Smartphone: One wrong click could wipe out your savings


Despite the various initiatives undertaken by the relevant authorities, experts predict that financial fraud will persist as long as users lack technological knowledge and let their guard down. — AZHAR MAHFOF/The Star

KUALA LUMPUR: Thanks to smartphones, we have the entire world at our fingertips, but one wrong click could be enough to put your data and life savings at risk.

Of late, some individuals have reportedly suffered losses from cybercrime frauds. The issue has undoubtedly triggered concerns among the public, especially on the cybersecurity risk level of the nation’s financial institutions.

Without a doubt, the spate of cybercrime cases has caused some members of the public to lose faith in banks as the custodian of public money as they felt that their deposits are no longer safe in the bank. Of concern are reports that banks are not taking responsibility for the crimes which are committed before "their very eyes".

In light of these developments, Bank Negara Malaysia (BNM) has recently instructed financial institutions to implement five measures to further strengthen safeguards against financial scams.

Among others, banks are required to migrate from SMS One Time Passwords (OTP) to more secure forms of authentication; tighten fraud detection rules and triggers for blocking suspected scam transactions; and customers will be restricted to one mobile or secure device for the authentication of online banking transactions.

The banking industry has also launched the National Scam Awareness Campaign to help members of the public remember three simple steps, also known as the three-second rule, that is, "Stop, Think, Block (‘Awas, Fikir, Blok’)".

Data intrusion

Despite the various initiatives undertaken by the relevant authorities, experts said the financial fraud will continue to rear its ugly head as long as users lack the technological knowledge and are letting their guard down.

A senior lecturer at the School of Economics, Finance and Banking, Universiti Utara Malaysia Dr Juhaida Abu Bakar told Bernama, "phishing" is commonly used by cybercriminals to "fish’ for users" data from their smartphone.

She said through phishing, bank customers are trapped by the various links via emails, SMS and also mobile apps that are sent by irresponsible parties including scammers or hackers to their smartphone.

She said phone users are also exposed to mobile spyware, a type of malware that secretly records data and tracks the users’ Internet actions on their mobile devices without their consent, including accessing the victims’ bank accounts.

In short, Juhaida said, the spyware opens opportunities for user data intrusion including online banking password, in addition to "siphoning off” information on the victim’s bank account or credit card if he or she visits the online banking site.

"The 'infections' usually take place when users download fake or unauthorised applications on their phones,” she said.

"(As such), users should be cautious and avoid from clicking unknown links, lest they will be infected by the mobile spyware,” she added.

Banks should be responsible

According to Juhaida, banks should not take cases of customers’ savings being stolen from their bank accounts lightly and that they should be responsible for the security of the deposits.

Besides that, it would not be fair for banks to shirk their responsibility and shift the blame to customers alone, she added.

In fact, said Juhaida, if an investigation finds that an online theft is due to the weakness in the bank’s security system, the onus therefore is on the bank to pay compensations to the victim.

”Once you are in this situation, you should report to the bank concerned. If you don’t receive any feedback from the bank, then file a report to BNM.

"A fair investigation should be conducted to ensure transparency and credibility in the nation’s banking industry and protecting customer rights should be top priority,” she added.

She said in tandem with the advent of modern technology, cybercriminals are always changing their modus operandi by adapting to new security initiatives by the banking sector.

As such, banking industry players should coordinate efforts in fighting financial fraud by launching nationwide public awareness campaigns within the banking network on the latest tactics deployed by cybercriminals.

"Cases of money disappearing from bank accounts are not isolated, they also take place all over the world including in the United Kingdom. Malaysia is also affected and has been a victim of hackers and many bank customers have also been scammed.

"Given the cyber threat landscape, which is constantly evolving, this type of protection must be reviewed and continuously updated to keep cybercrimes at bay, in addition to giving priority to customers’ data privacy and integrity,” she said.

Last August, the social media was abuzz with news reports that several individuals had their money stolen from their savings accounts.

Dr Rafidah Abdullah in her Facebook posting claimed to have fallen victim to online banking fraud after she lost RM13,000 from her account through three transactions.

Subsequently, she shared another update after receiving a call from the bank. According to her post, the bank alleged that she clicked on a link several days earlier which enabled another phone user to register an account for her, which she has denied.

In her latest update last Tuesday, Rafidah shared her case on TikTok, and according to her, the bank did not give any compensation to her. She believes that a weak security system makes a bank vulnerable to cyber thefts.

Awareness is key

CyberSecurity Malaysia chief executive officer Datuk Dr Amirudin Abdul Wahab said all banking applications have their own security settings in addition to security systems developed by manufacturers of smartphones and other mobile applications in the market.

However, he added, this security aspect is not foolproof whenever the user goes on the Internet.

"Whenever members of the public use the Internet, they are usually exposed to cyber threats (online) and are not limited to banking portals or online transactions.

"Virus and malware (malicious software) (in apps) can be used as a platform to steal information from the user’s smartphone.

"Several types of malware such as ‘SMSStealer’ and ‘keylogger’ have been identified as being used in fraud cases through the smartphone,” he noted.

He said the malware software such as SMSStealer has the functionality to steal security codes including Transaction Authorisation Code (TAC) or OTP to access trading platforms and online banking transactions.

He said the malware software and virus are often installed in fake website and application codes that are sent to users.

"Generally, the security systems used by financial institutions including banks are safe. They have the latest cybersecurity systems to protect the banking system and these include the cyber threat monitoring system that can monitor the latest trends in cyber threats and attacks,” he added.

Early prevention

Amirudin said if the users implement the security settings and adopt the best practices, their risks of exposure to cyber threats would be minimised.

Among the preventive measures, he said, they should not use public WiFi networks for banking transactions for fear of being trapped by software that is installed by cybercriminals to steal personal information.

"Always ensure your device has antivirus software as additional protection and that the software is regularly updated with the latest version.

"Besides that, a strong password is the first line of defence and users are advised to use security features provided by social media platform such as Facebook by activating the two-factor authentication, whereby each time someone tries accessing a user’s social media account, a security code will be sent via SMS to his or her mobile device. – Bernama

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Tech News

Woman kidnapped by ex rescued after friend tracks her with Find My iPhone, US cops say
Australia scrapped satellite because new tech could 'shoot it out of sky', says defence minister
Instagram plans to use AI to catch teens lying about age
World's first wooden satellite, developed in Japan, heads to space
This humanoid robot can now operate with full autonomy
Scientists use AI to help track penguins in Antarctica
Windows 10 users will soon have to pay to keep getting security updates
Musk and X are epicenter of US election misinformation, experts say
OpenAI in talks with California to become for-profit company, Bloomberg News reports
Meta to extend ban on new political ads after U.S. election

Others Also Read