One wrong click could wipe out your savings

KUALA LUMPUR: Thanks to smartphones, we have the entire world at our feet, but one wrong click could be enough to put your data and life savings at risk.

Of late, some individuals have reportedly suffered losses from cyber-crime frauds. The issue has undoubtedly triggered concerns among the public, especially on the cyber security risk level of the nation’s financial institutions.

Without a doubt, the spate of cyber crime cases has caused some members of the public to lose faith in banks as the custodian of public money as they felt that their deposits are no longer safe in the bank. Of concern are reports that banks are not taking responsibility for the crimes which are committed before “their very eyes.”

In light of these developments, Bank Negara Malaysia (BNM) has recently instructed financial institutions to implement five measures to further strengthen safeguards against financial scams.

Among others, banks are required to migrate from SMS One Time Passwords (OTP) to more secure forms of authentication; tighten fraud detection rules and triggers for blocking suspected scam transactions; and customers will be restricted to one mobile or secure device for the authentication of online banking transactions.

Meanwhile, the banking industry has also launched the National Scam Awareness Campaign to help members of the public remember three simple steps, also known as the 3-second rule, that is, ‘Stop, Think, Block (‘Awas, Fikir, Blok’ ).

Intrusion data

However, albeit the various initiatives undertaken by the relevant authorities, experts said the financial fraud will continue to rear its ugly head as long as users lack the technological knowledge and are letting their guard down.

A senior lecturer at the School of Economics, Finance and Banking, Universiti Utara Malaysia Dr Juhaida Abu Bakar told Bernama, ‘phishing’ is commonly used by cyber criminals to ‘fish’ for users’ data from their smartphone.

She said through phishing, bank customers are trapped by the various links via e-mails, SMS and also mobile apps that are sent by irresponsible parties including scammers or hackers to their smartphone.

She said phone users are also exposed to mobile spyware, a type of malware that secretively records data and tracks the users’ internet actions on their mobile devices without their consent, including accessing the victims’ bank accounts.

In short, Juhaida said, the spyware opens opportunities for user data intrusion including online banking password, in addition to “siphoning off” information on the victim’s bank account or credit card if he or she visits the online banking site.

“Infections usually take place when users download applications that are unauthorized or fake applications on their phones,” she said.

“(As such), users should be cautious and avoid from clicking unknown links, lest they will be infected by the mobile spyware,” she added.

Banks should be responsible

According to Juhaida, banks should not take cases of customers’ savings being stolen from their bank accounts lightly and that they should be responsible for the security of the deposits.

Besides that, it would not be fair for banks to shirk their responsibility and shift the blame to customers alone, she added.

In fact, said Juhaida, if an investigation finds that an online theft is due to the weakness in the bank’s security system, the onus therefore is on the bank to pay compensations to the victim.

”Once you are in this situation, you should report to the bank concerned. If you don’t receive any feedback from the bank, then file a report to BNM.

“A fair investigation should be conducted to ensure transparency and credibility in the nation’s banking industry and protecting customer rights should be top priority,” she added.

She said in tandem with the advent of modern technology, cyber criminals are always changing their modus operandi by adapting to new security initiatives by the banking sector.

As such, banking industry players should coordinate efforts in fighting financial fraud by launching nationwide public awareness campaigns within the banking network on the latest tactics deployed by cyber criminals.

“Cases of money disappearing from bank accounts are not isolated, they also take place all over the world including in the United Kingdom. Malaysia is also affected and has been a victim of hackers and many bank customers have also been scammed.

“Given the cyber threat landscape, which is constantly evolving, this type of protection must be reviewed and continuously updated to keep cyber crimes at bay, in addition to giving priority to customers’ data privacy and integrity,” she said.

Last August, the social media was abuzz with news reports that several individuals had their money stolen from their savings accounts.

Among others, a doctor, Dr Rafidah Abdullah in her Facebook posting claimed to have fallen victim to online banking fraud after she lost RM13,000 from her account through three transactions.

Subsequently, she shared another update after receiving a call from the bank. According to her post, the bank alleged that she clicked on a link several days earlier which enabled another phone user to register an account for her, which she has denied.

In her latest update last Tuesday, Dr Rafidah shared her case on TikTok, and according to her, the bank did not give any compensation to her. She believes that a weak security system makes a bank vulnerable to cyber thefts.

Awareness is key

Meanwhile, CyberSecurity Malaysia Chief Executive Officer Datuk Dr Amirudin Abdul Wahab said all banking applications have their own security settings in addition to security systems developed by manufacturers of smartphones and other mobile applications in the market.

However, he added, this security aspect is not foolproof whenever the user uses the internet.

“Whenever members of the public use the internet, they are usually exposed to cyber threats (online) and are not limited to bank portals or online transactions.

“Virus and malware (malicious software) (in apps) can be used as a platform to steal information from the user’s smartphone.

“Several types of malware such as ‘SMSStealer’ and ‘keylogger’ have been identified as being used in fraud cases through the smartphone,” he noted.

He said the malware software such as SMSStealer has the functionality to steal security codes including Transaction Authorization Code (TAC) or One Time Password (OTP) to access trading platforms and online banking transactions.

He said the malware software and virus are often installed in fake website and application codes that are sent to users.

“Generally, the security systems used by financial institutions including banks are safe. They have the latest cyber security systems to protect the banking system and these include the cyber threat monitoring system that can monitor the latest trends in cyber threats and attacks,” he added.

Early prevention

Amirudin said if the users implement the security settings and adopt the best practices, their risks of exposure to cyber threats would be minimized.

Among the preventive measures, he said, they should not use public WiFi networks for banking transactions for fear of being trapped by software that are installed by cyber criminals to steal personal information.

“Always ensure your device has anti-virus software as additional protection and that the software should be regularly updated with the latest version.

“Besides that, a strong password is the first line of defense and users are advised to use security features provided by social media platform such as Facebook by activating the two-factor authentication, whereby each time someone tries accessing a user’s social media account, a security code will be sent via SMS to his or her mobile device. – Bernama

Leave a Comment