This was sadly not even a new trick. As scams go, it was actually one of the oldest in the book. It bypassed technological safeguards and used good old-fashioned social engineering to gain access to the accounts of the victims.
No to Internet Banking
Despite having multiple OCBC accounts, I was immune to this little trick. Not because I'm smarter than average, but because I don't have Internet Banking. I don't have an OTP token, and any SMS sent to me in this vein would merely raise an eyebrow. (My wife, too, is immune to this little trick, but for a different reason - she doesn't speak English, and any SMS she receives that she can't read, she simply deletes.) |
| Getting a Phishing message. |
That also means that any banking I do is on-site - at an ATM or an actual bank. Yes, it is a far more laborious activity. Yet, that is what I do. Many people have questioned why I, as a software developer, do not engage in the convenience of Internet Banking. After news of the islandwide scams broke, they are no longer questioning.
This does not just apply to iBanking. It is an established pattern for many aspects of my life.
Tech people being technophobic
Smart refrigerators, Internet of Things, Alexa - nope. My career as a software developer stops at my home. I still write code at home, but any compromise of security at home would merely affect the laptop and mobile phone. |
| No smart home for me. |
Is this technophobia? Perhaps. But I seriously doubt I'm the only software developer who lives life like that.
The reason is simple. It is precisely because I am a software developer, that I've seen how things work. Mistakes happen. Negligence happens. Software developers are human and sometimes they get tired. Sometimes they're just sloppy, or irresponsible. Sometimes they just don't know better. They might cut corners or do whatever they can get away with, as opposed to doing a proper job. And I am acutely aware of just quickly things could go to shit if any of the loopholes we sometimes leave open, are exploited. A layperson has the luxury of being blind to all this, and just assuming that shit will work. I don't.
I've seen enterprise level applications fail a simple Cross-site Scripting check. Experienced developers who use unsanitized data in Stored Procedures. Essential software that don't even pass basic security tests.
And I'm supposed to just trust software?
In all fairness...
The recent scam was not due to security flaws on OCBC's side. Their systems were not compromised. The breaches were due to mistakes made on the part of the users. If OCBC is to be blamed for anything, it would be the lack of user education. And that, is as much the responsibility of the individual as that of the organization.If you can't stand the cheat, get out of the kitchen!
T___T
T___T
No comments:
Post a Comment