» Member Login  
   Home & Living - Money Deals  

By RASHVINJEET S.BEDI | Jan 18, 2009

Phish, your money’s gone

To the untrained eye, the fraud website looks identical to the bank’s official one; to the naive recipient, the sms on winning a prize seems genuine. It is not surprising then that cyber-crime has riseBy 619% over the past year.

YOU leave the office for the weekend and come back to an e-mail account that is full of spam. Many among us recognise spam at once and would trash it immediately. But there are still some unsuspecting people who fall prey to spam and end up getting conned.

Idris: ‘If the banks have a filtering system, how then is it possible that they cannot track such a fraudulent transaction?’

Take Kavitha Kaur (not her real name), for example. The 34-year-old executive of an oil and gas company received an e-mail last September purportedly from her bank, asking her to update her account because it was upgrading its server.

The message looked genuine, so Kavitha had no qualms about entering her Internet banking user ID and password into a website which was a “perfect” replica of the original.

“The website looked the same as the original, so I did not hesitate to ‘update’ my account. I was told not to log in for a few hours after the so-called update. A few days later, I tried to withdraw money from my account, but it was empty,” says an angry Kavitha, who lost RM4,100.

Kavitha claims she was not aware of the scam. She is not alone, as 165 complaints on unauthorised withdrawals were received by Bank Negara Malaysia last year.

Based on the central bank’s investigations, all the cases were due to customers knowingly or unknowingly divulging their personal information such as personal identification numbers (PIN) and passwords to third parties or fraudulent parties.

As in Kavitha’s case, the e-mail persuades customers to “update” their online banking details, usually by informing them that the bank is upgrading its security system, and that if the customer fails to update these details, their Internet banking access would be terminated.

The link in the e-mail directs the customers to a phishing website which tries to steal their account password or other confidential information by tricking them into believing they are on a legitimate website.

“It is really hard to tell that the website is fake,” insists Kavitha, whose use of the Internet is mainly for work.

According to Kannan Velayutham, a Symantec Malaysia consultant for enterprise security, it is fairly easy to replicate a website – the phisher usually creates a look-alike website with the same identity, logos, colours and links.

Joining the queue: With the rampant increase in cyber-crime, some customers prefer to play it safe and not use Internet banking. — Filepic

“Methods used to steal users’ personal details vary, but typically phishers would embed certain programmes that are designed to capture their login ID and password once a user enters personal or account information in the relevant fields. The URL or web address would also closely mirror the actual site,” he says.

ACP Mohd Kamaruddin Md Din, head of Cyber and Multimedia Investigation Division, says the police take the matter very seriously as they receive reports of such scams every day.

“They have a few methods, all with the aim of getting people’s money,” he says.

Another common method employed by fraudsters is by sending handphone users an SMS informing them that they are contest winners.

Those who respond are told their bank details are required in order to deposit the prize money, and are tricked into providing the fraudster with all the necessary information to log in on the customers’ behalf. The fraudsters then use the customers’ Internet banking access to withdraw their money.

Consumers Association of Penang (CAP) president S.M. Mohamed Idris believes the money is usually transferred to an account in another country, especially Indonesia.

The real thing?: Scams direct users to a phishing website which tries to steal their account password or other confidential information by tricking them into believing they are on a legitimate website.

“Normally, the account holder is asked to wait for a few hours before carrying out any other transaction. It is during these few hours that the money is siphoned off from one’s account,” says Idris.

“If the banks have a filtering system, which most of them say they do, how then is it possible that they cannot track such a fraudulent transaction?” he adds.

One thing for sure is that cyber-crime is on the rise. Police say reported cases of cyber-crime increased from 147 cases in 2007 to 1,057 last year, an increase of 619%.

So far, no one has been arrested for crimes related to e-mails although 40 people have been arrested for the SMS scams. Kamaruddin says the syndicates involved in these crimes have dedicated tasks for each member.

For instance, one member would be tasked to send out SMS, while another member would be in charge of checking the accounts, says Kamaruddin.

