Not sure if anyone has similar experience, but today my mum's phone was hacked where her Whatsapp was black-out. The hacker started sending messages to her contacts asking for money. He even provided a bank account number (Bank Islam), although the name is obviously fake. He also managed to transfer out money from Touch N Go, but bank-related transfers are safe. During this period, my mum's phone was not usable.

A police report has been made although I don't expect much hope to recover the money. Just sharing in case anyone knows what could have caused this.

Side note, is iOS more secure when it comes to hacking?

The act of placing your bank apps and sms in the same device is the the ultimate opportunity for scammers

Is your mom using CCP phone?...

How old is the phone and what android version is it on?...


Also do you enable 2FA on your gmail, whatsapp and all socmed account?...


Also do you enable SIM pin on your phone?....

Old people always accept all sorts of requests online be it free gifts or install games, apk. Best set the privacy settings for whatsapp and telegram so that they do not get auto add to groups. Yes, ios has better security features and updates compared to android.

Yes... that's correct but provided people are tech-savvy and have extra money for 2nd phone... not everyone can do so

Do you mean it's a standard practice to have 2 phones, one specifically for banking?
What about E-wallet? Doesnt sound practical to separate this

A 2-year old Vivo phone. How is that different from other Android phone like Samsung, Google, etc?

No security chip...Samsung has KNOX, Google has TITAN...

Also ccp phones has more bloatwares more than the rest...

some of these bloatwares... triggers pop ups.. to install apps or games... which then triggers to install other things...

thats on the phone...
---------------------------------------


what about the rest of my questions?.. do you enable SIM PIN?... do you enable 2FA for all your major apps?...

which Vivo? official Malaysia set?

Just now , got an sms stating verification code for grab . I was like , what the parking . I don't use it . But why am I getting this . So I guess someone typed my number and wanted to see if it works . Well no one called me , and even if they were to call me . I will say the number is 1234 , and go park yourself

Ur mum downloaded some APK from unknown source?

The Semi Fastest way is to block the SMS to the current SIM
Call Telco to block, and go to nearer and faster available branch to ask for a new SIM.
Redo the Whatsapp/phone registration on the new SIM

not sure abv suggestion is good thou. That all i can think of at 2.35am

Yes, immediate family experience they will msg ask you order from website, then will got problem, they then tell you install this app to order, once the old people install the app got some permission they will tell them to press here press there, once permission given gone case.

My case the old people realize she's been phished she wanted to go bank and stop any transaction, the scammer can even msg and say where you going, I'm controlling your phone already, your account money transfer out already, you don't believe you check see. Luckily she didn't go check, else scammer can get the bank password also. She throw the phone at home and quickly drive to bank. Luckily bank account managed to lock and no transfer made.

Moral story is


don't simply install apk other than play store then give funny permission
If kena d, don't do anything else straight to to bank, they can control phone but if no password they can't do shit

If tng probably they tried order something and scammer recorded the pin down as they can view the phone screen

Vivo and oppo has annoying pop ups, can't disable, especially their own store damn annoying, never buying again

Xiaomi and poco no such issue.

Vivo has that dodgy adware app called touchpal app that you can accidentally install malicious apk file if you are not careful, dangerous especially for elderly people.

Yes, ios is generally safer compared to android. Android, u can install any apk files with ease. While ios can't, unless you are an expert, which most elderly is not.

old people that is not tech savvy, dont install bank/ewallet app on the same phone. problem solved.

why cannot? phones are cheap these days.

This post has been edited by Selectt: Dec 19 2024, 08:32 AM

old ppl clicking everywhere is unavoidable. only thing u do is DONT install bank/ewallet app on the same phone they use.

and get ready to phone reset saja if anything happens there.

must be android right? thank god my mom not android if not everyday also she will kena hack with tiktok scams

what app or service still uses SMS to validate? SIM pin only to avoid hacker or telco hack to force phone porting saja

doesnt matter if you got knox or titan la.

this is social engineering issue

they will give you instructions to go developer settings and enable apk installations from unknown sources saying you need it for promotion

just get an iphone for the old people

no way to purchasing cena branded. really cannot 1.
not becos of spec or what. but software disasters.

