Scammers, OTPs & SQL: A Story From Our Regional Fraud Analyst

IAmShopee_Evelyn Ng_Regional Fraud Analyst

This is the first of many roles that Shopee will be featuring over the next few months. We hope this helps you find something you might like to do for a living.

To kick off this exciting segment, we speak with Evelyn Ng, our Regional Fraud Analyst (Operations) based in Shopee Singapore.

Hi Evelyn! How did you get into such an interesting role?

E: I first came across this position on my school’s career portal when doing my Business Analytics undergraduate studies. Back then, I already had a preference for a non-conventional role, so this title and job description immediately caught my attention.

Is being a Regional Fraud Analyst as fun as it sounds?

E: It’s a lot of work, but it’s definitely fun. My team and I like to think of ourselves as detectives – we comb through data and trends to find clues that will help us strengthen Shopee’s seller- and buyer-systems.

What exactly do you do? 

E: Based on fraud trends that our regional counterparts send me, I’ll come up with ways to act against people who try to cheat our system (e.g. hackers, fraudsters, privilege abusers). I often speak with the Product Management team to create security features in the Shopee mobile app, and help both sellers and buyers understand account security methods and the appropriate responses towards scam behaviors.

Is there any particular case you’d like to highlight?

E: There has recently been a surge in scam cases asking for buyers’ OTPs (one-time passwords). Imposters often do so under the pretext of being Shopee’s Customer Service associates, and change buyers’ personal information immediately after receiving the OTP.

In this specific circumstance, the conman used his victim’s OTP to change his log-in password, phone number, email address and wallet PIN. He then cancelled the victim’s last purchase, which had yet to be delivered, and bought phone credits from another store instead. The victim ended up being cheated of S$85, which could easily have been a much larger sum.

How will you prevent such cases from happening as often in future? 

E: This is where it gets most exciting. Scripting SQL tests on our massive database, I compare the abnormalities of scam behaviors against that of normal users. I then place myself in the shoes of a scammer and try to think of every possible method he would have used to attain his goal. Depending on the nature of the loopholes, I’ll set up security roadblocks within the app to sabotage his endeavors.

We really have you and your team to thank for Shopee’s mobile app security. Thank you for sharing, Evelyn!

Liked reading this interview? Follow the #ShopeeInsider and #lifeatshopee hashtags on LinkedIn for more role features like this. If you’d like to be part of Shopee’s Operations team, find out more at