About 40,000 people lost a total 10 million baht to fraudulent automatic withdrawals set up through dodgy phone apps or due to careless online behavior, the Cyber Crime Investigation Bureau said.
Thai banks, credit card companies and government offices have been swamped with complaints about suspicious withdrawals that, although limited in amount, occurred repeatedly.
Pol. Lt. Gen. Kornchai Khlaikhlueng, commissioner of the cyber bureau, said Monday that withdrawals from bank and credit card accounts without the consent of account owners resulted from three causes:
First, personal data of bank account owners were leaked to criminals after accounts had been set up for bill payments through insecure or fraudulent mobile applications.
Second, account owners received fraudulent messages with links via text message, luring them into clicking the links and inputting their personal data.
Third, corrupt staff at gas stations and convenience stores copied numbers on credit and debit cards and sold the data to criminals.
Prime Minister Prayut Chan-o-cha last week ordered relevant organizations to investigate people’s complaints about suspicious withdrawals from their bank accounts which were set up for automatic bill payments.
Government spokesman Thanakorn Wangboonkongchana quoted Payong Srivanich, president of the Thai Bankers’ Association, as saying that the association already discussed the issue with the chief information officers of commercial banks.
The association and the Bank of Thailand stated that the suspicious withdrawals did not result from any data leakage from any banks, but were mostly caused by online payments for products and services ordered from the vendors who were registered abroad.
Cyber cop Kornchai said he would discuss the issue with the Bank of Thailand and online vendors to work out preventive measures.
He warned account owners not to set up automatic payment through unnecessary or unreliable applications and not to click any links from unfamiliar short messages or emails.
He suggested card users erase or cover three-digit CVC security codes at the backs of their cards for safety.