'Lots of customers': the banks of choice for scammers

Malaysians were recently shaken by the story of a doctor who lost thousands of ringgit from her bank account, a tale which sparked renewed concern over the security of online banking in the country. 

Dr Rafidah Abdullah said in a social media post that she had lost RM13,000 from her CIMB account. 

However, according to her, she had never clicked on any links that could have jeopardised the safety of her account. 

Her story was soon joined by those of others who shared how they, too, had lost money from their bank accounts in acts attributed to scammers. 

Amirudin Abdul Wahab, chief executive of national cyber security specialist centre CyberSecurity Malaysia, however said that financial institutions such as banks employ the latest security systems.

"Banks have systems that monitor the latest trends in cyber security threats and attacks," he said. 

"They also need to comply with strict cyber security standards based on the regulations set out by Bank Negara Malaysia, to protect the system and prevent the unauthorised access of user data."

Amirudin also said that threats to banking operations vary according to country, with criminals preferring to target banks with a high percentage of customers. 

In Malaysia, he said, the cyber threat is SMSSpy.

"For example, in other countries, cyber criminals use the smishing tactic where data phishing attempts are carried out via SMS," he said. 

"Cyber criminals deceive their victims by sending out SMSes, purportedly from the bank, claiming that they have a problem with their bank account or credit card. 

"The SMS contains a link to a fake website masquerading as a legitimate bank site that requests their banking information and password." 

And as the world becomes more digitalised, cyber attacks of this nature are only expected to continue.

Ahmed Razman Abdul Latiff, an economist from the Putra Business School, said scammers in Malaysia were becoming more advanced in terms of technique and the technology that they use.

This, he said, put banks and their customers at a high risk of being swindled. 

"Previously, scammers might have asked customers for their OTP number, but now, this can be obtained through special applications or because the customer clicks on a particular link," he said. 

"The banks for their part are not as quick in updating their banking security system."

On the customer side, Razman said, some were too easily convinced by third-party callers, or influenced by supposed promotions, to the point that they were willing to download applications or click links, the validity of which could not be ascertained. 

He said phishing, or the provision of fake links, was an easy and well-known way for scammers to trick their victims into providing personal information including account numbers and passwords. 

And these days, more and more transactions are being conducted online. 

According to a report by the Department of Statistics, e-commerce revenue jumped to RM801.2 billion in the first nine months of last year alone. 

Mohamad Yusof Darus from Universiti Teknologi Mara's faculty of computer science and mathematics, said such developments indirectly attract cyber criminals to target internet users through banking, payment systems and even online shopping platforms. 

"Social engineering attacks like vishing, meanwhile, target victims through telephone calls," he said. 

"For example, they tell the person on the other end of the line that their bank account has been jeopardised. 

"If, through vishing, the scammers can obtain information about their victims' bank accounts or credit cards, they have automatic access to their bank accounts," he said. 

But even as such cases continue, he said, public awareness about cyber security remains low. 

He said users should always be aware of the operating system and software they download so that their devices do not become infected with malware. 

Razman suggested that the government introduce a new law to freeze the accounts of those who are suspected to be scammers when customers report suspicious transactions. 

Cybersecurity Malaysia meanwhile advised the public to avoid using WiFi networks that are not trusted for banking activities or making online purchases. 

Other preventive measures include using strong passwords and installing anti-virus software, and opting for the "two-step" verification or authentication process.