Enhance fraud detection, checking banking fraud

 

CLICK TO ENLARGE

Calls for improvements in detecting suspicious banking transactions

 KUALA LUMPUR: Banks and financial institutions are facing growing scrutiny on whether measures are in place to detect suspicious online transactions before customers fall victim to scams.

The issue has come under renewed focus following a Sessions Court ruling ordering a bank to compensate a customer RM166,000 over suspicious online transactions that went undetected.

As scams evolve, banks are facing heightened urgency to identify unusual transaction patterns and act fast, particularly as fraudsters exploit human behaviour and then move in to breach banking systems.

At a Bank Negara workshop on consumer protection and fair conduct reforms, its officers said existing laws protect the confidentiality of customer information and personal data in the financial sector.

“Financial institutions are robust but there is always room for improvements,” the officers said yesterday.

They said enforcement actions had been taken in instances where breaches were identified, including requiring the institutions involved to implement corrective action plans.

The officers also said Bank Negara continued to monitor banks on consumer protection and compliance matters.

In its latest annual report, the central bank stressed the need to strengthen fraud detection systems and reinforce internal safeguards to combat sophisticated online scams.

The central bank said banks and non-bank financial institutions were required to adopt advanced fraud detection measures and strengthen internal safeguards to quickly intercept suspicious transactions.

It also stressed for a proactive approach to prevent fraudulent transactions from escalating.

The central bank said that in recent years, financial institutions had strengthened various security measures including tighter fraud detection rules and triggers, cooling-off periods for new device registrations and stronger authentication methods.

These measures contributed to a 52% decline in unauthorised fraudulent transactions involving malware and phishing reported in 2024, and prevented over Rm399mil in attempted fraudulent transactions, it said.

However, Bank Negara also acknowledged that fraud patterns were becoming increasingly complex and harder to distinguish from genuine customer activity.

Bank Negara said banks and consumers shared responsibility for safeguarding digital banking security, but reiterated that financial institutions had to determine whether weaknesses in their internal controls contributed to fraud incidents.

It also introduced the Selfcompensation Framework for Fraud Transactions (SEFT) under its Policy Document on Ensuring Fair Treatment for Victims of Unauthorised e-banking Transactions.

SEFT outlines how banks should assess fraud cases and determine compensation based on the responsibilities of both financial institutions and customers.

According to Bank Negara, more than 95% of online fraud cases in Malaysia involved authorised transactions – where victims were manipulated into willingly transferring money to scammers.

Federation of Malaysian Consumers Associations (Fomca) vice-president Datuk Indrani Thuraisingham agreed that banks should adopt more proactive intervention measures when transactions appear inconsistent with a customer’s normal behaviour.

“Banks are clearly not doing enough. Fraudsters now exploit human behaviour more than banking systems,” she said.

“Banks must transition from passive logging to active, pre-emptive intervention.”

https://www.thestar.com.my › nation › 2026/05/22 › sle...

Related post:

Banks must rethink fraud controls as AI risks rise

Sleek scams call for both banks, customers to play their part

The Star

https://www.thestar.com.my › nation › 2026/05/22 › sle...

Beef up cybersecurity now

 

Cyberattacks likely if action not taken, says bukit aman

KUALA LUMPUR: Companies and organisations must beef up cybersecurity to prevent breaches and cyberattacks, says Bukit Aman.

Bukit Aman Commercial Crime Investigation Department (CCID) director Comm Datuk Seri Ramli Mohamed Yoosuf (pic) said cyber attacks are quite prevalent worldwide with millions of attacks per year and tens of thousands daily.

“Thus, it is imperative for companies and organisations to beef up their cybersecurity systems such as firewalls to prevent breaches.

“If it is not done, sooner or later, an organisation or entity might face a cyberattack,” he told The Star recently.

Comm Ramli said the CCID is working closely with other agencies such as Cyber Security Malaysia and the Malaysian Communications and Multimedia Commission to take action on data breaches.

