Dozens spammed with unsolicited SMSes from ezbuy, Ang Mo Kio Town Council
Dozens of people said they received unsolicited SMS messages from e-commerce platform ezbuy on Thursday, prompting concern that their devices had been hacked.
The incident comes two days after Ang Mo Kio residents were spammed with SMSes containing verification codes purportedly related to the cancellation of its bulky item removal service.
In the case of ezbuy, people reported receiving an SMS that said: “Use xxxxxx (ezbuy OTP) to proceed. Key in the OTP within 15 minutes.” Affected individuals said they were not users of the ezbuy platform.
Mr Ephraim Ng told The Straits Times that the messages left him bewildered and worried that transactions had occurred without his knowledge.
It drove the 24-year-old student to check his online accounts to make sure that there were no pending transactions.
“Having received an unsolicited OTP (one-time password), (it) really got me thinking, are hackers becoming more skilled, or are our devices becoming more exploitable?”
Those who received the mysterious SMS messages posted about it on Reddit forums where they said they were afraid that it might be a phishing scam, phone number leak or cyber attack.
Check Point Software Technologies security architect Clement Lee told ST that the SMSes “do not appear to have an apparent malicious intent”, although he conceded that it was difficult to say for certain.
For now, it seems the messages likely originated from ezbuy’s SMS server and could possibly be a technical error, he said. He advised those who have an ezbuy account to change their passwords.
ST has reached out to ezbuy for comment.
In a similar but unrelated incident on Tuesday, Ang Mo Kio Town Council (AMKTC) spammed some of its residents with SMSes containing verification codes related to the cancellation of its bulky item removal service.
It is not known whether all who received the messages had used the refuse removal service before.
Teacher Jerry Lee received five SMSes that afternoon, each containing a different verification code.
“At first, I thought someone had accidentally keyed in the wrong phone number or address to book the service and then tried to cancel,” he said, adding that he last used the removal service in June.
Thousands of SMSes had been sent out by mistake, and the town council sent a message to apologise to residents that night, added Mr Lee.
In response to queries, an AMKTC spokesman said preliminary findings showed that those SMSes were sent due to a technical glitch that arose after the collection system was upgraded to allow residents to make cancellations online.
The spokesman assured residents that its system was not compromised and that there were no security lapses.
“We are working closely with our website provider to optimise the system integration process, so as to avoid the occurrence of such an incident in the future,” he said.
Get The New Paper on your phone with the free TNP app. Download from the Apple App Store or Google Play Store now
