SINGAPORE – Hackers abroad have been able to pose as 75 bank customers here to make about $500,000 in fake credit card payments.
This was done by a sophisticated method of hijacking the one-time passwords (OTPs) sent through SMS text messages by banks.
The hackers had diverted the SMS OTPs from the banks to overseas mobile network systems, explained the Infocomm Media Development Authority (IMDA), Monetary Authority of Singapore (MAS), and Singapore Police Force in a joint statement on Wednesday (Sept 15).
The fraudulent transactions happened between September and December last year.
The bank customers said they did not initiate the transactions and did not receive the SMS OTPs needed to complete the transactions.
The authorities gave an assurance that Singapore’s banking and telecommunication systems were not compromised.
They said that “SMS diversion is a mode of attack that requires highly sophisticated expertise to compromise the systems of overseas telecommunication networks”.
In this case, the fake transactions also involved the crooks getting hold of the victims’ credit card details.