News: Beware of financial phishing scams

This article first appeared in Personal Wealth, The Edge Malaysia Weekly, on April 24, 2017 - April 30, 2017.
-A +A

Mobile phone users need to be aware of the cyber threats they may be exposed to and take the necessary actions to prevent malicious attempts to hack their devices to get their financial information, according to Sylvia Ng, general manager of Kaspersky Lab Southeast Asia. 

She says phishers use various techniques to trick mobile phone users into accessing fake websites, including sending email written in good business style, spoofing the header of the email to make it look like it came from a legitimate bank and even using the bank’s actual logo. The aim of these scams is to obtain valuable personal information from users such as their banking account numbers, login usernames and passwords that they use for online banking. 

“The criminal creates an almost 100% perfect replica of the chosen financial institution’s website, then attempts to trick the user into disclosing personal details such as the username, password and personal identification number by providing a form on the fake website. The criminal then uses the personal details to steal your money,” says Ng.

“Typically, the fake email informs recipients that the bank has changed its IT infrastructure and requires customers to confirm their user information. When the recipients click on the link in the email, they are directed to the fake website, where they are prompted to divulge their personal information.”

Mobile phone users should be more wary of banking phishing scams as they were the most common globally last year. According to the statistics compiled by Kaspersky Lab, one in four cyberattacks (25.76%) used fake online banking information or banking-related content. That was 8.31% higher than in 2015.

Financial phishing attacks increased 13.14% last year from 2015, making up almost half (47.48%) of all phishing attacks blocked by Kaspersky Lab’s heuristic detection technologies last year — the highest ever registered by the company. 

Ng says Malaysians should be suspicious of any messages they receive from unknown or untrusted sources. “Check the email address, as well as the body of the email, for spelling errors. Banks never misspell words and always have good grammar. 

“Do not click on links. Type it out in the address bar yourself. Do not open attachments in a message unless you are completely confident about its contents. Be wary of file name extensions. And finally, if you are suspicious, simply delete the message.”

Kaspersky Lab found that in the middle of last year, the number of Android users who had been attacked was increasing at an exponential rate. The number jumped to 75,000 in October from just 3,967 in January, bringing the total to 305,000 worldwide. 

The countries with the highest number of users attacked by Android banking malware were Russia, Australia and Ukraine. Although the number of attacks in Malaysia was very small, local users are still vulnerable, due to their lack of cyber savviness, says Ng.

She points out that cyber criminals can trick consumers into downloading fake apps that look like the genuine ones, allowing a backdoor entry into users’ devices. Although such incidents have not been reported yet, the probability of cyber criminals putting fake apps on app stores remains high, she says.

“Users should also manage how each app interacts with their devices. Failure to maintain settings such as tracking user locations and sharing data with third-party servers may result in unused apps gaining access to information on the device without you being aware,” says Ng.

“It also helps to regularly ‘spring clean’ their device by cleaning out and refreshing the information stored, determining what information is stored on which apps and what permissions each programme has. Using software cleaners such as the one integrated into Kaspersky Lab’s flagship security solutions to scan all the applications installed on your device and marking those that pose potential risk or are rarely used is a good idea.” 

According to Ng, no device is immune to malware. “Even the Blackphone, a smartphone often touted as the most secure and privacy-oriented, is no different from Android smartphones when it comes to malware infection. In our tests, a real-world banking Trojan was able to steal credentials from a mobile banking app installed on Blackphone,” she says. 

Ng says the older generation tend to be more trusting and, thus, are more vulnerable to these scams. “In many cases, they cannot make the most of their devices, install the software they need or apply appropriate security settings. Therefore, the younger generation must acknowledge that their older family members face serious risks when it comes to cyber attacks.” 

In terms of computer devices, the cybersecurity company found that the rising popularity of the Mac operating system (MacOS) in recent years has made its users a prime target for cybercriminals. In fact, of the financial phishing scams detected last year, 31.38% impacted MacOS users.

However, this does not mean that PC users are safe, says Ng. Users of both operating systems should take the necessary steps to ensure that their systems are protected as the risk of malware and other web threats continue unabated year after year.