Police are warning people over call scammers after con artist allegedly stole US$454,000 from his victim’s bank account, posing as employees from the Department of Internal Trade.
The Cyber Crime Investigation Bureau reported that they were looking into the complaint of a 40-year-old businessman from Chon Buri who claims that a scammer called him pretending to be a representative of the Department of Internal Trade.
He was told by the con artist that the Department of Business Development had approved a new policy that called for businessmen to provide updated information.
He was instructed to click on a phony link sent to his Line mobile app and enter his personal information in the form. He then discovered nine withdrawals totaling US$ 454,385.00 (16 million baht) from his savings account after submitting the form online.
The victim expressed surprise that his bank did not have additional security precautions in place to safeguard its clients. He told police that despite an unusual amount of money being transferred to mule accounts, the bank had not gotten in touch with him.
According to the investigation, the funds were taken out of an account with Siam Commercial Bank and sent to 20 mule accounts, and then converted to cryptocurrency.
The Cyber Crime Investigation Bureau emphasized that victims of these scams have been popping up more frequently lately.
Many telemarketers asked victims to download an app on their phones to update their company and personal information while posing as officials from the Commerce Ministry.
After the victims finished the procedure, the app—which was actually malware for remote access—shared the data, gave criminals access to the victims’ accounts on banking apps, and let them transfer funds to sham accounts.
It’s crucial not to click on dubious links sent from unknown phone numbers, according to the Cyber Crime Investigation Bureau.
Online Scammers Targeted
People who fall prey to call centre gangs or online scammers who have developed a variety of techniques to fleece victims can have a miserable life as a result of answering a call from an unknown number or downloading a malicious app.
Numerous people have fallen victim to con artists posing as representatives of state agencies like the Revenue Department, who have tricked them into wiring money to mule accounts or clicking on malicious links.
Many people also encounter text messages that lure them into clicking links by posing as messages from banks, e-commerce companies, and airlines and offering privileges.
More than 200 mobile apps have been found, according to the Digital Economy and Society Ministry, that can be used to access or steal data from mobile users’ phones. These apps contain malware that can control infected devices and covertly wire funds out of users’ bank apps.
From March 1 to December 31, 2022, 163,091 online crime-related complaints were made via www.thaipoliceonline.com, according to the Royal Thai Police, resulting in estimated damage of 27.3 billion baht.
Investment Call Scammers
The most common complaint was about call scammers and fake online sales, which was followed by being tricked into sending money for work, fake loans, investment fraud, and call centre gangs. The DES Ministry reports that 118,530 phone numbers were blocked last year due to suspicions that they were being used to call and text potential victims.
In 2022, 673 alleged investment fraudsters and 166 suspected call centre gang members were detained. 58,463 mule bank accounts in total were frozen.
As technology develops, deceitful strategies will probably become more sophisticated and optimized to seize as many victims as possible.
Last month, when hundreds of users received text messages from Lion Air offering an air ticket as a reward, a recent scam using air travel as the bait was discovered.
On January 23, the con artist took money from a user’s bank account and withdrew about 10 million baht from another user’s bank account. Three additional victims also lost money, including more than 100,000 baht in one instance.
More than 300 users claimed to have received this phishing attempt, according to Thai Lion Air, which said it reported the problem to the Cyber Crime Investigation Bureau last week. The airline said in a statement to the media that it did not have a policy to offer free tickets or other privileges via text messages and warned consumers against being drawn into such fraudulent schemes.
The website www.lionairthai.com is the only place to conduct business with the airline.
According to Thai Lion Air, the Cyber Crime Investigation Bureau agreed to assist in limiting access to nefarious websites, but it would be challenging to stop con artists from sending users fraudulent messages.
Malware Downloaded to Phones
To alert banks and customers to the increased risk of financial cybercrime, the Bank of Thailand and the Thai Bankers’ Association (TBA) recently issued a joint statement. In response to a report that a mobile phone user might have lost his personal data and money in his bank account due to a public charging cable, the statement was made.
A joint investigation by the central bank and the TBA revealed that the charging cable was not the source of the fraud. Because malware had infected the phone and the owner had been “tricked” into installing it, money was transferred from the owner of the phone.
A hacker could remotely monitor and control the phone using the malware to transfer money from the user’s bank account. When the owner wasn’t using the phone, the operation took place.
The central bank claimed that con artists have created a variety of ruses, including false call centers, phony loan applications, fake text messages, and, most recently, strategies to persuade people to install malicious mobile applications.
According to the regulator, steps are still being taken to stop and address this kind of fraud. The central bank has also worked with the appropriate state authorities to put fraud prevention measures in place.
The Bank of Thailand exhorts financial institutions to continuously improve the tools they use to combat cybercrime and the mechanisms they use to work together with related parties to stop such crimes.
Money Stolen Through Mobile Apps
According to AVM Amorn Chomchoey, secretary-general of the National Cyber Security Agency, malware that can steal users’ data or take over their phones has been discovered in a number of mobile apps. More than 200 hazardous apps were found in the iOS and Android operating systems in 2022.
He advised users to remove the apps right away and update to the newest mobile operating system.
The risk of data leaks or having their phones remotely controlled by others, who could wire money out of their bank accounts, should make people cautious when downloading or installing apps on their mobile devices, according to AVM Amorn.