First time I heard of such advice tbh

Yes, some old people, their children says don't download also, they won't listen

Once they've saw that free gifts, free tv shows, free this that, cheap maid, they think they discovered something valuable on the internet, like they won lottery

Then when you tell them this is fake, they think you're the dumb one

Old people very difficult, bank should let them use traditional but stupid they force everyone go digital

This post has been edited by Natsukashii: Dec 19 2024, 08:50 AM

lol no need apple product la. US govt and apple has all your data. it is safe until somebody in the company exposes it or quantum computing break their security into pieces.

old folks have no need for online bank apps, only tng. let the youngster manage their online banking if needed. limit the tng amount in their phone if u want. smartly isolate the access already enough la.

you think android made by kim jong un is it??

you think open source software can be more secure than ios?

you know right google hands over even your search results to the fbi when requested? if you accidentally search for something a criminal searched for in a time period, you gone.

i dont care if apple has my data, but at least it is not selling it like google

we are talking about malicious apk installs and you went to quantum computing to break appels encryption lol

up to u la. i aint wasting time talking about what u want to do. lol my bad i shouldnt quote you.

At least iOS not easy to side load apps. That in itself already prevented one attack vector.

Old Apple device is not that expensive. I always hand down my old device to my older relatives.

Separate bank apps from primary phone la.

I have been doing this for almost 5 years now. The bank phone has minimal apps and no socmed or messaging apps installed. All calls blocked at the phone level.

Ios or android, if we have gullible non tech literate users who simply click on any link will get it

Iphones are the best for security right? That's what I heard so far from reviewers and ppl on the street.

Nothing is best for security... NSO's Pegasus software loves Ipongs...

Then knox all those stuff what for ?

You know nothing about ccp phone.

GSEA0: This chip from Goodix is used in the OPPO Find N3 and protects data encryption, identity authentication, and secure signing and verification. It also has a dedicated key management system and enhanced flash endurance

Discrete Security Chip S1
This chip has a dual Trusted Execution Environment (TEE) security system that continuously monitors and protects privacy

OnePlus Open Apex Edition
This phone has an independent security chip certified for CC EAL5+ and an NFC security chipset for CC EAL6+ and EMVCo

vivo X200 Series: This series comes with an advanced security chip that protects your information with every touch.
vivo X Fold3 Pro: This phone has a built-in security chip that has passed the international CC EAL5+ security certification.

and many more.

Of course, if you are using a low-end entry-level phone that doesn't have a chip and doesn't practice personal hygiene, then you are the one to blame.

This post has been edited by chtan: Dec 19 2024, 10:07 AM

Just shut the phone and restart the phone with no wifi/data connection. And perform other steps to mitigate it, no?

Like other ktards said, it's best to have 1 phone exclusively for banking purposes especially since the elderly tend to have substantial savings in bank.

U don't need to get a high end model, mid range will do & main thing is manufacturer will still support the phone with updates for at least 5 years. Also helps to have antivirus like norton/malwarebytes installed.

Buy the phone physically from official shop, don't take chances with online purchase third party shop.

E wallet best to put.in just enough to.last throughout the week & on weekend help transfer for your mom from main bank account.

If you want to put a lot of.money in t&g to get interests then best to use another e wallet for daily use.

Did your mum send her phone to phone shop for repair?

yes agree , such a noob OS.

Scammer already control the phone, tried turn off phone also can't. But didn't try long press power button, would have worked but she dunno got such method, panic d anyways

I know one lady boss just kena few weeks ago :X using samseng phone

Can't turn off, they control the phone.

Stop all data connections?
- remove physical SIM card
- turn off home wifi router

One thing I don't understand is how can the scammer transfer money out from Touch N Go? Unless he already know the password

One of my friend's husband sent his phone for repairing and after got back the phone, all financial related app kena transfer out the money and cc were used for transactions. He didn't aware of this until the bank called.

At the end, he has to compensate all for about RM60k to the banks for cc.

They might have been able to observe the data going in out your phone, if they can control your phone. Then I would expect they only launch the attack when it’s least expected.

TS, what time was it when this occurred?

Actually for Android phone macam cannot simply install APK right? Need to enable developer mode or something

Many people don't read the warning and click Yes or Proceed.

But to enable developer mode macam need specific steps not just click yes and proceed. Aunty uncle usually not that literate enough to do it kot

Usually malicious APK installed. My dad's phone also kena before.

How? Suddenly my home firewall started making noise about multiple connections to blocked China servers. Fortunately, every device at home all using fixed IP so I know which device is causing the problem. The culprit? Some mahjong game downloaded from some China website.

which bank app still use SMS?

my mom OPPO keep auto download cleaner apps until whole phone memory full and hang, bought her used iphone 8 plus and never have complained since then

depends on what phone, some phones already it's in the general setting, all you need to do is just "enable 3rd party apps install" then phone gave warning, if didn't read the texts then press okay then you are done, you can disable it back also by one click.

