Two SMS messages landed on my phone at exactly the same time in the dead of night. To be precise, at 2:08am. The first one read: “RM0 OTP is vzLa-0615xxxx for online trx for UOB card ending 0376 for PHP4525.38 @ Traveloka on 21/07 18:08PM. OTP expiry 22/07 02:11AM MY time.” The second came immediately after: “RM0 UOB Cards: Thank you for using your UOB Card ending 0376 @ Traveloka3DS*******5272 for PHP 4,525.38 22/07 02:08. For any enquiry please call UOB.”
So, at around 7:30am, I called UOB’s customer service to report a potential fraud. The lady at the other end confirmed that the transaction hadn’t gone through and it had been automatically reversed. Still, I requested for my card to be blocked. Just in case.
But that wasn’t the end of it. Hours later, a third SMS arrived: “RM0 OTP is fCWE-0105xxxx for online trx for UOB card ending 0376 for MYR1689.60 @ Cebu Pacific Ai on 22/07 03:18AM. OTP expiry 22/07 11:21AM MY time.”
Another transaction attempt. Same card number. This time, it was from Cebu Pacific Airline, and again, I hadn’t initiated anything. Another call to UOB. They confirmed the card was already blocked, and this new attempt never even made it to my statement. So what have I learnt from all this?
First, never ignore those strange, late-night SMSes especially if they look even remotely relevant to you. Check the details. Call the bank. You just never know. Second, don’t get lulled into a false sense of security just because the OTP goes to your phone. It’s true that the fraudster probably can’t complete the transaction without the OTP, but what if there’s a breach somewhere and they can intercept or bypass that step? It’s rare, but not impossible.
And finally, we need to ask: did the UOB system suffer a data breach? I can’t say for sure, but it’s suspicious. I barely use this card; just the occasional petrol purchase where I tap and go. No PIN, no online transactions, no manual data entry. So how could my card details end up in the wrong hands? If not a data breach, then what?
Interestingly, the timestamps suggest the transactions originated from a location in the UTC+0 time zone roughly eight hours behind Malaysia. That puts the origin somewhere in western Africa, or perhaps a British territory like Saint Helena or Tristan da Cunha. But the use of Philippine pesos and the mention of Cebu Pacific suggest that someone may have been operating through the Philippines—or trying to make it look that way. Who knows? Syndicates can operate across continents these days.
So here’s my advice: (1) Monitor your bank and credit card SMSes closely, no matter what time they come in. (2) If anything looks off, contact the bank immediately. (3) Don’t assume fraud won’t happen to you just because you don’t shop online or use your card much. Sometimes, that makes you more vulnerable as you’re not watching as closely. And (4) finally, consider using virtual cards or turning off online access when you're not making purchases. It’s better to be paranoid than to be sorry.
We live in strange times. The fraudsters are getting smarter. So let’s not make their job any easier.
No comments:
Post a Comment