Maybe you need to check if it's a PC or gadget that you used to log on to Shopee before. Every new login seems to require a SMS to your phone.

Best practice is probably to clear the cookies from any 3rd party computer that you use to log on or just use private browsing.

I believe what happened was most likely a family member or "friend" who had access to OP's phone. Shopee requires OTP like many have said, unless using shopeepay

once the credit card is saved no OTP is required for subsequent purchases.

TS probably forgot to log out from another device and someone else had access to his/her account. Since if hacker login from new device shopee will require verification code sent via SMS.

TS post de. Probably you can get an idea of what happened.

The only possibility i can think of is that the hacker probably checkout using credit card as the payment option instead of shopeepay. Cant recall whether is it lazada or shopee, either one of these platform do not send me OTP whenever i perform a topup or purchase directly using cc in their app, the transaction jst gets approved (referring to a saved/linked cc to the app)

Though i am not sure if there is a limit for purchasing directly via cc in shopee but if it follows the credit limit of the cc itself, then it could also be possible if TS' credit limit is above rm8k.

But then again, assuming hacker managed to perform rm8k transaction, the next line of defense should kick in as well, i.e. notice from the issuing bank. Typically for huge amount like rm8k, banks will notify/call/send sms to inform like "how much was just swipe using cc with ending num xxxx and pls call if you did not perform this transaction bla bla bla". And if the cc owner calls timely i believe most banks can stop/reverse this transaction.

This post has been edited by chichabom: Jan 13 2021, 08:26 AM

for sake of convenience once you register tour CC / DB to shopee/lazada they only ask OTP one time. then the subsequent transaction does not require OTP.

it will only ask for OTP after every few months.

convenient yes, secure no.

so after finish transaction delete your card from the platform.
lazy = high risk.

Both aboi and agirl also quite clumsy type eh... i guess they can be easy as a scam target

but why would I give my OTP to my friend ?

is like my friend ask me for my maybank2u password..

It's OTP to reset your email password. Once you give the email reset OTP to your "FB friend", he will take over your email account.

Having access to your email account opens up countless possibility to reset other passwords from other services.

You would give the email reset OTP to your "FB friend" because he won't specifically ask for OTP. He would ask something like...

(This is the actual hacker's message:)

"Shopee has a special campaign for the 4th year, if I get 5 votes, I'll win a gift voucher with you. I'll send you a message send me message copy ?"

Many people will fall for it if the message came from their FB friend.

Again, having access to your email account opens up countless possibility to reset other passwords from other services including lazada, shopee and facebook.

If the service allows, setting up 2-factor Authentication is the best way to prevent people hacking into your accounts

This post has been edited by gumshoe101: Jan 13 2021, 09:38 AM

You wrong la. Now shopee update password mentions clearly in the message "NEVER share this code with others, including shopee staff".

If you still give then you cannot blame. It is always safe as long as your phone has a secure password. Face/fingerprint also not safe because your gf can secretly open it when you sleeping like a pig.

For those who forgot to log out from computer, it's like you left your bank card inside the atm machine after taking money, then you want to blame who?

This post has been edited by Accord2018: Jan 13 2021, 09:26 AM

You be surprise, many will still fall for it even the OTP message contains warning

Btw, read what I said - it's not shoppee OTP that the hacker will ask for. It's email reset OTP.

but you only send message copy not OTP.

Even my friend say he can win 1 million lottery and agree to split with me 50/50, give him my OTP, I still won't give.

I am sure email also will get that warning.

It is scam already not hack. where got so easy hack shopee.

No point arguing with your on the technicalities of the meaning of the word 'hack" or "scam".

In computer security, your security is only as strong as the weakest link.

I was also contacted by scammer asking for shoppee tac..

Don't need to enter OTP when make purchase meh? Can't remember.

If me, farked the scammer straight liao. No need to be polite.

Likely he gaved OTP. Sendiri sarahan, kena scammed, try blame Shopee.

Yes, you're so clever. Not everyone is as smart as you.