More PayPal users in Singapore fall victim to hackersLosses range from $50 to over $3k; PayPal says users clicked on scam links.
By Irene Tham,
The Straits Times | 27-05-13
"I had not used my PayPal account for online shopping for several months, so it couldn't be me making the purchases," she said, adding that DBS is still investigating if her card was defrauded.
Her PayPal account is frozen.
Another victim Jasmine Ser, 32, discovered a suspicious PayPal charge of $47 on her UOB credit card bill last month. After logging in to her PayPal account, she found that her credit card was linked to three unknown sellers in Indonesia with whom she had no dealings.
Like Ms Ser, Ms Leow has terminated her PayPal account. She added that UOB has refunded her the amount and issued her a new credit card.
Ms Ser felt that PayPal should follow the practice of banks, which make online customers enter a one-time password (OTP) to access their accounts.
An OTP is randomly generated on namecard-size devices called tokens or sent via text message to users' cellphones. OTPs, good for only one log-in, provide an added layer of online security in a process called two-factor authentication (2FA), a standard protection for online banking in Singapore since 2006.
Security expert Assurity Trusted Solutions' chief operating officer Chai Chin Loon advises Web users to use complex passwords, change these at least once every three months and activate 2FA where possible.
Many online services like Gmail and Facebook have introduced 2FA.
Earlier this week, Twitter rolled out 2FA following the hacking of several high-profile Twitter accounts. Last month, a bogus Associated Press Twitter feed said the White House had been bombed and United States President Barack Obama was injured.
Some online service providers like Yahoo and PayPal offer 2FA only in certain markets like the US. Singapore users do not have this security layer.
PayPal's spokesman said it is evaluating what extra security options are needed for Singapore users.
Protect yourself
Security expert Assurity Trusted Solutions, a subsidiary of technology regulator Infocomm Development Authority, has advised all Web users to:
- Use complex passwords;
- Change passwords at least once every three months; and
- Activate the two-factor authentication process, a standard protection for online banking in Singapore since 2006, where possible.
By Irene Tham,
The Straits Times | 27-05-13
SINGAPORE - Hackers stole from many PayPal accounts in Singapore in the past two months, highlighting the need for a higher level of security for accessing online accounts.
The losses range from $50 to more than $3,000, with many victims saying this was the first time it had happened to them.
At least one major bank, which declined to be named, told The Straits Times that it has received more complaints in the last few months from customers about fraudulent PayPal transactions on their credit cards.
PayPal, on the other hand, maintained that its system was not hacked into, but rather that users responded to scammers' e-mail, say, by clicking on fraudulent Web links resulting in their accounts being compromised.
A PayPal spokesman said it would refund the account holder "the full amount of every eligible unauthorised transaction if a dispute is raised with PayPal within 60 days of the unauthorised transaction occurring".
Purchaser Janice Leow, 30, was in Bangkok on holiday in March when she received an SMS from DBS Bank alerting her to a $1,000 PayPal transaction which she did not make.
"I was shocked. My credit card was with me. How could it have happened?" said Ms Leow.
On her return to Singapore a few days later, she called DBS and was told that more than $3,000 from multiple PayPal transactions had in fact been chalked up on her credit card.
The losses range from $50 to more than $3,000, with many victims saying this was the first time it had happened to them.
At least one major bank, which declined to be named, told The Straits Times that it has received more complaints in the last few months from customers about fraudulent PayPal transactions on their credit cards.
PayPal, on the other hand, maintained that its system was not hacked into, but rather that users responded to scammers' e-mail, say, by clicking on fraudulent Web links resulting in their accounts being compromised.
A PayPal spokesman said it would refund the account holder "the full amount of every eligible unauthorised transaction if a dispute is raised with PayPal within 60 days of the unauthorised transaction occurring".
Purchaser Janice Leow, 30, was in Bangkok on holiday in March when she received an SMS from DBS Bank alerting her to a $1,000 PayPal transaction which she did not make.
"I was shocked. My credit card was with me. How could it have happened?" said Ms Leow.
On her return to Singapore a few days later, she called DBS and was told that more than $3,000 from multiple PayPal transactions had in fact been chalked up on her credit card.
"I had not used my PayPal account for online shopping for several months, so it couldn't be me making the purchases," she said, adding that DBS is still investigating if her card was defrauded.
Her PayPal account is frozen.
Another victim Jasmine Ser, 32, discovered a suspicious PayPal charge of $47 on her UOB credit card bill last month. After logging in to her PayPal account, she found that her credit card was linked to three unknown sellers in Indonesia with whom she had no dealings.
Like Ms Ser, Ms Leow has terminated her PayPal account. She added that UOB has refunded her the amount and issued her a new credit card.
Ms Ser felt that PayPal should follow the practice of banks, which make online customers enter a one-time password (OTP) to access their accounts.
An OTP is randomly generated on namecard-size devices called tokens or sent via text message to users' cellphones. OTPs, good for only one log-in, provide an added layer of online security in a process called two-factor authentication (2FA), a standard protection for online banking in Singapore since 2006.
Security expert Assurity Trusted Solutions' chief operating officer Chai Chin Loon advises Web users to use complex passwords, change these at least once every three months and activate 2FA where possible.
Many online services like Gmail and Facebook have introduced 2FA.
Earlier this week, Twitter rolled out 2FA following the hacking of several high-profile Twitter accounts. Last month, a bogus Associated Press Twitter feed said the White House had been bombed and United States President Barack Obama was injured.
Some online service providers like Yahoo and PayPal offer 2FA only in certain markets like the US. Singapore users do not have this security layer.
PayPal's spokesman said it is evaluating what extra security options are needed for Singapore users.
Protect yourself
Security expert Assurity Trusted Solutions, a subsidiary of technology regulator Infocomm Development Authority, has advised all Web users to:
- Use complex passwords;
- Change passwords at least once every three months; and
- Activate the two-factor authentication process, a standard protection for online banking in Singapore since 2006, where possible.
No comments:
Post a Comment