Can bank accounts be hacked with just a two-minute phone call? No, that's not true: The Thai Cyber Crime Investigation Bureau confirmed that, technically, it's impossible to hack the system through a two-minute phone call. Other steps are necessary, such as the victim downloading specific applications on the phone, even without realizing it, or clicking on malicious links.
The claim appeared in a video (archived here) on TikTok by @janejindajane on February 13, 2024, under the title with caption (translated from Thai to English by Lead Stories staff):
Warning! Money in a bank account can disappear by making a phone call just for 2 minutes.
This is what the post looked like on TikTok at the time of writing:
(Source: TikTok screenshot taken on Tue Feb 20 16:40:32 2024 UTC)
According to the video, one scammer brought to light how scammers purportedly hack people's bank accounts via phone calls. She claimed that there is no need to download any applications; simply engaging in a two-minute phone call with a scammer can result in the disappearance of all your money.
Recent news reports (archived here) have highlighted the activities of a scammer associated with Chinese interests. Allegedly, this person operates within a company equipped with four hacking machines, each valued at 120 million baht ($3.3 million). These machines are used to target individuals whose personal information, including telephone numbers, citizen numbers and birthdays, has been purchased from the black market. The primary targets of these scams are reportedly retired military personnel, businessmen and people with bank account balances exceeding two million baht ($55,000). When the scammer contacts the victims, they are instructed to keep the phone call active for two minutes, after which the hacking machines are used to gain access to the victim's bank account.
According to experts, hacking mobile banking is not so simple. Thananon Patinyasakdikul (archived here), a software engineer at Hewlett Packard Enterprise, debunked this claim in a YouTube video posted on his channel on February 16, 2024. He explained that technically, hacking a bank account requires previous actions, such as having downloaded specific applications or having clicked on malicious links. Even if a scammer gains access to your mobile phone, controlling it is still challenging due to the robust security systems employed by mobile banking platforms.
On February 12, 2024, the Thai TV program "The Discussion" (archived here) on Channel 7 hosted a scammer identified as Mr. A. Representatives from the Royal Thai Police also participated in the TV program. In the televised discussion, Mr. A was questioned about his alleged involvement in bank hacking activities. The Royal Thai Police, including the Cyber Crime Investigation Bureau, shared their findings, stating that it is impossible to hack mobile banking systems without installing any application on the victim's phone. They emphasized that victims might have unwittingly installed malicious applications before receiving calls from scammers.
During the discussion, the police pressed Mr. A for further details on how his group allegedly bypassed the stringent security measures of mobile banking systems. Mr. A disclosed that their method involved utilizing the victims' voices to authenticate voice biometrics.
On February 13, 2024, after the TV program, TB-CERT (archived here), Thailand's Computer Emergency Response Team, of the Thai Bankers' Association, refuted the claim made by Mr. A, stating that mobile banking applications do not utilize voice biometric systems. Instead, they clarified that mobile banking security relies on face scan biometrics as a means of identity verification, necessary before conducting financial transactions or adjusting credit limits.