PETALING JAYA: Scammers posing as bank officials seem to have access to sensitive information, which raises the question: are they in cahoots with black sheep within financial institutions?

These scammers seemed to be aware of the personal and financial information of people they target, using it to convince victims into buying into the ruse and parting with their funds.

Victims in several reported cases said the scammers appeared to be aware of details of their account balance and other data that was only known by their financial institutions.

Bukit Aman Commercial Crimes Investigations Department (CCID) director Comm Datuk Seri Ramli Mohamed Yoosuf said while scammers usually “fish” for information and adopt various deceptive tactics to hoodwink their victims into sharing information about themselves, police do not rule out the possibility of bank employees colluding with syndicates and feeding them such confidential data.

“We do not discount the possibility and probabilities of such complicity occurring. It can happen in any organisation, even in the police force or other enforcement or government agencies.

“There is probably no organisation that is pristine. There are bound to be bad apples among employees. However, we need solid evidence to prove this,” he told The Star.

ALSO READ : Calls for banks to bolster cyberdefences

Comm Ramli advised the public to regularly keep tabs on their accounts and promptly raise the alarm with the relevant authorities if they discover any discrepancies.

The same scrutiny should be applied by those who own assets such as land or other immovable property, he added.

In November last year, retiree SA Nathan received a call from a scammer who posed as a bank officer, just an hour after he called his bank to enquire about his credit card statement.

Thinking it was a genuine call from the bank, the 95-year-old divulged some banking information and ended up losing RM18,000 that was siphoned off from his credit card.

ALSO READ : Banking industry working with regulators, agencies to enhance customer security

Confused by the whole episode and in an attempt to seek clarification, the nonagenarian referred the scammer to his daughter, Getrude Nathan, 56.

The housewife received a call from the same scammer and was coaxed into revealing sensitive data. She lost RM20,000 that was charged to her credit card.

Depressed and overcome by their losses, Nathan who was in ill health at the time, passed away weeks later when his condition deteriorated.

In February, a 51-year-old man was puzzled as to how scammers found out about cash deposited into his bank account just days after he made a withdrawal from his Employees Provident Fund (EPF) account.

Fortunately, the man was suspicious and hung up.

ALSO READ : Bank Islam stops 1,632 fraudulent transactions, nearly RM11.7mil saved in four months

In March, two bank officers were arrested by Selangor police for allegedly aiding a scam syndicate in an online fraud. The duo allegedly supplied the scammers with dozens of mule bank accounts meant for moving funds from victims.

In 2014, a bank officer and her husband, both aged 34 at the time, were arrested and charged with fraudulently withdrawing almost RM78,000 from bank accounts belonging to three passengers and a crewmember of the ill-fated MH370 Beijing-bound flight that went missing on March 8 the same year.

Nur Shila Kanan, who was an employee of a bank at Lebuh Ampang, Kuala Lumpur, had transferred the funds to several other accounts before making withdrawals.

She was sentenced to six years’ jail while her mechanic husband Basheer Ahmad Maula Sahul Hameed received a four-year jail term and ordered to be whipped.

ALSO READ : What is vishing? New scam is making the rounds and you’re likely a target

The Association of Banks in Malaysia (ABM) said banks implement regular audits to examine transaction records and internal activity by employees while ensuring compliance with regulatory requirements.

ABM said these audits do not only identify potential security vulnerabilities but also ensure that bank staff observe statutory protocols.

It said upon employment, bank staff are bound by Section 133 of the Financial Services Act 2013 and Bank Negara Malaysia’s Management of Customer Information and Permitted Disclosures Policy Document. They are trained to uphold banking secrecy and possess knowledge on information security risk.

ABM also said access to personal customer information is strictly controlled and only limited to employees who require it in the course of performing their official duties.

It added that access is granted on a “need to know” and “need to use” basis to authorised personnel, who are subjected to strict authentication processes.

“Employees are granted access only to the specific systems and data needed to perform their job duties.

“Among the authentication procedures are the use of unique usernames and passwords to verify the identity of staff members.

“Comprehensive logging and monitoring systems can track and oversee when and who accessed sensitive or a specific data.

“These permissions are regularly reviewed and updated.

“Banks continuously monitor user activity within their systems, including tracking login attempts, accessed data and account modifications.

“All actions involving customer data are meticulously logged and recorded in audit trails, ensuring accountability. Such access to data is revoked when the bank staff is reassigned to other sections or leaves the organisation,” an ABM spokesman said.

It said banks also had whistleblower programmes where employees are encouraged and can anonymously report any suspicious activities or potential collusion with shady parties.

The spokesman said such reports are treated seriously and thoroughly investigated.