With the Chinese New Year around the corner, purchasing new items such as clothes or hiring a cleaning service for extra help to spruce up the home is a priority to many.
However, both authorities and cybersecurity experts advise caution when searching for online deals during the festive season.
Bukit Aman Commercial Crime Investigation Department (CCID) director Comm Datuk Seri Ramli Mohamed Yoosuf emphasised in a report on Jan 21 that the festive season provides a “golden opportunity” for scammers on the prowl for victims.
“Scammers would take advantage of the festive season by offering goods such as ang pow packets, cookies and other festive items at low prices. If the prices are too low, don’t let your guard down,” he advised.
Tenable senior staff research engineer Satnam Narang warned that scammers might establish fraudulent online shops offering popular festive items such as bakwa or pineapple tarts with no intention of delivering the items.
“These fake establishments provide shoppers with forms to input personal details, including mobile numbers and social media account information. This method efficiently collects a large amount of information, which scammers can exploit for fraudulent activities,” Satnam said in a statement.
Falling for fake offers online can lead to significant financial losses. In 2022, the police reported four cases from Jan 9 to 12 involving scammers selling Chinese New Year snacks online, resulting in losses totalling RM51,000.
The victims had booked snacks online and communicated with a “seller” via WhatsApp, according to Kuala Lumpur Commercial Crime Investigation Department (CCID) chief Asst Comm Mohd Mahidisham Ishak.
“The suspect gave the victims a web link to be used to pay the deposits. The victims registered and filled in their banking details,” he said in a report.
The victims realised that they had been duped only after noticing multiple transactions funnelling funds from their bank accounts into the perpetrator’s account.
“We advise the public to be careful when making purchases online to avoid being victims of such scammers. Never reveal your banking details or your security codes to any third party,” said ACP Mohd Mahidisham.
Users should also be aware of fake cleaning services typically offered on social media by scammers.
Last year, a Sarawak housewife lost RM44,074 to scammers after responding to a house-cleaning ad on Facebook.
Sarawak DAP chairman Chong Chieng Jen said in a statement that the victim, who had booked a cleaning service for Chinese New Year spring cleaning, encountered problems when making payments. The next day, she found out that her account had been blocked due to eight consecutive fund transfers to an unknown account.
“Had the bank’s Internet banking security system been more vigilant and secure, such consecutive transfers would definitely have raised red flags in the system, thereby stopping the transfers,” Chong said.
Last year, Bank Negara Malaysia also issued a warning about scammers on social media offering fraudulent cleaning services during the festive season.
It reminded the public to contact their respective banks or the National Scams Response Centre at 997 if they fall victim to financial scams.
Comm Ramli urged the public to verify the authenticity of sellers before proceeding with any transaction. He cautioned that victims lost money because they entered their bank details on a fake app – which scammers provide as an APK installation file – or website.
Sandra Lee, Sophos managing director for Greater China, South-East Asia and Korea, said in a statement that generative AI can be used to “create an entire fake online store” to entice individuals into divulging their personal information and data.
“Don’t click deals in emails that look too good to be true or are from businesses you don’t have accounts from – these could be phishing emails hoping to bait you into clicking links to bogus, malicious websites,” she said.
She also advised users not to save their card details on ecommerce sites.
“They can’t lose what they don’t have, so tell them not to store your credit card unless it is absolutely necessary,” she said.
She added that users should use credit cards instead of debit cards.
“Credit cards offer significantly more protection against online fraud, and you are in the power position in a dispute.
“You can simply not pay your bill while disputing the charge, rather than having criminals directly drain your bank account of your hard-earned cash,” she said.
Spot the deepfakes
Even age-old customs are not spared from the evolving landscape of online scams. Beyond targeting individuals through their online shopping habits, Satnam said scammers may adopt a more personal approach by impersonating relatives or loved ones.
“Scammers may impersonate relatives and ask for red packets or monetary gifts, preying on tradition during Chinese New Year,” he said.
In May 2023, Reuters reported that a man in Northern China transferred 4.3mil yuan (RM2.8mil) to a friend who contacted him via video call, asking for money to make a deposit for a bidding process.
However, the man realised he had been duped after the friend claimed to have no knowledge about the transfer request.
According to the police, the perpetrator used “AI-powered face-swapping technology” for impersonation.
Identity verification platform Sumsub’s Identify Fraud Report 2023 found a significant 10-fold increase in the number of detected deepfakes worldwide from 2022 to 2023, accounting for over two million fraud attempts during this period.
In the Asia-Pacific region, deepfake fraud has surged by 1,530%, with Vietnam and Japan leading in recorded cases, according to the report.
Cases involving the unauthorised use of personal data or fake identities for malicious activity in Malaysia experienced an increase from 0.70% in 2022 to 1.65% in 2023.
In a separate Bernama report, Comm Ramli said his department anticipates a surge in police reports linked to AI, expressing concerns about its use in scams.
“For example, AI is capable of imitating my natural voice (and) communicating in different languages, such as Tamil, Mandarin, and English, to commit various types of scams.
“Therefore, it poses a great challenge to CCID. Our investigative technology must be enhanced to keep up with the development of AI,” he said in the Jan 25 report.
Kaspersky, a cybersecurity company, advised users to identify deepfakes by recognising signs such as jerky movements, lighting inconsistencies between frames, and unusual blinking.