Cloud Hosting

SINGAPORE Scammers who took control of the phones of more than 30 OCBC Bank customers were prevented from stealing at least $2 million following the release of a security measure that blocks access to the banks Internet banking services in the presence of a suspicious app.

Since the update to the OCBC Internet banking app was released on Aug 5, no losses from malware scams had been reported by the banks customers who were using this version of the app, OCBC said in a statement on Thursday.

The security feature, which blocks access to the banking app if it detects apps from non-official platforms and flags those with risky permissions settings, was rolled out as a response to malware scams that give hackers control over a victims device.

It was released after a meeting among banks and the authorities to crack down on malware scams and roll out stronger security features to tackle them, The Straits Times understands.

OCBC received reports from more than 30 customers about their Android mobile phones being hacked by sideloaded apps from non-official sources, such as those outside Google Play Store.

The apps introduced a virus that gave fraudsters control of the victims device, but they were not able to make fund transfers through the OCBC app, said the bank.

The security measure also prevents scammers from logging on to OCBC Internet banking via a web browser to access customers bank accounts as it would require a physical hard token since the digital token has been frozen, said the bank.

OCBC added: While there was already more than $2 million in these customers savings accounts, the amount that might have been lost to scammers could have been much higher as scammers have previously redeemed fixed deposits and unit trusts early, or drawn down cash advances under customers credit cards.

The security measure drew criticism from some users, who said they were unable to concurrently use apps from non-official platforms, such as China-centric apps for business.

The Monetary Authority of Singapore has since backed the banks security feature, and said on Aug 8 that any unintended inconveniences are in the nature of new innovations, and that it will work with the banks to learn from these experiences.

It added: Security measures will come with some measure of added inconvenience for customers, but they are necessary to maintain security of and confidence in digital banking.

DBS said on Thursday in reply to ST queries that it is working with the authorities and industry partners on ways to tackle malware scams.

Its spokesman said: There is a need to take a considered approach for this.

As we work to provide a robust level of protection for our customers, we also want to keep the customer journey as frictionless aspossible.

DBS Banks active surveillance measures protected customers from various scams, including malware scams, with at least $16.5 million in losses prevented over the past three months, said the spokesman.

Malware scams have grown in numbers in past months. In August, at least 27 victims lost around $325,000 after sellers advertising moon cake sales on social media directed them to install Android Package Kit (APK) files that contained viruses.

Read this article:
At least $2m in savings prevented from being stolen in malware ... - The Straits Times