I have one of my phones if enable that, I can't press yes because have to wait 10 seconds, which forces user to read the red wall texts of warnings.

The fact that Android phone allows APK to be even installed and does not lock the root system is a recipe for disaster.

I am not an apple fanboy, but Apple has reasons to lock out the root system from tampering and regular security update speaks volumes.

But I do notice old people like to install apps yo

This post has been edited by Chrono-Trigger: Dec 19 2024, 01:40 PM

scammer call and ask to install anydesk, etc and remote install spyware or apk?

or mom install apk for discount or online ordering

I know someone kena last time with maid agency, side load apk

Yah, I also kena b4, tell them also kena marah back, say “wat you know? Other ppl download ok mah?”. Funny is I’m the CyberSec consultant that pdrm and mcmc uses for their investigations sometimes but to these old ppl, I’m just a young boy

your friend's husband so brave sending phone without factory wipe first.

Nowadays the most valuable posession is your phone and thumb print. Your email is connected 24/7 to ur phone, no password to see mail. Meanwhile you are using it as recovery email. Then sms OTP also using the same device. lol.

I damn scared robbers took my phone and cut my thumb. really can rugi habis.

if ur mom jenis anything also klik, regardless of what phone she uses also no point. just a matter of time.

Wow..i finally found someone who are like minded ..for the longest time i have been laughed at and even questioned why i have 2 phones..my wife is able to understand it..but other ppl around me don't..

Is old uncle and doesn't know about this and never think of this too.

Means if you go out to buy stuff that will need E-wallet, you will have to bring both phones too?

U know the problem is not the phone but the user right?

almost always is APK issue
install something introduced by 3gu6po recommendation for free stuff

Another thing is you can monitor what kind of Whatsapp group that your parents joined.

Recently I checked my father phone and he told me that one of the people inside whatsapp group shared link to register to get Bantuan STR money or something.

I clicked the link and the website looks legit. They asked you to fill up your details such as name, IC, contact number etc.

But the real layout of Bantuan STR website is different actually. I told my father it's a fake website.

I can conclude that people easily get scammed based on what is shared on Whatsapp/Telegram or any communication platforms compared to social media like FB, Instagram, Tiktok.

This post has been edited by Alternate Gabriel: Dec 19 2024, 03:57 PM

For downloaded APK file, why not scan with virustotal.com website before installing. While this doesn't guarantee that the APK is 100% safe, at least it's additional layer of protection

Number 1 for parents, js remove fb app altogether.
Those generations see free stuff, loves to click on it the install unknown apk apps.

Doesn't matter for ios if they keep clicking., educate them.

HmD phone only, Rm100, no Internet (recent) lowyat news maybe get that for regular calls n sim.

That's why it's best to get 2 phones especially for the elderly as they have a tendency to download anything.

1 phone just for banking activities & nothing else. The other is for day to day use.

Even if they are cautious & don't simply click/download anything. Others in their WhatsApp group won't be so cautious & simply forward anything & may accidentally click on it.

The problem is that in every WhatsApp group, there is always 1 or 2 morons who everything they simply post forward & I don't mean just the elderly do that.

got one linus video explained how this happened





keyword: ss7 attack

https://www.firstpoint-mg.com/blog/ss7-attack-guide/

Summary:

SS7 is the system that the phone companies use to connect phone calls, its not malware of any kind, it literally is a part of the phone company. SS7 vulnerabilities are not tied to a specific device or operating system.

These attacks exploit weaknesses in the SS7 protocol, which is used by telecom networks to exchange information for functions like call routing, text messaging, and roaming.

black hat hackers can integrate the global telecommunication network and request information from any SIM card they want.

If they gain the trust of the network you are registered in, they can eavesdrop or redirect your calls and messages

This post has been edited by JimbeamofNRT: Jan 15 2025, 01:53 PM

Only do these if one is using Android smartphones.
For iphones its not necessary to carry 2 sets, unless one wants to hide the small 3 from the big wife😆

good post.

however this attack normally done on high valued target not ordinary people.

1 prostitute phone
1 wife phone

Wife keep all secret and financial app

Who give prostitute their bank access??

Have a phone that u can do anything without risk to access your most important data

True incognito mode

Don't tell me can't afford 2nd device
But willing to risk all banking account

this is user problem caused by user action, not phone problem.

if user still have shitty behavior, he still get attacked no matter what phone.

Not so sure on that. I’d say anyone’s money is a target and the least resistance is the easiest target.
SIM cloning seems to be a developing trend in many countries - fortunately not apparent here yet ?