In order to blacklist these malicious apps, the DES Ministry is working with Play Store and App Store.
Additionally, he cautioned people against clicking any links in dubious text messages. People shouldn’t add friends with Line IDs displayed on messages that promise benefits that seem too good to be true, like approval for loans totaling 50,000 baht, or that threaten actions, like “click link to prevent having your bank account frozen.”
According to AVM Amorn, NCSA is gathering data on individuals who are sending fraudulent text messages in an effort to halt their transactions. According to him, the organization is also collaborating with the National Broadcasting and Telecommunications Commission (NBTC) to alert mobile operators so they can block spam SMS senders. Japan’s Line Corp was contacted to block con artists posing as reputable companies and add them to a blacklist.
In an effort to stop hackers who have managed to gain unauthorized access to victims’ smartphones from preventing them from obtaining crucial information, AVM Amorn said banks have upgraded their apps to fend off screen captures.
Educate about cybersecurity
According to him, NCSA notified these organizations to address the problem after finding gambling and casino advertisements on some websites run by agencies under the Public Health Ministry.
Concerns over ransomware and cloud security for Thailand this year were raised by AVM Amorn. He urged businesses utilizing cloud services to adhere to security checklists.
In accordance with the Digitalization of Public Administration and Services Delivery Act, more state agencies will provide online services to citizens, which could increase the risk of cyberattacks if they do not have adequate security measures in place.
AVM Amorn stated that “zero trust is the key that organizations need to embrace to ensure security.” NCSA will compile a manual on data security, incident reporting, and data recovery for state agencies.
The organization also intends to collaborate with schools to educate students about cybersecurity so they can inform their parents.
As part of efforts to combat online scams, DES Minister Chaiwut Thanakamanusorn stated that the government had previously attempted to amend the anti-money laundering law.
Since the procedure took so long, it was decided to substitute a draft emergency decree to stop online fraud. “The number of online fraud cases increases every day, and the decree’s implementation should hasten efforts to address the issue,” he said.
The draft emergency decree on the prevention and eradication of technology crimes was approved by the cabinet on January 24. The Council of State must first approve the decree, which is anticipated to go into effect this month.
The House of Representatives is then presented with the legislation for consideration. The decree will be repealed if MPs reject the draft.
The decree, according to Mr. Chaiwut, will have MPs’ support because it is a practical tool for combating online fraud.
Through a data exchange system, the legislation enables financial institutions and business owners to share details about the accounts and transactions of their customers. The law also permits telecom companies to share customer information among themselves and grants authorized agencies like the Royal Thai Police and the Anti-Money Laundering Office access to this information.
For the purpose of fraud prevention and investigation, the NBTC office is permitted to create a centralized database with user registration information for mobile services and short messages.
The decree permits financial institutions and businesses to halt questionable transactions if they can spot them or if authorities alert them to them. They must also alert other businesses or financial institutions that received the transferred funds to temporarily halt all other transactions.
The transaction may go forward if it is legal.
Financial institutions and businesses are required to halt transactions when they receive notification from fraud victims, and they must also immediately alert those who received the transferred funds to halt additional transactions. By taking this action, the victims will have 48 hours to file a police report, and police investigators will have seven days to look into any suspicious accounts after being notified of them.
An electronic or telephone call can be used to provide notice of relevant data and evidence.
Tougher penalties for scammers
The decree imposes penalties for people who give access to their e-wallet, electronic card, or bank accounts to people who don’t intend to use them. Additionally, if someone knows that giving someone else access to their SIM card could facilitate illegal activity, they are not allowed to do so.
Infringers risk a maximum fine of 300,000 baht, three years in prison, or both.
A prison sentence of two to five years and a fine of 200,000 to 500,000 baht, or both, could be imposed on anyone working for others to obtain or sell bank accounts, electronic cards, e-wallet accounts, or SIM cards, or who advertises such offerings that could help commit crimes.
According to Mr. Chaiwut, the law can help remove restrictions on the disclosure of personal data while resolving some legal issues that prevent relevant organizations from working together to combat online crime.
He asserted that these organizations can collaborate to develop artificial intelligence-based systems or remedies to aid the law enforcement in keeping an eye on mule accounts or suspicious activity on the National Interbank Transaction Management and Exchange platform.
Mobile SIM cards are crucial tools used by con artists to use phone calls to defraud victims of their money. In order to receive money from online victims, SIM cards are also connected to mule bank accounts.
In the past, a lot of SIM distributors and dealers secretly purchased these SIM cards for themselves and then sold them to other people.
According to Trairat Viriyasirikul, the NBTC’s acting secretary-general, “the NBTC now demands that all mobile operators comply with the rule that an individual must use an ID card to purchase and register a maximum of five SIM cards.”
The NBTC passed a resolution last year threatening carriers with daily fines of one million baht if they continue to permit dealers to subscribe to SIM cards on their own. According to him, operators have followed the rule since October.
In an effort to combat online fraud, the NBTC management intends to ask those who have more than 10 active SIM cards registered to one ID card to re-register.
He stated that the NBTC will move forward with this plan once the draft emergency decree on the prevention and suppression of technology crime takes effect.