This article first appeared in Forum, The Edge Malaysia Weekly on May 17, 2021 - May 23, 2021
Last Friday, an acquaintance lost RM102,000 in a scam that typically targets those who are not familiar with online banking practices.
The retiree received a call from one Mr Alex, informing her that someone was using a credit card under her name to make a purchase of RM3,000. The retiree was told to call Bank Negara Malaysia at a given number to block the card and update her details.
When she called the number, she got one Mr Tan, who advised her to move her money out of two accounts that were with two different banks. The retiree gave her TAC/OTP numbers as instructed, resulting in her daily transfer limits being increased. The money from the two banks was transferred to another local bank linked to the scammer’s phone.
The irony is that the retiree even thanked the fake Mr Tan for his assistance. Later, she saw messages and e-mails from the bank and realised the number she called was not a Bank Negara line, and that she had been scammed.
Cybercrimes had already been on an increasing trend as more people opted to conduct their financial transactions through online and e-payment systems but, according to international cybercrime organisations and cyber security companies, the numbers have grown during the pandemic.
Trend Micro, a global cyber-security company, concluded that the pandemic has been marked by a significant rise in spam messages, malware attacks and phishing emails. According to the company, a study showed spam messages multiplying 220 times between February and March 2020 while deceptive URLs increased by 260%.
The deceptive URLs lead to download of malware or phishing attacks, which cause private data to be compromised.
In Malaysia, Bank Negara keeps cyber scams in check through suspicious transaction reports (STRs), which is one of the tools used to detect crimes. Some 14 institutions, under anti-money laundering legislation, furnish information to the central bank on any cash transactions that exceed certain amounts.
These institutions includes dealers of precious stones, insurance companies, and even money lenders and pawn brokers.
According to Bank Negara, the number of STRs submitted by reporting institutions increased by 18% to 133,978 in 2020, a year when more people were forced to undertake banking transactions online. Specifically, Bank Negara observed significant increases in STR submissions relating to fraud, illegal gaming and suspected tax offences.
The STRs resulted in 50 persons being charged for corruption and illegal gambling activities. Also seized were items worth more than RM366 million while more than RM172 million was recovered.
The Covid-19 pandemic has changed the way people work, learn, shop and do their banking. Banks close an hour earlier than normal operating hours and the number of people allowed entry into banking premises is restricted as well.
It has resulted in less face-to-face engagements and a higher volume of online transactions and purchases. The changes have paved the way for cyber fraudsters to take advantage of a bigger pool of people who are weak in IT knowledge and filled with anxiety when it comes to banking transactions.
The losses incurred by individuals and companies due to cyber fraud are generally not published. From individuals to small businesses and corporations, cyber criminals have been capitalising on reduced public engagement to make money.
According to the findings of a joint study by regional regulatory authorities and cyber security firms such as Cyber Defence Institute and Kaspersky, among others, countries in Asean, due to its position as the world’s fastest-growing region in digitalisation, have become prime targets for cyber attacks.
Increasingly, corporations are the targets, according to the study that was coordinated by a Singapore-based secretariat.
In 2020, among those affected were Lazada’s online grocery platform RedMart, ST Engineering Aerospace, Tokpedia of Indonesia, and hospitals in Thailand. In Malaysia, there have also been cases of corporations coming under cyber attacks.
Local financial institutions and media organisations have had their systems held to ransom by cyber criminals. However, very little has been said or reported on these incidences. There is little publicity because the damage caused is small and the corporations fear of damage to their reputation.
A study by Deloitte shows that it takes 201 days to identify a cyber breach, which means the cybercriminals have more than six months to plan an attack. The execution of the crime takes only 45 minutes, when a corporation’s system is frozen.
The actions affect customers and those along the supply chain. The study found that 31% of the victims come out having a destructive experience.
Most of the time, corporations pay a ransom in various forms. Towards this end, cryptocurrencies such as Bitcoin are widely reported to be associated with cybercriminals. They get paid through digital coins, and how they convert that into fiat currency is another process altogether.
Strangely, the pandemic that is causing an increasing number of Covid-19 infections globally and the growing cybercrimes around the world are all happening in a similar synchronised tempo with that of the rise and rise of Bitcoin.
There are thousands of digital coins, and leading the charge is Bitcoin, which is now at US$54,000 compared to only US$8,400 a year ago.
The latest large corporation to suffer a ransomware attack is US-based Colonial Pipeline Company, which was forced to shut down its pipeline along the east coast, affecting its supply chain. The US declared a state of emergency to transport supplies via alternative modes.
The incident has once again stirred debate on cyber security and how governments around the world need to work in a coordinated manner to weed out the cybercriminals. In the case of the Colonial Pipeline Company, the attackers are said to be based in Russia.
The fear is that if major infrastructure, such as an oil and gas pipeline, in the US can be hacked, those in developing countries, including in Asean, would be more vulnerable. In Thailand last year, cybercriminals targeted the healthcare industry as they felt that the hospitals were making more money due to the pandemic.
So, while the Covid-19 pandemic has expedited the digitalisation of the region’s economies, are we really prepared for the ugly side of an offline working — as well as living — environment?
M Shanmugam is contributing editor at The Edge
Save by subscribing to us for your print and/or digital copy.
P/S: The Edge is also available on Apple's AppStore and Androids' Google Play.