Mr Mark Goudie, Asia Pacific and Japan services director for cybersecurity firm Crowdstrike, agreed that the onus is on business leaders to ensure that their operational processes and security measures can prevent attacks such as an SMS phishing scam in the first place.
“At a basic level with encryption and two-factor authentication in place at the front end, banking should continue to be secure, though threat actors will continue to try to find and exploit any weaknesses,” said Mr Goudie.
PROTECTING BANK CUSTOMERS BETTER
Some cybersecurity experts were concerned about Singapore’s reliance on passwords for online banking, including two-factor authentication methods such as one-time passwords (OTPs) sent via SMS, which are vulnerable to phishing attacks.
Mr Andrew Shikiar, executive director of Fido Alliance, a global industry association on open and free authentication standards, told TODAY that OTPs share a common trait with account passwords and PIN numbers as they are “knowledge-based secrets which can and will be pried out of an unassuming consumer’s hands by enterprising hackers”.
“These attacks work precisely because they are carefully designed to manipulate emotions and take advantage of victims’ trust and human nature,” said Mr Shikiar.
A number of scam victims in the OCBC phishing scam previously told TODAY that they had not given up any OTP or security token details to the scammers, but their online bank accounts were hijacked anyway.