A leading local bank recently issued a scam alert warning to its customers regarding a fake website, created by fraudsters, bearing the same name as the bank in order to steal customers’ banking details, which include username and password.
The incident was another reminder of the risks in the increasingly different scam and phishing tricks on online and mobile users deployed last year to steal money during the Covid-19 pandemic, which Kaspersky researchers have been highlighting.
“In terms of mobile banking, it is another aftermath of the pandemic situation. We are using our phones more and more either for banking or e-payments. And with 103,573 mobile malware attempts we detected and blocked in Malaysia last year, it is clear that cybercriminals know where the money is,” said Chris Connell, managing director for Asia Pacific at Kaspersky.
He said links to these copy-cat sites are normally sent through SMS, email or social messaging platforms with an urgent note requesting the recipient or customer to log-in or update their bank account details.
“There’s always the potential for problems, but it is a trend worth noting as this situation is stretching across the world as well as in Malaysia. Businesses and individuals should be critical of messages and emails related with topics such as vaccines and monetary aids,” he added.
Connell said without taking the necessary precautions, customers’ accounts can be compromised and the risks and consequences that can ensue.
To help Malaysians avoid from falling as prey and to ensure safe transactions, Kaspersky issues some simple but important cybersecurity reminders:
- Check website’s domain name thoroughly – particularly if redirected to the website from another page of email. Scammers may sometimes change a letter with a same-looking symbol or adding a word which may sound legitimate.
- Avoid clicking any links – key in the URL manually whenever accessing your online accounts.
- Look out for additional information about the domain – if you are unsure, you can refer to Whois Lookup domain checker, which gives information about who owns the domain.
- Check if a site’s connection is secure; https:// instead of http:// – ‘s’ stands for secure, and ensure to check for the display padlock icon in the URL address bar. HTTPS encrypts your information so your connections are secured.
- Indication of trustworthiness – red flags include poorly written website copies, with numerous spelling or grammatical mistakes.
- Beware of any requests for your details or money – avoid sending money or providing credit card details, online account details, or copies of personal documents to anyone you do not know or trust.
- Avoid clicking on links or opening attachments in suspicious emails or texts – never response to unsolicited messages and calls asking for personal or financial details.
- Review your privacy and security settings on social media – be careful with who you connect with and learn to use your privacy and security settings.
- Resist the pressure to act immediately – legitimate businesses will give you time to make decisions.
- If it seems too good to be true – Be wary of offers that sound too good to be true. It likely isn’t genuine, legitimate or true.
- Eliminate vulnerabilities – in your operating system and applications. Always ensure that the operating system and all applications on your computer and other devices have the latest updates installed.