Wednesday 16 January 2013

e-Banking Fraud, when's your turn?

"Kuala Lumpur, Tuesday, 15 January 2013:- The Association of Banks in Malaysia (ABM) today launched the 2013 e-Banking Awareness Campaign, a collaborative effort spearheaded by the 13 commercial banks forming its Council, key member banks of the Association of Islamic Banking Institutions Malaysia (AIBIM), CyberSecurity Malaysia, the Malaysian Communications and Multimedia Commission (MCMC), and the Royal Malaysian Police under the auspices of Bank Negara Malaysia’s Internet Banking Task Force.

The event, officiated by Encik Abu Hassan Alshari Yahaya, Assistant Governor of Bank Negara Malaysia, was attended by CEOs and top officials from member banks of both Associations. Also present at the event were senior officials from CyberSecurity Malaysia, MCMC and the Royal Malaysian Police.

The six-month campaign is aimed at creating awareness of the general public on current e-Banking scams with the intention to help them avoid becoming victims. Thus it will focus on empowering the general public who will learn and understand the methods deployed by cyber criminals.

The nationwide campaign will see the messages being conveyed via various advertising platforms such as print, electronic and online media. In addition, participating banks will leverage on their respective online presence to reinforce the campaign through the use of their physical branch networks for display of posters and distribution of pamphlets."
*********************
While most of us are prudent when it comes to investment, that does not mean our online banking accounts are not susceptible to different types of scams. In fact I've read so many scam news over the past couple of years with the victims ranging from working professionals to your common housewives. The bottom line is that no one is infallible towards these scams and the best prevention starts with creating awareness.

Personally, I have received calls (mostly in Mandarin) asking for my personal details...blah blah blah. Normally the easiest way to end these calls is to respond in English. Why English? Logically someone who speaks fluent English would be better off working in an international call center instead of making hundreds of calls daily to scam others right? If the scammer is able to converse in English, then other defense mechanism such as "I am busy", "I will find out more from the bank itself", etc can be utilized.

Then there's the typical sms saying I've won a million dollars and I need to call @@@ number to claim my price. Scam emails are aplenty, requesting to update my account in bank X where else I don't even have an account with bank X. As I've said earlier, the number of scammers out there are endless and they continuously improve on their tricks in search of easy money. The best is to ignore and delete these mail or sms-es right away. 

Cases of e-banking fraud have been reported as far back as 2006 on the papers. The impending fact is that scams and frauds are here to stay, past, present and future! Here are some of the reported cases:

Excerpt from theStar ~ 29th July 2006
A syndicate operating an Internet scam called “phishing” has tricked customers into giving details of their bank accounts and then fraudulently withdrawing their money.
Since the scam was first reported last month, 15 victims have lodged reports at the Federal Commercial Crime headquarters. The highest loss suffered was RM18,000.
Federal Commercial Crime chief Comm Datuk Ramli Yusuff said the syndicate had sent out e-mails to victims to update their accounts as soon possible, claiming the bank was upgrading its website.
“After the victims give their personal identification, password, account number and user ID, syndicate members would withdraw cash or use the information to purchase items,” Comm Ramli said.
Police are advising the public to contact their banks first before revealing the details of their account.

Excerpt from theStar ~ 15th September 2011
KUALA LUMPUR: Police have smashed a syndicate believed to have stolen about RM250,000 from 12 victims via an Internet phishing and SIM card hijacking scam with the arrest of seven people.
Those arrested included three foreign men – the mastermind from Sierra Leone and two others from Jordan and Pakistan – as well as a local man and three women.
Federal Commercial Crime Investigations Department director Comm Datuk Syed Ismail Syed Azizan said the syndicate, which had been active since early this year, would first go to an Internet banking kiosk and upload a software that recorded the usernames and passwords of those using it.
“They will come back a few hours later and download the data into a USB drive,” he said at the federal headquarters in Bukit Perdana here yesterday.
Excerpt from theStar ~ 25 November 2011
KUALA LUMPUR: Despite being extremely cautious with her online banking, a consultant found herself the victim of a phishing scam which cost her thousands of ringgit.
On Nov 17, Chew Lee Chen, 34, had updated her online account for a local bank, which she had been using for over five years.
But four days later, she was shocked to discover that RM3,000 had been transferred to another account belonging to an unknown woman.
She immediately lodged a report at the Dang Wangi police station but was told to bring the case to the bank.
“The bank did not even offer to help, saying that it was my fault because I had trusted a phishing site,” a frustrated Chew said at a press conference at the MCA Public Services and Complaints Department.
Department head Datuk Michael Chong said he would demand that the bank involved and the police conduct a thorough investigation.
There's also a sample of phishing mail which I found on YouTube. You can skip straight to 2:06 if you don't want to see the introduction from the video up-loader. Love the hilarious commentating in Bahasa Melayu.



Listen...listen...listen...listen...listen!

While we can't stop scammers, there's always the option of trying to create a nationwide awareness about e-Banking fraud. Kudos for our local banks for starting that initiative! (cause I seriously believe our banks are getting tired of entertaining scam complaints).

