KTC and NCSA Unite for FIT Talk #12 Seminar on "The Future of Cyber Threats and Cyber Defense"

Mr. Rywin Voravongsatit, Head of Operations Control & Merchant Operations, "KTC" or Krungthai Card Public Company Limited, revealed, "KTC prioritizes the continual enhancement of its corruption prevention management system. Recently, we achieved international recognition for credit card data security standards (PCI DSS) from the British Standards Institution (BSI), marking a milestone as the first financial institution in the Asia Pacific region. We are dedicated to providing members and consumers with accurate information and understanding and working together to prevent cyber threats from the initial stages. We continued to partner with various organizations and agencies and hosted knowledge-sharing seminars. Our recent partnership with NCSA involved launching a seminar to update Thais on emerging cyber threats, on top of enhancing security standards for product and service transactions using KTC cards across our entire system."

"Currently, the trend of corruption through card-not-present transactions, using programs to randomize card digits for financial transactions (Bin Attack), and data leaks (Data Compromise) continues to rise. In response, KTC has launched the KTC Digital Credit Card to enhance security for its members which prevents fraud related to card-not-present transactions and data compromises."

"Danger of cyber threats are at our doorsteps, increasingly affecting vulnerable groups. Scammers trick people by exploiting fear. It is crucial for everyone to promptly learn how to prepare for and protect against these threats. Doing so can mitigate potential harm to oneself and others. Today, serious cyber threats include various forms of social engineering and remote control attacks, accessible through both iOS and Android systems. There is also a rising trend in money transfer scams, which inflict greater damage than remote control incidents, often targeting the elderly."

"Social engineering is a cyber attack method that manipulates victims into following the attacker's orders through various deceptive techniques. Common techniques include: 1) Phishing: Sending fake emails to trick recipients into clicking on links or providing personal information like passwords or credit card details. To prevent phishing, avoid sharing personal information via email or unreliable websites, and always verify the URL or source of the message. 2) Vishing: Using voice communication, often through phone calls, to deceive users into giving personal information or important account details. A common example is the call center scam, which can lead to remote access to your accounts. 3) Smishing: Sending deceptive messages via SMS (Short Message Service) to trick victims into providing personal information or clicking on dangerous links. To stay safe, avoid clicking on links from unknown or unreliable sources. Banks do not send links via SMS or include urgent messages to redeem points or claim prizes."

Mr. Noparat Suriya, Head of Card & Merchant Prevention Division, "KTC" stated, "Currently, cyber threats involving remote control attacks through application downloads are declining, but scams involving call center gangs using bank transfer are on the rise, causing increasing damage. These scams often target the elderly, who are more vulnerable and easily deceived. Scammers use fear tactics, convincing account owners that they are involved in money laundering by impersonating officials from Provincial Police Stations (PAOs) or the Anti-Money Laundering Office (AMLO), claiming there is a suspicious package or that the victim's name has been used to open a mobile phone number linked to money laundering activities."

"In the past, scammers often tricked victims into clicking on links and downloading apps, primarily targeting the Android system. Their goal was to take control of the mobile phone through remote control to access various banking applications. Nowadays, fraudsters can also defraud victims using iPhones and the iOS system."

"To avoid falling victim to scammers, take proactive measures: 1) Always download applications from the Official Store of the respective company or agency. Avoid clicking on links, as fake apps can closely mimic legitimate ones. 2) If contacted by someone claiming to be official and asking for app downloads or involvement in financial activities like money laundering, verify their identity by contacting the agency directly through official channels listed on their website. 3) If you suspect remote control of your device or have installed a suspicious app, immediately disconnect from networks, force close the app, and perform a factory reset to remove any hidden malware and prevent ongoing remote access. 4) Use unique security codes for banking apps, distinct from those used for other applications."

"For KTC members, we prioritize customer information security, ensuring confident and secure financial transactions, which collectively enhances protection from diverse security threats. We recommend members enhance their information security by downloading and using the 'KTC Mobile' app, which offers user-friendly features and robust safety protections. These include a reminder system for every transaction, setting desired spending limits, receiving payment date reminders, and self-service options like temporary card blocking and credit limit adjustments. Additionally, we urge members to exercise caution in sharing their codes to mitigate the risk of fraudulent account access."

AVM Jadet Khuhakongkit, Assistant Secretary General, National Cyber Security Agency (NCSA), revealed, "The NCSA is the main agency responsible for enhancing Thailand's overall cybersecurity. Cyber threats, which may harm the country, are monitored and categorized into 2 groups: Group 1 includes government agencies and critical information infrastructure agencies, while Group 2 comprises Thais who use information technology daily."

"In Group 1, we found that in 2023, there were cyberattacks on government agencies' data and information systems, including critical information infrastructure agencies. This was mainly due to a lack of understanding of secure software development design and inadequate protection and incident response."

"In Group 2, we found that over the past year, scammers have continuously changed their methods of defrauding Thais. The NCSA has been monitoring groups of scammers who use social media for scams, including investment fraud, false reporting, and online gambling. They also deceive people by pretending to be organizations or financial institutions. The NCSA has been working proactively with social platforms, media outlets, the Ministry of Digital Economy and Society, the Royal Thai Police, and telecommunications service providers. This collaboration has significantly increased the blocking of such criminal groups."

"Throughout the past year, the NCSA has worked closely with many financial institutions to warn about websites posing as financial institutions to deceive Thai people. In cooperation with the Ministry of Digital Economy and Society and domain name service providers, we have been tackling these fake websites to prevent their use in scams, receiving good cooperation from all sectors. However, scammers can quickly create new fake websites, so continuous monitoring and intervention are essential. The NCSA works with partner agencies to enhance cybersecurity under the Cybersecurity Act 2019 for financial institutions. Collaborating with the Bank of Thailand (BoT), the Securities and Exchange Commission (SEC), Thailand Banking Sector CERT, and Thailand Telecommunication Sector CERT, the NCSA serves as the central agency preparing the National Cybersecurity Baseline. The regulator ensures that supervised entities comply with these minimum requirements and provides annual training and assessment to these agencies."

"Finally, we urge all Thais to protect themselves from scammers and cyber threats by following 3 principles: don't believe, don't act, and don't get tricked. Especially, do not trust anyone easily. Be skeptical of online deals that seem too good to be true or cheaper than market prices, don't believe securities companies promising inflated investment returns, and be cautious of any agency contacting you by phone or adding you on LINE. If you become a victim, immediately contact your bank to freeze your funds before reaching out to the Anti Online Scam Operation Center (AOC) or the AOC Hotline 1441. If you encounter online scams, you can also contact the NCSA through various channels at ncsa.or.th to help combat scammers."