Display mode (Doesn't show in master page preview)

2 Nov 2021

Econ Digest

Revealing the tricks! Luring...deluding...hacking information through mobile phone/online shopping


       In the cyber world around us today, every time we go online or click on any link, it may not end up with us getting the information we want to access. If you fall into a scammer’s trap, the loss may not be limited to the money in your account; your personal information may be used to create fake accounts, thus you become a scapegoat for losses that are difficult to limit.
       Nowadays, cyber threats have increased exponentially, especially in the financial sector. Here, we will present the most common and troublesome cyber threats to many bank customers, focusing on popular fraudulent programs that steal data through various methods, as follows:
  • Luring into a trap: Victims are contacted through private channels by calling, sending SMS and various chat applications to reach and engage customers, such as winning free gifts, giving loans, warning or notifying victim of stolen financial information, etc. Then, when victims are interested and click on the link, they are directed to change or enter personal information on a fake website.
  • Fraudulently entering personal information: After entering a fake website, the victims will be directed to perform unnecessary transactions, such as entering personal information, revealing OTP to conduct transactions at a branch or ATM, etc., thus allowing crooks to have our personal information for further fraud.
  • Scamming money: Victims’ personal information is used without their permission, and the various ways the banks have been informed of to obtain money fraudulently are as follows:
>>>Attack an existing account: This happens two way-both transferring money out of the account and spending with the victim’s debit and credit card information.
>>> Apply for another service to receive money from the victim’s account: The most common cases are applications to other banks for financial services; for example, open an e-wallet account of a mobile operator by linking it to the victim’s bank account, and open a new account through the bank mobile application. This can be done in some banks that do not require that the account opening must be tied to the phone number provided to the bank’s system, but requires only general personal information such as ID number, date of birth, telephone number and OTP.
        In a recent case, a group of scammers were randomly collecting card data and spoofing transactions through foreign online stores; a total of 10,700 debit and credit cards were stolen between October 1-17, with a total loss of THB131 million. The banks have established guidelines to ensure that all customers receive refunds, while prompting joint discussions between the Bank of Thailand and the Thai Bankers’ Association to enhance the preventive measures as follows:
1. Strengthen detection of abnormal transactions to cover both low-value and high-frequency transactions, and empower the banks to suspend card usage immediately and notify customers through all channels, with a particular focus on monitoring foreign transactions.
2. Customer notifications are added at the time of every transaction through various channels such as applications, email and SMS.
3. Increase the security measures for using the card by discussing the issue with card network providers such as Visa and MasterCard, to require additional authentication for debit cards that are using OTP when paying at online stores.
“Don’t click, don’t give personal information, and no financial information will be stolen!” is a slogan to keep in mind to protect yourself from the cyber threats posed by “scammers” (Social Engineering). This prevents us from falling into a trap and allows us to break through the “deceiving” settings of scammers, making them unable to “steal” our personal information and cause damage.
  • Know the Classic Trick: Don’t let unawareness and gullibility lead you to trouble>>> Using old patterns, old techniques such as impersonating employees in trustworthy organizations such as banks, the Bank of Thailand, the government offices, etc., and calling to ask for personal information, including asking for OTP. If you encounter such questions, you shouldn’t trust them, because they are not real employees. The banks have  systems to secure customer information that do not require contacting customers for information through such methods as g calling, sending a link via SMS, chat application and e-mail, but rather allowing the customer to contact  the banks through the official website. If in doubt about entering any information on online transactions or on the website, you should first contact the relevant staff directly.
  • Beware of bank card information leakage: Whenever you use your credit or debit card, it opens the door for others to access your card account information, whether swiping the card at the merchant or filling in card account information online to make a payment. Here are some recommended preventive measures that we can manage by ourselves:
>>> Destroy the three-digit number security code (CVV) on the back of the card, or may be store it separately, as this CVV is an additional layer of security for the cardholder to verify their identity when using the card to pay online. In practice, many cardholders do not destroy this security code, leaving their data vulnerable to theft and becoming a channel for scammers to use it to buy low-value goods online.
>>> Avoid untrusted online transactions that require information on the front of the card and the 3-digit security code on the back of the card to prevent theft of card data for low-value online transactions.
>>> Reject or cancel the payment transaction, when you see that the online store has a low security system and no OTP verification system. OTP is a one-time code sent to the phone number associated with the bank card account.
>>> Set spending limits per day and per transaction for deposit accounts and card accounts to limit the extent of the damage, which may be as low as 0 baht for cards that are rarely used, and gradually modify/adjust the limit as transactions are made. This can be done by yourself anytime and anywhere through the account holder’s bank application.
         Technology is advancing, but the crooks are, too. However, if we take the lead in closing the door to prevent crooks from accessing our identity information, in addition to helping us be free from online threats and sifting through less anxious matters, it would be a pleasurable experience to be part of a cashless society and financial innovation in a world without limits.

We thank KASIKORNBANK, KASIKORN BUSINESS-TECHNOLOGY GROUP (KBTG), the Thai Bankers’ Association and the Bank of Thailand for providing the sources of information.

Scan QR Code

QR Code


This research paper is published for general public. It is made up of various sources. Trustworthy, but the company can not authenticate. reliability The information may be changed at any time without prior notice. Data users need to be careful about the use of information. The Company will not be liable to any user or person for any damages arising from such use. The information in this report does not constitute an offer. Or advice on business decisions Anyhow.

Econ Digest