Malaysia Banks were recently hacked with a phishing scam and mobile phone hijacking where several bank accounts were clean up by the scammers. The total amount stolen is about a quarter of a million where it happened over the past nine months.
All the banks in Malaysia practiced the using the TAC (Transaction Authorization Code) where this TAC is a set of numbers which is required upon login. What normally the bank would do is to send it over to the mobile phone of the user via SMS and this is where the scammers take advantage of with their strategy.
As for the part where how the scammers got all the login credentials of the victim, they collected them from the bank itself! Each bank usually has a computer where users can login and check their accounts. The scammers installed a spyware into the computer to download and store the usernames and passwords of the users who login into the system.
How Does It Happen?
- The scammers installed the spyware into the public computer of the bank to log the bank customers’ login details.
- Login details were retrieved and used by the scammers to login and retrieve the mobile phone number.
- Scammers go to the telecommunication provider and obtain a new SIM card of those mobile phone numbers with some fake police report and fake ID.
- The scammers attempted phone phishing where they pretend to be the telecommunication provider staff and call the owner of a mobile phone number to tell them that there will be some service interruption and expected around two hours downtime.
- During the so called ‘phone service interruption’ period, the scammers login into the user account, get the TAC and transfer away all the money.
What can we do to stop this?
As time goes on with more security features implemented, hackers also did not just stop there as they will also try to break the new security. As we know that there were scammers who use this method, below are some simple tips to prevent this type of scam.
- Never do any banking related stuff on public computer. Not even just checking your bank account.
- Change your password frequently.
- Telecommunication company seldom call us to notify service interruption. In the first place, it should not be down as well. You should call back the company and verify.
In the year of 2011, there is no ultimate strategy to prevent an internet scam. The best way is for every one of us to stay alert on the latest news and you can do so by subscribing to my blog below, like me on Facebook or Follow me on Twitter @itscolumn to get the latest news from me.