Thailand was shocked recently by reports of online fraud victims claiming that hackers had secured access to their personal information through their charging cables, and used the stolen information to illegally transfer money out of their bank accounts.

How to avoid online attacks

After consulting with the Thai Bankers’ Association, the Bank of Thailand (BOT) clarified that the online fraud cases had not been caused by scammers hacking their devices through their charging cables in public places. The victims had downloaded trojan applications without knowing that hackers use malware to take control of their mobile phone remotely. The BOT and banks have issued guidelines, including urging mobile banking users to be cautious about applications they download to their devices.

The BOT advised users to download applications only from official stores such as Google Play store and App Store.

The central bank advised users not to click on links they receive on SMS or Line messages if they are not sure about the source of the message. The BOT issued the advisory amid a sharp spike in phishing messages sent by hackers via SMS, Line and email to lure receivers by tempting them with bank loans or financial rewards from banks or other institutions.

The BOT issued the following guidelines to improve safety:

– Mobile banking clients should update their mobile banking app or set up their mobile phones to automatically update the latest version of mobile app. The update is usually designed to prevent mobile phones from being hacked remotely, and upgrade their cybersecurity.

– Mobile banking users are advised to avoid using unsecure mobile phones for financial transactions. For example, phones that turn off root/jailbreak, which will allow any application download, or phones that use outdated operating software.

– Victims are urged to provide accurate information to concerned parties in order to timely address the issues. Should they find unusual transactions, they should contact the bank’s call centers or bank branches immediately in order to investigate the transactions.

Thailand needs welfare schemes based on rights not charity, experts say

Guidelines to protect users

The BOT also issued guidelines to banks that if customers are not directly responsible for providing personal information to hackers, then the banks have to compensate the customers for any loss incurred within five days.

The central bank has told financial institutions to regularly develop their own tools and respond to cybersecurity issues.

Banks have also been told to develop a cooperation mechanism with public and private organizations and seek cooperation from their clients to take precautions as mentioned above.

The BOT said it has been working with the Digital Economy and Society Ministry, the National Broadcasting and Telecommunications Commission, the Anti-Money Laundering Office, and National Police to fight online scams as follows:

– Upgrading security of the mobile banking system by blocking malicious websites, cutting connections with computers used by criminal gangs to remotely control the communication devices of the victims.

– The authorities have tried to tackle SMS’ disguised as messages from financial institutions to cheat banks’ customers, according to the BOT.

– Authorities have provided an online channel for online scam victims to file for legal action and ask for suspension of bank accounts.

– The central bank has also launched a campaign to educate and warn the public about cybersecurity.

The right phone

People often download applications or use their phone without giving much attention to cybersecurity. They may need to give it thought right at the outset when they buy a new mobile phone.

iPhone is a better choice as its iOS operating system is more secure than mobile phones that use the Android operating system, says Prinya Hom-anek, president and founder of ACIS Professional Center Co.

To further raise safety levels, it would be advisable to have at least two mobile phones, one used only for financial transactions to which users must not download other apps, he suggested.

Rationing prophylaxis pills could be poison for Thailand’s HIV/Aids goal

Why credit card is better

People should not leave much money in the bank account tied to their mobile phone, depending on each individual’s risk ability, according to Prinya.

Cardholders would be better off using a credit card rather than a debit card, as money will be transferred automatically in the case of the latter. Banks will need approval of a transaction before money could be transferred via a credit card.

“However, no method can guarantee you 100 percent protection,” he warned.

Customers who suffer losses as a result of online scams despite taking reasonable measures to protect themselves, can use them as a key argument to get remedy from their banks, going by the BOT advisory

Strong password can help

To avoid or mitigate damage from online attacks, users should use passwords that are unique. If a phisher steals one of them, they can only get access to that account and not others.

Experts also advise applying a two-factor authentication although that would not nullify the risk of malware-based phishing attacks. However, a two-factor authentication would significantly reduce the risk of accounts being compromised by run-of-the-mill phishing attacks, according to wired.com, a UK-based technology website.

The website suggested that for accounts you really want to protect from remote attacks, physical authentication tokens are a strong choice. Some companies have also started offering specialized programs, like Google’s Advanced Protection and Facebook’s “Facebook Protect” in which you can enroll if you think you’re particularly at risk of being targeted. The services walk you through the two-factor setup and provide additional monitoring for your account.

By Thai PBS World’s Business Desk

Hotels struggle to attract quality staff as tourism recovers