities, the game of cheating or scamming will be harder to differential between real or fake. And more people will fall prey to these predators!
Forward thinking to five years, the power of quantum computing shall determine who's first and first thing to conquer the rest in the internet of things; for goodness or badness! So how should the stakeholders from content providers, google, twitter, TikTok, IG, Whatsapp, Shoppe, Grab, SMS and banks to Telco all come together to respond to the future of scams given the power of countings are reachable for any party concerned or if not all of these internet stakeholders with their users in mind to PROTECT all of them?
What sorts of advanced analytics and augmented algorithms to spot, to stop, to identify these accounts of origin and lastly to apprehend and/or cancel them?
Personal Checklist?
All incoming phone calls, emails, short messages that are not your friends nor people who you knows; Just do not response to all of these potential traps, threats and all unnecessary or unknown apps!
Government agencies should clarify in unison, in simple words to tell the public how they would conduct themselves whether it is a physical visit, or a phone call or through the internet whenever there are needs for the authority to contact any individuals for all matters. An unique protocol not easily copied or duplicated by scammers?
- - in progress - -
[7:00 pm, 22/05/2023] +REACH: Dear Contributors,
We will be closing the chat for today.
Thank you very much for being part of our WhatsApp chat and participating actively.
Goodnight!
Megan π
====
No comments:
Post a Comment