Phishing Scam Wipes out Bank Accounts Worth 240k

Malaysia Banks were recently hacked with a phishing scam and mobile phone hijacking where several bank accounts were clean up by the scammers. The total amount stolen is about a quarter of a million where it happened over the past nine months.

All the banks in Malaysia practiced the using the TAC (Transaction Authorization Code) where this TAC is a set of numbers which is required upon login. What normally the bank would do is to send it over to the mobile phone of the user via SMS and this is where the scammers take advantage of with their strategy.

As for the part where how the scammers got all the login credentials of the victim, they collected them from the bank itself! Each bank usually has a computer where users can login and check their accounts. The scammers installed a spyware into the computer to download and store the usernames and passwords of the users who login into the system.

cyber crime

Credit: Search Clinic

Image Source

How Does It Happen?

  1. The scammers installed the spyware into the public computer of the bank to log the bank customers’ login details.
  2. Login details were retrieved and used by the scammers to login and retrieve the mobile phone number.
  3. Scammers go to the telecommunication provider and obtain a new SIM card of those mobile phone numbers with some fake police report and fake ID.
  4. The scammers attempted phone phishing where they pretend to be the telecommunication provider staff and call the owner of a mobile phone number to tell them that there will be some service interruption and expected around two hours downtime.
  5. During the so called ‘phone service interruption’ period, the scammers login into the user account, get the TAC and transfer away all the money.

What can we do to stop this?

As time goes on with more security features implemented, hackers also did not just stop there as they will also try to break the new security. As we know that there were scammers who use this method, below are some simple tips to prevent this type of scam.

  • Never do any banking related stuff on public computer. Not even just checking your bank account.
  • Change your password frequently.
  • Telecommunication company seldom call us to notify service interruption. In the first place, it should not be down as well. You should call back the company and verify.

In the year of 2011, there is no ultimate strategy to prevent an internet scam. The best way is for every one of us to stay alert on the latest news and you can do so by subscribing to my blog below, like me on Facebook or Follow me on Twitter @itscolumn to get the latest news from me.

Build Your Own Security
Subscribe to my newsletter and get a copy of my eBook for free.
We hate spam just as much as you

Related posts:

  1. How to Investigate URL in Details to Prevent Internet Scam
  2. Tatanga, Trojan That Robs Bank Account
  3. Watch Out for Google Adwords Phishing Scam
About Alan Tay

This blog is owned and operated by myMediaInc. My Media operates content based online portals for IT professionals, technology managers and decision makers as well as business leaders. We publish original quality content focused in Software Development, IT Security, SaaS, Cloud Computing, Outsourcing, Project Management and Mobile and Wireless. Our mission is to explore how to help you optimize your resources in each of these areas.

Find us here IT Security Column.


  1. Meronagar says:

    Its amazing that they could not be tracked. I dot know how these hackers gets ideas not to leave any proofs.

  2. Tom Gurney says:

    It is crazy that even bank employees get caught out with these tricks. What hope for the rest of us?! I would either change bank accounts if i was worried or alternatively regularly check your credit status to notice any sudden changes.

Speak Your Mind


CommentLuv badge

This blog uses premium CommentLuv which allows you to put your keywords with your name if you have had 3 approved comments. Use your real name and then @ your keywords (maximum of 3)