Plugged in danger: Cell phone chargers have become a topic of discussion recently as people are concerned that their cell phones can be hacked by charging cables.
Social media was abuzz after a man posted on his Facebook page that 101,560 baht had disappeared from his bank account while charging his phone at a public charging station.
When the man insisted that he not download unknown apps or click on any suspicious links, netizens began to suspect that the charging cable had been tampered with to steal data from his device.
One theory was that the charging cable was fake and when connected to his phone enabled hackers to take control of his phone and transfer money from his account.
This sparked widespread fear, if not panic. Many said they would now use their own charging cables, and some went so far as to consider removing their mobile banking apps.
The incident was investigated and the facts were finally confirmed. The culprit was not the charging cable, but a fake dating app called “Sweet Meet” that the man had installed on his phone.
The revelation may have brought some relief. But with mobile banking so widely used in this day and age, stakeholders can never stress enough how vulnerable people are to scammers and why it’s important to keep our guard up against the risks of financial crime.
cable really sly?
Prenia Home Anik, a cybersecurity expert and member of the National Cybersecurity Committee, was among the first to question the use of such a method. Media reports ran the racy headline “Charging cable stolen”.
“It’s impossible. When I first saw it on the news, I thought the media had gone too far,” he said.
In many cases, often on Android phones, people can unknowingly install malicious apps that allow scammers to take control of their phones, according to Mr. Brenya.
“They are tricked with text messages, ads, or phone calls. Whatever it is, they are tricked into installing malware that allows scammers to access their phones.
“Don’t panic about the charging cable. People should be looking for malware, suspicious apps or links. Don’t be so quick to point fingers. First, check your phones,” he said.
If suspicious apps are found, delete them and factory reset devices — the best step to getting rid of malware, he said.
He said, citing information from the Cybercrime Investigation Bureau, that more than 10,000 people fall victim to scammers with financial damages estimated at 50 million baht per day.
Mr. Brenya also said that financial institutions and law enforcement agencies should establish a formal agreement to ramp up system security and enhance financial and technology literacy among consumers.
Supachai Natong, a 43-year-old electronics salesman, said he was more concerned about malware and the deceptive methods scammers use to lure victims into their trap.
“These criminals always come up with something to get our money. I think all phone users should stay vigilant and think twice before installing any apps,” he said.
Batraporn Tongpat, a 26-year-old phone technician, said her first thought when she heard about the scam was malware.
“I got robbed with a charging cable… I really doubt it. You plug it in and your account is suddenly drained… That’s unlikely. The phone is infected with malware and it’s being hacked. That makes more sense,” she said.
She said her customers weren’t fazed by the charging cable report and knew that sooner rather than later, the incident would be forgotten — like an “exploded keyboard.”
She was referring to the accidental firing of a gun in a computer classroom at Nonthaburi School which killed a student in September last year. Many media outlets rushed to headline her reports as “explosive keyboard”.
“Keep abreast of the banks’ announcements and alerts. Beware of risks and threats, as they exist,” she said.
Many phone and peripheral salesmen and technicians have found themselves inundated with questions from customers who fear they may be getting more than they originally intended.
Pundit Wongsha, a 39-year-old phone technician, said that although the police and the Bank of Thailand made it clear that the fraud was not due to a charging cable, his customers were worried when they came in for repair and replacement. He also said that many companies could have been harmed if the authorities had been slow to respond to the allegation.
Watchareena Sornprasarn, 31, a phone seller, said phone buyers especially those who opt for inexpensive Android devices seem to have more questions about security when looking for new phones.
She said the new phones come with charging cables from the manufacturers, so you don’t have to worry about inferior or fitted parts. However, those who opt for cheap Android phones will have to put up with the pop-up ads that some third-party apps get rid of, she said.
Another seller, Pornprapa Pannarai, 29, said it was business as usual despite customers asking about charging cables. They also want to know how to distinguish between standard and non-standard. It urged state agencies to take more action to deal with data theft and financial fraud. “I think protecting personal information is the most important thing.”
Chattiwong Somnonnan, a 33-year-old salesperson, said his sales were not affected by the hacked charging cable but that customers were now more interested in security features and updates. “I am keen to see how the police will deal with these scammers. How can they deal with cybercrime and destroy these people?” He said.
According to Pol Lt Gen Worawat Watnakornbancha, Commissioner of the Cybercrime Investigation Bureau (CCIB), the man’s phone was installed with a matchmaking scam app called ‘Sweet Meet’.
The deputy chief of the National Police, Tursac Soquemol, said that people should not click on any links or download any unauthorized applications to avoid infecting their phones with malware.
He said it was technically possible for people to use a charging cable to hack into phones. But the device equipped then can only get basic information or GPS data which is not widely available and only used by security experts.
The most important thing, he said, is that people should avoid downloading apps from third-party sources suggested by some streaming software. He added that smartphone users should download and install apps directly from the Google Play Store or the App Store.
The Bank of Thailand and the Thai Bankers Association (TBA), which investigated the fraud, confirmed that the man was tricked into installing a fake app with malware.
The malware enabled the scammers to gain control of the phone and they would transfer money from the user’s bank account when the phone was not in use by the owner.
Scammers have come up with a number of tricks – text messages, call centers, fake loan apps – and luring people into installing malware-included apps is the latest. They said that financial institutions need to develop tools and measures and cooperate with relevant agencies to respond effectively to the escalation of cybercrime.
The Ministry of Digital Economy and Society (DES) urged mobile phone users to check whether they have installed about 200 malicious applications that could allow hackers to steal personal data or take control of their mobile phones.
DES Minister Chaiwut Thanakamanusorn said 200 malware items were found by the National Cyber Security Agency and DES posted the list on its Facebook page (https://www.facebook.com/prmdes.official). He urged mobile phone users to delete malware apps and keep their mobile phones updated with security patches.