Wednesday, February 14, 2007

Internet Banking scam in Malaysia: 13 youth nabbed

There are multiple news reports available in TheStar, NST and TheSun on this story today.

Key points from these stories:
  • Phishing
  • 26 people were conned with RM36,000 from a single bank.
  • 13 suspects, between 18 and 25, have been described as computer experts with several hackers among them.
  • Four of the suspects were college and university students.

For more reading, this is from NST:

A group of computer-savvy youth was nabbed recently after scoring a first of sorts for phishing.

Phishing uses email and fake websites to lure Internet users into providing their personal banking details, which are then used to steal from their accounts.

This group of 13 is believed to have conned at least 26 people by using their particulars to steal more than RM36,000 from their accounts in two weeks.

All 26 victims had accounts in one particular local bank and it was the bank that notified police of the fraudulent transfers.

Following the report, police monitored several homes and cybercafes in three states.

After two weeks of checks, they nabbed 13 suspects, including a woman, in Kelantan, Selangor and here.

The suspects, between 18 and 25, have been described as computer experts with several hackers among them.

Commercial Crime Department assistant director ACP Ismail Yatim said four of the suspects were college and university students.

"The 13 are skilled in different areas and they joined forces to steal confidential data from unsuspecting victims.

"The losses reported may have been bigger if the bank had not been alert in detecting the fraudulent transfers."

Police believe this may only be the tip of the iceberg as more reports were expected.

It was learnt that several of the suspects had the ability to hack into the computer systems of leading firms in the city. Checks revealed that the group used a foreign server and police were trying to ascertain if they had international connections.

The group preyed on those who used Internet banking, sending account holders emails asking them to update their accounts.

In that same email, links would be available for the victims to click on and a new web page would open revealing a web site similar to the bank’s internet login site.

The unsuspecting victims would login, unknowingly giving their usernames and passwords, which would be sent to a decoy website set up by the group.

Using the confidential information, the group would access the victims’ accounts and transfer funds to another account before it is withdrawn.

"We believe there are still groups out there actively involved in such scams," Ismail said.

He urged account holders to check with their banks upon receiving notifications to update their accounts.

No comments: