OCBC is a Singapore-based international banking and financial service. It was hit by phishing scams that cost around $13.7 million. All of this occurred due to a single click by the users and their disclosure of personal information and login credentials. Phishing attacks against OCBC customers began around December 8, 2021, and continued until January 19, 2022. During this time period, the bank and the authorities were informed about the phishing schemes that had been going on. (Fintechnews, 2022).
Analyze the Incident
The OCBC bank cyberattack was carried out with the help of a smishing attack. Smishing attacks are carried out through text messages; this is why they are known as “smishing.”
For example, The attacker sends the victim a text message while masquerading as a legitimate entity, such as a bank. They provide you with a text message with a link to your bank account addressing any difficulty. When you click the link, they will request your banking details, such as your username and password. Once you enter such information, your account and data will be compromised and the attackers will have complete access to it.
How did it happen?
OCBC customers received an SMS with a link, such as “A security check is necessary” and “Your OCBC account’s transaction capabilities will be disabled” to continue click the link below. Users thought it was from the bank and followed links to a fake bank site. Users supplied login info. Once hackers got credentials, they emptied victims’ accounts.
As additional people came forward as victims, it was determined that around 790 customers fell for the phishing scam. A total of S$13.7 million was taken in the most recent round of phishing attempts impacting OCBC Bank, an increase from the S$8.5 million that was purportedly stolen in December (CNA, 2022).
Text messages (SMS) purporting to be from the bank informed the victims that their accounts were being compromised and that they needed to click on a link to fix the problem (Chelvan, 2022). The link took users to a fake bank website asking for their login details to access their online bank accounts.
How to prevent It?
Numerous channels have been used to alert OCBC Bank’s clientele about phishing SMS attacks, including the bank’s own online banking facilities, its social media page, and media alerts. Even after receiving many warnings from the bank on various platforms like apps, websites, messages and etc. People still fall victim to phishing scams.
A number of precautions can be taken to avoid falling victim to phishing scams, and they are outlined here.
1) IT security awareness training is critically important. An organization should prioritize training their employees more because humans represent the weakest link in the security chain.
2) Never open attachments or click on links sent by text message. Use only the bank’s mobile app or website as your sole portal.
3) No consumer will ever get a text message from the bank informing them that their account has been closed or that they have been locked out.
4) Verify all information with the main website or other reliable sources to ensure its accuracy.
5) Your personal information and online banking credentials, including your one-time password, should never be shared with anybody.
6) If you receive any suspicious-looking messages purporting to be from your bank, you must immediately report them to the bank and law enforcement.
IT Security Awareness Program
Condition Zebra has collaborated with KnowBe4, the leading global provider of integrated security awareness training and simulated phishing to bring you the much-needed platform. This platform will boost confidence in an organisation to combat any type of cyber attack. The purpose of this IT Security Awareness program is to adequately prepare employees to have the necessary IT security awareness knowledge.
Your Preferred Cybersecurity Partner!
Condition Zebra is a CREST-certified and ISO 27001:2013 company that offers Professional Cybersecurity Solutions and Cybersecurity Training for SMEs in various industries, including Financial Services (Banks & Insurance), Government Ministries & Agencies, and Government-linked companies.
If you’re looking to leverage our expertise, that is to get the best solutions that demonstrate the highest levels of knowledge, skills, and competence, then reach out to us today!
How we can help:
1) Free Phishing Security Test
The purpose of this Free Phishing Security test is to provide a safe space for IT teams to implement email phishing simulations for all the employees in the company.
Find out what percentage of your employees are at risk and how many of your users are clicking on phishing links.
2) Train your users
Introducing, KnowBe4 Security Awareness Training Platform, the world’s largest library of security awareness training content, including interactive modules, videos, games, posters, and newsletters. Automated training campaigns with scheduled reminder emails
The significance of cybersecurity awareness training for employees cannot be overstated. If they are well taught and aware of the types of attacks they may face, they will know what action to take. This will protect them against any type of attack, regardless of its severity.
Singapore, F. 2022. OCBC Hit With S$330 Million Additional Cap Requirement After Phishing Scam – Fintech Singapore. Available at: https://fintechnews.sg/61497/fintech/ocbc-hit-with-s330-million-additional-cap-requirement-after-phishing-scam/
CNA 2022. OCBC says S$13.7 million lost in phishing scams, up from S$8.5 million. Available at: https://www.channelnewsasia.com/singapore/ocbc-phishing-scam-more-losses-victims-reported-2469086
Chelvan, V.P. 2022. OCBC says S$13.7 million lost in phishing scams, up from S$8.5 million. Available at: https://www.channelnewsasia.com/singapore/ocbc-phishing-scam-more-losses-victims-reported-2469086
Zebra, C. 2022. IT Security Awareness Program – Condition Zebra | Cyber Security Company Malaysia. Available at: https://condition-zebra.com/security-awareness-program/