Fraudsters have software to read OTP and delete SMS sent by banks

PETALING JAYA: A cybersecurity expert has warned that scammers have new tools in their arsenal that can get around bank security systems, and the public must not install any mobile apps that have not been verified or are from unknown sources.

Cybersecurity service provider LGMS Berhad chairman Fong Choong Fook told theSun: “New versions of software are now able to read one-time passwords and they can even delete the SMS sent by banks, leading (victims) to believe they were not given any notification before fund transfers.”

He said Bank Negara Malaysia (BNM) previously issued a mandate calling on all banks to perform an annual assessment, during which they run several tests on their cybersecurity infrastructure and online systems.

He said based on these tests, the IT infrastructure and systems installed by the banking industry to identify cybersecurity threats are considered sound and secure.

“From a cybersecurity perspective, scammers are unable to penetrate or change the online banking system.

“Instead, they find ways to attack (account holders) through mobile apps. The problem is that Malaysians download unverified apps, which often become security threats that steal information stored on mobile phones. This is the root of the problem,” he said.

To address this, Fong said the authorities need to carry out awareness campaigns on online banking financial scams.

“Also, the banking industry should work together to identify and stop the opening of suspicious accounts at the early stage, so we can put a halt to illegal transfers to mule accounts.”

Fong also said scammers are constantly updating and improvising their arsenal of cyber tools and technologies, so the public needs to be aware that one false move such as downloading unverified apps could cause them to become another victim of online scams.

In response to queries from theSun, BNM said it takes all forms of financial scams seriously.

It said over the years, it has issued multiple policy documents and security advisories to financial institutions on the modus operandi of the latest scams and additional countermeasures to be taken.

“The banking and payment channels remain secure and are equipped with the latest security controls and fraud risk management capabilities.”

It said in line with the principles of the Fair Treatment of Financial Consumers document issued by BNM, it requires all licensed financial institutions to ensure proper communication as well as fair redress for customers who have taken the necessary steps to protect themselves and have not acted fraudulently.

BNM has been collaborating with the police, Malaysian Communications and Multimedia Commission and the financial industry to coordinate efforts in combating financial fraud and scams, it added.

Last week, theSun reported Malaysia Muslim Consumer Association (PPIM) chief activist Datuk Nadzim Johan as saying PPIM has received numerous complaints from victims of mule accounts and even bankrupts, where the culprits have never been investigated or faced justice.

theSun also reported its executive director Adam Ong discovered on Aug 31 that his HSBC credit card had been blocked by the bank due to unauthorised transactions.

Nadzim said despite overwhelming evidence that mule account owners were also victims, little or no action was taken against those who illegally used the accounts.

In response, HSBC Bank Malaysia Berhad communications manager Mae Leong said unauthorised transactions may have been prompted by those made on non-3D secured platforms, which do not trigger an SMS one-time password.

“If a customer receives unauthorised transactions from a non-secured platform, they are eligible for a full refund.

“We aim to reverse these transactions with a temporary refund to the credit card within 18 business days. There is a window of up to 120 days for the chargeback to be filed. We assure customers that disputed transactions submitted will be processed accordingly.”

She said HSBC has taken stringent countermeasures to protect customers from the risk of fraudulent or unauthorised transactions.

The public needs to be aware that one false move such as downloading unverified apps could cause them to become another victim of online scams. – Bernama filepix

Clickable Image
Clickable Image
Clickable Image