“If there is no money in the account at that particular time, there would be someone who checks the account every day. So if the salary is banked into the account one month later, it would be gone,” he says.

Some claim that bank staff could be involved but Kamaruddin says their investigations have not revealed any insider job.

“There are no indications that banks are involved,” says Kamarud­din.

He believes that the SMS and e-mails are sent out by fraudsters randomly to a large batch of numbers and addresses respectively.

“These people are just trying their luck. Without knowing it, customers give them all their banking information,” says Kamaruddin.

Banks doing their part

Banks never request for personal information such as personal identification numbers and passwords for banking accounts through e-mail, SMS or phone calls.

When contacted, both CIMB Bank and Maybank said they were making their customers aware of the scams.

Peter England, head of retail banking, CIMB Bank, says the bank continually runs awareness programmes to advise customers to ignore all e-mails, SMS and phone calls requesting them to reveal their Internet banking credentials.

“We have placed updated notices and security tips on our online banking website to educate customers on current scamming methods,” he says.

Similarly, Maybank provides a phishing e-mail alert for customers to notify the bank when they receive any spam phishing e-mail.

Its senior executive vice-president and head of consumer banking, Lim Hong Tat, says that security alerts are also highlighted in Maybank2u.com, including announcements, pop-up alerts and an updated list of phishing links.

England adds that CIMB has invested in security procedures to help mitigate frauds through Internet banking and appointed an anti-phishing company to take down websites which try to defraud online banking customers.

Both banks work closely with the Malay­sian Communications and Multimedia Commission (MCMC) and CyberSecurity Malaysia to address phishing issues.

The MCMC blocks the websites as soon as it has conducted investigations following complaints from the banks or members of the public.

CIMB has also established an in-house fraud prevention team, comprising those who are skilled in detecting fraud patterns.

“This team monitors our customers’ online banking transaction patterns continuously to try and detect extraordinary or likely fraudulent transactions,” says England, who claims the move has helped in reducing the number of fraud cases.

Dhillon Andrew Kannabhiran, the CEO of Hack in The Box, says online banking is quite safe although precautions should be taken when doing any online transactions.

For example, one should not click links to banking sites from within e-mails but instead open the browser window and type in the URL. Dhillon adds that one should not connect to the banking sites from untrusted networks such as from public wifi hotspots.

On the losing end

Such advice, though, is too late for victims like Kavitha, who just wants her money back. But as it stands, banks have a policy of not compensating such customers.

Cap handled five cases last year, all of which were referred to the Financial Media­tion Bureau (FMB).

“We are quite sceptical about how the FMB will settle such matters as the banks get away by saying that the complainant has given his or her pin code/password and hence has knowledge of the matter when the money was transferred,” says Idris.

“What they fail to see is that the web page of the fraudster is so authentic that only an informed person would know how to identify the page.”

He adds that banks also get away by saying that they have made several announcements in the papers and notices in the banks’ premises and in account holders’ monthly statement of accounts.

“But how are savings’ account holders informed as they do not receive statement of accounts every month compared with current account holders?” says Idris, who wants banks to reimburse account holders who have lost their money through these scams.

Idris hopes that thorough investigations are conducted and Internet banking is made fullproof and safe to protect depositors.

“The banks with the help of the police must set up a special unit and also seek the help of Interpol to trace the fraudsters,” he stresses.


 
Latest News / Articles
16 May 2012
Natural wonders at home
14 May 2012
Old is gold
11 May 2012
Best directions to face
10 May 2012
House of Longevity
08 May 2012
Happy Family Retreat
Other Interesting News / Articles
Most Viewed News / Articles


Site Map  |  FAQ  |  Privacy Statement  |  Terms Of Use  |  Write To Us  |  Advertise With Us

StarProperty Sdn. Bhd. (formerly known as Star Rediffusion Sdn. Bhd.) (Co. No.708369-V) is an MSC status company
wholly owned by Star Publications (Malaysia) Bhd.

All rights reserved. Copyright © 1995-2010 Star Publications (Malaysia) Bhd (Co No 10894-D).