Here are some e-Banking awareness e-poster that would be making their way to your local bank soon:

E-mail Scam
Phone Scam
SMS Scam
There's also the FAQ section on the Association of Banks in Malaysia site that I have shamelessly stolen copied and posted here. All for the greater good huh!


FAQ on e-Banking Security
1.    What are the current most popular e-banking scams in Malaysia?
      
The number one e-banking scam in Malaysia currently is phishing/email scam, followed by SMS scam and phone scam.

2.    What is an email scam?

   
An email scam is a type of scam more widely known as ‘phishing‘. An email scam involves a fraudster randomly sending forged emails purportedly from financial institutions or publicly known organisations to lure victims into revealing their internet banking login credentials, email credentials, credit card numbers, bank account numbers and/or passwords which are then used to perform transactions not authorised by the victims.
     
These emails are designed to appear legitimate to gain the trust of the recipient. The content of the email typically attempts to inflict a sense of urgency and panic in order to trick customers into revealing confidential information on a fake website/popup.     

3.    What is a SMS scam?

          
A SMS scam usually involves SMS-es initiated by a fraudster to trick victims into believing that they have won a contest/reward and which attempt to lead them into compromising their banking information and/or create an internet banking facility without the victim even realising it.
This type of scam may also involve ‘identity theft’ since an unauthorised person usually pretends to be a valid account holder and accesses the customer’s account (usually through the internet), unbeknown to the account holder.
4.    What is a phone scam?
          
In such cases, the fraudster usually attempts to obtain sensitive information over a voice call. The fraudster normally tries to gain the victim’s trust by impersonating a credible individual such as a banking authority or a police investigation officer. Victims may not verify the received calls purportedly made by such persons thinking that the calls are from regulators so called, to avoid embarrassment or as a result of “warnings” given by the “officer”.

5.    
Can't banks stop phishing emails?

         
Banks are not able to stop phishing emails from being circulated. However, if the public should receive such emails, they can forward the same to Malaysian Communications and Multimedia Commission (MCMC) or CyberSecurity Malaysia for further action.

MCMC : Can be reached via antiphishing@cmc.gov.my


6.    What should a person do if he has responded to any of the above scams?

          
He should immediately report the incident to his bank at his bank's call centre or branch. The bank will perform a check on the account activity and status, and will inform the victim accordingly on the next course of action to be taken. The victim can always opt to close his internet banking account if he still feels insecure. 


7.    How can I become a responsible internet banking user?

  • Do not share your login/banking credentials with other people. 
  • Never login to your internet banking via any hyperlink. Type the complete internet banking URL/address.
  • Ensure that you only access your internet banking account from a secured internet connection. Your device must also be fully protected using the latest anti-virus and anti-malware software or application updated to the latest virus and malware definition.
  • Do not use public Wi-Fi and cyber cafes to conduct your banking transactions.
  • We are living in the digital information age where information is a necessity but a lot of information is unverified. Do verify the information before you put your trust.  

8.    How do I identify a scam?
  • You receive a genuine looking email or SMS which appears to have come from your financial institution asking you to provide personal financial/security information or Transaction Authorisation Code (TAC).
  • Emails may be convincing as they often contain official looking company logos, letterhead or signature blocks.
  • The email or message will give a false reason for you to provide personal and account details, for example : 
    • It may claim that your online banking account (and passwords) or credit card account requires resetting and that your username, PIN/password and mobile number are required.
    • It may claim that your credit card, email or social networking account has been compromised, frozen or cancelled and that personal and PIN/password details are required to unlock it.
  • The scam email or SMS will often direct you to a scam website where you are required to enter the details.
9.    How do I ensure I don't fall victim to a scam?

  • Never access or click on any URL internet links in an email or SMS claiming to be from the bank. Always manually key in the bank’s website address to login to your online banking accounts.
  • Banks will never ask for your ATM card number and/or PIN code. Do not reveal them to anyone.
  • Never register your TAC with a third party mobile number.
  • Unless you have initiated a call/contact with the bank, do not reply to any request for any of your personal, financial or security information. 
  • Check authenticity of a bank site by observing the padlock icon located on the browser’s address bar. Please do not proceed if there is no padlock.
  • Always ensure that the security picture or hint displays the image or hint that you have selected and set for your account. If there is no image, or the wrong one is displayed, please do not proceed.
  • Do not access your banking information at cyber cafes or via public Wi-Fi spots.
  • Use the latest version of your internet browser as it will be equipped with the latest security features.
  • Make sure your anti-virus, security and system software are always updated. 

10.  Who can provide further information on e-banking security?
          
Bank customers can always obtain further information on the e-banking security measures from their bank's contact centres. They may also visit the ABM website or seek assistance from the MCMC and CyberSecurity.

If you like this article, please shamelessly:

1. Share it on your Facebook!
2. Like my Facebook Page
3. Subscribe to me. See the "FOLLOW ME TO FINANCIAL FREEDOM" section located at the top left? Just key in your email and click Submit.

Cheers and Happy Investing!

No comments:

Post a Comment