I couldn’t believe my eyes when I checked my OCBC Bank account on May 14. Eight transactions had been made over two days, adding up to a significant amount. The charges were for ChatGPT subscriptions, a paid version of OpenAI’s artificial intelligence program. I never paid for this service, which was the issue.

It seems I’m not the only one in this predicament. Find out more in this post.

ChatGPT-Themed Attacks:

Palo Alto Networks, a cyber security firm, has reported a significant increase in ChatGPT-themed attacks. They discovered numerous malicious URLs and phishing attempts targeting unsuspecting individuals.

The police have received several reports of unauthorized transactions related to OpenAI or ChatGPT, and cyber security experts believe that these small transactions are used by cyber criminals to test the validity of stolen card details before making larger fraudulent transactions. 

I Nearly Became a Victim – 

When I discovered the ChatGPT transactions on my account, I immediately contacted OCBC Bank. After some back and forth, they eventually refunded the amount, canceled my card, and advised me to file a police report. 

I had only registered for a free account on ChatGPT and had never entered my card details on their website. Recovering my money was a relief, but it also served as a reminder to safeguard my bank information.

And, there are lots of people like me out there. 

Vigilance is Key – 

Vigilance is Key | KD Rooban

Customers of other regional banks, including POSB, DBS Bank, and UOB, have experienced similar situations.

A non-existent website charged one DBS credit cardholder, Mrs. Law. The bank refunded her and issued a new card without providing much explanation. 

Many affected individuals have taken to social media platforms like Reddit, TikTok, and Xiaohongshu to share their frustrations and warn others about unauthorized charges to their bank accounts.

Many credit and debit cardholders in Singapore and overseas have fallen victim to similar fraudulent charges from legitimate companies like OpenAI and Apple. To avoid such scams, experts recommend setting up alerts for small transactions on our bank accounts.

How Cybercriminals Scam You: 

The cyber criminals behind these scams seem to obtain card details through various means. 

BIN Attack – 

One method involves a Bank Identification Number (BIN) attack. Fraudsters use the leading six digits of a credit card and software to generate: 

  • the remaining numbers;
  • card verification value (CVV); and 
  • expiration date.

They then test these generated numbers against real transactions to see whether the card is valid.

Bank Identification Number (BIN) attack | KD Rooban

Data Thefts – 

Another way card details can be compromised is through data leaks or stealing customer data from unsecured websites. Cybercriminals are constantly finding new and innovative ways to get their hands on personal and sensitive information and exploit it for their own gain.

How to Avoid Fake Cyber Transactions in Singapore:

To protect ourselves, financial institutions and experts recommend reporting any fraudulent or suspicious transactions immediately to our bank and the police. 

In Singapore, customers are generally not liable for unauthorized transactions if the merchant does not require additional verification, such as a one-time password. However, merchants must activate 3D Secure (3DS) authentication. It adds an extra step of entering a password or code sent to their phone before making a payment.

Unfortunately, not all merchants activate 3DS, which can impact their sales revenue and volume. Therefore, smaller transactions in the $20 to $30 range might bypass this security check. Cybersecurity experts warn that these smaller deductions are a tactic criminals use to avoid raising suspicion.

Conclusion:

In light of these incidents, banks like OCBC, UOB, and DBS urge customers to monitor their transactions regularly. They also recommend familiarizing ourselves with security controls the banks provide, such as temporarily locking our cards.

Finally, we must secure our financial information by keeping ourselves aware. Anyone can be a victim of fraudulent activities, but we can reduce the risks and protect our hard-earned money by being proactive and watchful.