Beware links asking for banking details, it's likely a scam, say cops.
With online businesses on the rise, the scammers are getting more sophisticated. All it takes is for a user to click a link, and thousands could be stolen in the blink of an eye. Malaysians have already lost almost Rm40mil since October last year.
Clicking on one link cost one man RM10,000. In December last year, Michael (not his real name) received a notification on his phone telling him to change his banking account password. Thinking it was a good idea to keep his account secure, Michael clicked on the accompanying link and filled in his banking details, including a new password. But the notification was fake and the link exposed Michael’s account to scammers. “Nothing seemed out of the ordinary as the message looked authentic. Clicking the link redirected me to [what seemed to be] the bank’s site and I went on without suspecting anything amiss. “Several hours later, I noticed the money was gone and knew I had been scammed,” he said, adding that he has since lodged a report with the bank. While the Macau scam famously has crooks posing as government officers and telling victims that money needs to be urgently transferred to avoid legal action, this technique fools people with fake links and apps, say cybersecurity experts. The tactic is to offer lucrative deals on high-demand products with one condition: the buyer has to conduct the transaction through an app or link sent by the scammer to the victim’s device; this then allows scammers to obtain personal banking details. Known as a phishing attack, the technique goes back to the 1990s and the early days of the Internet. In January, a 55-year-old vocational training officer in Pahang was cheated of RM23,514.70 by a scammer impersonating an NFC (near-field communication) card sales agent. NFC cards allow wireless transactions and are becoming very popular, especially for toll payments. Exploiting the surge in demand for such cards, one syndicate advertised on Facebook offering “Nfccapable enhanced cards” in a family package of four cards for just RM32, and the training officer fell for the “too good to be true” deal. With cashless transactions increasing by the minute and becoming more prevalent, banks are issuing scam alerts on their websites, through newsletters and even text messages, advising customers to be extra cautious when conducting such business as they leave themselves open to phishing attempts. Phishing is a process where scamsters trick users into divulging personal information such as passwords or credit card details to gain access to users’ online banking accounts. The message from banks is crystal clear: never trust phone calls or messages requesting personal details, and never click email links to fill up forms. Fong Choong Fook, executive chairman of cybersecurity testing firm LGMS Bhd, said scammers now capitalise on “market demand” and advertise everything from maid cleaning services and food products to the latest tech gadget, among others. “The type of product or service offered also changes depending on market demand. These products or services are usually sold in bulk as it allows the scammer to make more money,” he said. Fong said the scammers ask the interested party to either install an app or click the link sent to make payments. “This acts as a trojan horse to capture the consumer’s banking details, which is where the nightmare begins. “The best way a person can avoid being scammed like this is to not download any apps or click any links sent directly from non-trusted sources,” he said. He added that reclaiming money from scams is very difficult as it would usually be transferred very quickly through multiple accounts with scammers on standby to withdraw the sum at ATMS. “Today, however, the government has set up a countermeasure through the National Scam Response Centre (NSRC) which serves as the last line of defence for victims. “The task force behind the hotline can also take the necessary actions to help victims,” he said. The NSRC’S emergency response number is 997. Cybersecurity expert Assoc Prof Dr Selvakumar Manickam from Universiti Sains Malaysia said cashless transaction scams have increased as adoption of such payment methods increased amid the Covid-19 pandemic that began in 2020. Scammers can easily create fraudulent websites that look identical to authentic banking sites to dupe unsuspecting victims. “The interface will look authentic and request users to insert their credentials to log in, as done on authentic sites,” he said. He advised consumers to never click on links sent to their devices regardless of whether they are sent from authentic sources. “Always access the site either through your browser or official app to ensure your security,” he said. He also advised users to refrain from connecting to infrastructure such as public Wifi or computers as it could lead to hacking as well. “If you’re constantly performing transactions through these banking sites, make it a habit to change your password every six months as a precautionary measure,” said Selvakumar. A financial crime investigator at a public listed bank who spoke anonymously said scammers are extremely coordinated. “Large amounts of even up to RM100,000 can disappear within minutes as the money is diverted through several intermediary accounts, making the trail difficult to trace. “Scammers will also change your banking details such as passwords, transaction limits and linked-handphone numbers, leaving the victim unaware of what is happening. “They also usually work in large groups with everyone on standby once a victim is identified,” he said. He added that the obvious signs of such scams are that banks or officers would never call from mobile lines, adding that they would also never transfer the line to “law enforcement officers”.“It’s best to just hang up on the call, and report it to the banks or NSRC if you encounter such situations,” he said.
by GERARD GIMINO and MAHADHIR MONIHULDIN
Related posts:
Precautions to take before clicking on web links or URLs
#Windows10 #InternetSafety #OnlineSafety
The Internet can be a bad place, and not all websites are safe. Things may not always be what they seem, and it is, therefore, imperative that you take some basic precautions before you click on any hyperlink or URL. This beginner’s guide talks of the basic precautions one should take before clicking on web links, URLs or hyperlinks.
If you have noticed, when you are reading a web page, you will often see links as, for instance – TheWindowsClub or simply as www.thewindowsclub.com. Most of you may click on such links without a second thought. In either of these two cases, you will be taken to the genuine URL or website which is https://www.thewindowsclub.com. But you need to be careful as the displayed text or the hyperlink can be misleading. To give you an example, if you were to click on TheWindowsClub.com now, you could be taken to another link – in this case our own sub-domain. Or you could click on a different displayed link text like say Windows 10 and still be taken to www.thewindowsclub.com. Then again, you may see news.thewindowsclub.com but be taken to www.thewindowsclub.com. The point that I am trying to make is that don’t take things at face value. So to confirm that a link is safe or not, what you need to do, is move your mouse pointer and hover it over the link. Read more on https://www.thewindowsclub.com/precau.#OnlineSafety #InternetSafety #Windows10