你太看得起狮城帮网友了吧

新来的?这种随便发，没人删

法庭是要讲证据的客户的每一步操作，银行那边都有记录，到时候让证据说话吧。

银行的责任是保管客户财产，但是客户自己把钥匙交给骗子，这难道也是银行的责任？

没有本质区别羊毛出在羊身上，罚ocbc也好，让ocbc把钱补回去也好，最后的成本还是ocbc的客户承担，比如更多的卡收年费，更少的waive late charge，更差的汇率等。这和当年罚sbs没区别，你罚了我亏了就只能涨车资，或者裁员司机降低车的频率。

从法律层面，估计普通客户也没啥可能可能告倒ocbc最多是ocbc和mas角力。站在国家层面，mas肯定不能让ocbc来担当责任，否则就是mas监管不力，那么会影响整个新加坡金融枢纽的地位。

个人觉得，其实政府的责任更多一些。首先要创造一个安全的环境。中国有大把的经验对付某岛骗子，就是不学，让银行和客户去对付有政府撑腰的骗子集团，根本就是以卵击石嘛，能胜利才鬼了。要对付，必须是政府出面，协调各方力量，比如电信，手机开发商，银行和客户教育。现在本地做的最多的就是刷几张提醒广告，根本阻挡不住。

银行的记录可能把骗子的操作当成用户操作了那么就是ocbc银行的责任了。

否则为什么dbs，cimb，uob银行没有人被骗？

对付在缅甸的电信骗子可以通过家人所在当地政府施压，这个不同

ocbc还可以选择倒闭股东和债权人就惨了。

放些蠢人在重要岗位就是这么个结果。

刚看到新闻说某其他地区的电信基础设施被劫持用户的SMS OTP可能通过跨区域电信之间的联网被截取。

刚刚查了一下邮件，比较了DBS和OCBC之间的不同。

DBS的Digital token，需要密码+SMS OTP+Email OTP三次认证才能激活。

而OCBC的OneToken，只需要密码+SMT OTP两次认证就能激活。

这一切都是用户“授权”骗子操作的呀你要这么说的话，那为啥其他ocbc的客户没有被骗呢？

不是陆续有更多ocbc客户被骗吗？骗子人手有限啊，假以时日必定能满足你的要求骗光所有客户的钱的。

ocbc开户门槛3000，dbs才500
ocbc客户在概率上不可能比dbs客户笨的。

我就是ocbc的客户，我倒要看看骗子怎么来骗我手机端和网页版都在用，还有pay anyone，等候骗子来。

你真行，就算OCBC本身 也不好意思像你这么问吧骗了几百人还不够多啊

有心人可能发觉1.为什么钓鱼网站只针对OCBC?
2.为什么诈骗事件突然爆发而且时间集中？
3.诈骗成功率高吗？

1/2 >> 有系统漏洞 赶紧在被补丁前干一票大的走人
3 >> 有内鬼泄露客服资料 大数据筛选下 确定受害人名单

这个事件 其实应该由国家级政府机构介入主导
一个sms的alphanumeric sender ID 可以随意由第三方随意篡改而且不具法律约束
试想想 同样的情况在政治集会/反恐事件内会发生什么状况？暴力颠覆政权/大量人命伤亡....
可能million dollars minister 的存款不在OCBC....so.....

我一直觉得是电信公司和手机生产商的错电信公司就不可以封杀 这么多垃圾电话？
既然说+65 的是诈骗电话 为什么不直接把+65 的电话禁到 这样 用户就收不到电话了？

那种诈骗网站，ida 应该来一个 禁一个
发个poster 提醒公众有什么用？

沙发... 楼主连是谁的锅都没搞清楚就开始喷了

SMS spoofingAn SMS spoofing attack is when a scammer sends you a spoof text message. What makes the text a 'spoof'? A scammer will change the Sender ID number or name for a sender name of a trusted company, brand, or service. They aim to commit some sort of fraud and get access to your private data.

“SMS originator” is another term used in the industry which refers to Sender ID. Sending spoof text messages is also referred to as "SMS originator spoofing".

A third of respondents to a MEF survey said that they’ve received an SMS from someone who claimed to be someone else.

The fraudulent sender’s ultimate goal is typically financial gain, which can be achieved in several ways:

SMS phishing, also known as SMiShing, occurs when a scammer poses as a reputable brand to extract user credentials. For example, a scammer posing as a bank sends a message to mobile users with a link to a fake banking website, asking users to log in to change their passwords. This can also happen with email accounts. If the user falls for the scam, the scammers can access their accounts and view their private financial data.

SMS malware messages are sent to mobile devices with a link, similar to SMS phishing. The link, in this case, triggers a download of malware that is installed on the device. Files can be accessed and the device might not even function anymore.

Social hacking occurs when scammers pose as popular social media websites, linking users to a fake login page to extract login credentials. Once the credentials are obtained, hackers can use real social media accounts to further access a person’s digital life and financial information.

With a spoofed sender name or ID, these attacks become easier to do. It may be obvious to you that a scammer is trying to commit spoofing when a large company like Apple or Barclays bank text you out of the blue asking for your password details, but the SMS spoofing professionals will take advantage of small local brands to make it harder to spot.

Spoofers can cause damage in other ways. A spoof text can damage the reputation of businesses and brands as SMS messages can be sent in their names to send spam and abusive content to their mobile users and customers.

SMS spoofing is usually done in mass quantities. Scammers orchestrate large-scale spoofing attacks and work together to make the scam successful. If only 1% of users fall for the scam but the scale of the SMS spoofing attack was 10,000 people, the scam was still effective.

不一定有漏洞不一定有漏洞，但骗子一定针对的是防护较弱的一间银行下手。如果SMS能通过在其他国家控制电信网络用类似强制漫游的方法截取。

用钓鱼网站骗到用户的用户名和密码->筛选用户名可能就就是手机号的账号->设置截取该手机号的SMS->使用用户名和密码激活OneToken->截取SMS OTP完成二次认证->用新激活的OneToken就可以干任何想干的事了

Rob Malcolm , runs the largest sms messaging company in the world Answered Jan 1Yes, it is possible to backtrack a SMS spoof (i.e. trace the message to determine who the actual sender of the message was). The first thing to know is that all SMS messages are delivered by a machine called an SMSC, and every SMSC requires a unique address; they need a Global Title which is similar to a telephone number and a Point Code which is similar to an IP address in SS7 terms.

In order to obtain these unique addresses a company is required to apply for them through a country regulator who will do background checks to ensure the company is legitimate. As a consequence every single SMS message sent can be traced back to the company that has been permitted to send a message by a regulator.

This company will then be able to trace the message down the value chain, and through its customers, and the customers of its customers and so on and eventually determine who the legal sending party was.

At this point it is very likely that the message was sent through what is called an SMS portal, which allows anyone to sign up and send a SMS after buying credits with a credit card and agreeing to simple terms and conditions. If a legitimate credit card was used, then you have found the guilty party, if a stolen credit card was used, then this becomes a little more difficult and using IP addresses and a variety of other digital forensic information could lead you to the guilty party.

99% of spoofed messages are sent via legitimate networks without trying to subvert the identity of the SMSC and as such the above is relatively easy to achieve in a few days after the message is sent. In rare circumstances a spoofed message could be sent in combination with another type of fraud; GT spoofing, which is a way of masking the identity of an SMSC. This is a very complex fraud, and is difficult but not impossible to trace, but requires the co-operations of a number of parties in the value chain and could take months to figure out.

If you are victim to a spoofed message, contact your carrier immediately and report it. They will run through the above procedure to ensure the offending party is blocked. In rare situations, where a crime is committed within the spoofed message e.g. death threat, then this should also be reported to local law enforcement who will investigate together with your carrier using the above process.

Can the sender SMS sender ID be spoofed?In many countries the sender ID can be set to whatever the sender wishes. This means that there is a danger that a fraudster could attempt to impersonate an organisation or individual.

There have been many illegal smishing campaigns that attempt to convince consumers to visit fake websites and enter their account details. (Smishing is similar to email phishing except the fraud is attempted over SMS.)

SMS smishing fraudsters will often use the sender ID to convince the recipient that the message is from a legitimate source.

Alarmingly if someone sends a text from a sender ID that is already a contact in your phone, rather than just displaying the digits of the number set, the person’s name will be displayed.

The message will also appear in the message thread, making it appear even more genuine.

The example below shows a spoofed sender ID as ‘Graham’.



Country restrictions on setting the SMS sender ID?



The ability to set the sender ID depends on which country you are sending to. In the UK, you have complete control over what you set it as. In many countries including the US, the networks do not permit you to send messages from a custom sender.

All messages must come from either a local long code (that looks like a normal mobile number) or from a short code.

Each country and network has its own rules on what is permitted.

If you attempt to send a message with a customised sender ID to a country or network that does not permit them, then the sender ID will usually be replaced with a local long code or the message may fail to be delivered.