He said the CCID managed to bust a syndicate that attempted to sell stolen data in September.

“We detained five men, including a Pakistani, in an operation codenamed Ops Kapas, with other agencies, including Cyber Security Malaysia.

“The syndicate stole 400 million pieces of data of Malaysians, including names, MyKad, addresses, bank accounts and phone numbers.

ALSO READ: Smaller firms lack budget for cybersecurity

“They had hacked systems used by companies and agencies to obtain the data.

“Those who want access to the data are charged between RM200 and RM800 per month,” he said.

(Click To Enlarge)

Investigations showed the syndicate was operating for about a year.

“Two of those detained – a Malaysian and a Pakistani – were a web portal designer and a hacker.

“Three other individuals were agents and unlicensed debt collectors, who bought the stolen data,” he said.

Investigations showed the Pakistani man as the syndicate’s mastermind due to his hacking skills.

“We believe he entered Malaysia as a general worker 10 years ago,” he said.

Comm Ramli said syndicates are using the “shadow world” of the Internet to look for potential customers of the stolen data.

ALSO READ: Shields up around Malaysia’s cyberspace

“The syndicate would sell the stolen data on the dark web to other syndicates such as scammers as well as unlicensed debt collectors,” he said.

Meanwhile, checks by The Star on the dark web showed that transactions are made using cryptocurrency, particularly bitcoin, which makes following the money trail difficult.

Among the finds on the dark web was the alleged sale of staff members’ and customers’ data of a low-cost airline.

Another search result showed that hackers have sourced the login ID of users of different banks from different countries and were promoting their service which includes transferring any amount of money for a fee.

“We have gathered bank logins of different banks and countries as a result of automated Malware/Trojan we spread online once the individual logs into his/her online banking account, it grabs the person’s banking details, it is very powerful and can get access to accounts, bank database and bank server,” the promotional literature of the service read.

(Click To Enlarge)

“With these services, you just place an order to get any amount you need and we will look up the bank login we have available and make transfers to any account you provide.

Our services are efficient, reliable and safe,” it said, adding that bank transfers are available to countries such as Malaysia, the United States, the United Kingdom, the United Arab Emirates, Canada, Australia, Netherlands, China and Switzerland.

These hackers are charging US$450 (RM1,990) for bank transfers amounting to US$2,000-US$4,000 (RM8,848-RM17,696); US$750 (RM3,318) for bank transfers amounting to US$5,000-US$7,000 (RM22,122-RM30,969) and US$1,050 (RM4,645) for bank transfers amounting to US$8,000-US$10,000 (RM35,393 - RM44,241).

Source link

Related stories:

Smaller firms lack budget for cybersecurity

Shields up around Malaysia’s cyberspace

Make clear who’s in charge now, say stakeholders

Related posts:

Expert calls for NSRC overhaul as millions lost to scammers posing as NSRC officials

 

OTHERS:

Mohammed al-Bashir officially takes over Syrian ...

No banking on hacked phones

 

PETALING JAYA: Customers with compromised devices will be temporarily restricted from accessing banking apps as banks in Malaysia roll out a feature that detects high-risk malware and suspicious remote access.

In a statement yesterday, the Association of Banks Malaysia (ABM) and Association of Islamic Banking and Financial Institutions Malaysia (Aibim) said the feature, called malware shielding, will be embedded within the banks’ native mobile banking apps.

Both organisations stated that the feature is designed to prevent unauthorised transactions, protect customers’ funds, and shield them from malware scams.

“It will essentially alert or block customers from conducting banking activities on compromised devices,” said the statement. 

Banks that have enabled the feature on their mobile banking apps include Alliance Bank, AmBank, Bank Muamalat, Bank Simpanan Nasional, CIMB Bank, HSBC Bank, Maybank, MBSB Bank, OCBC Bank, Public Bank, RHB Bank, Standard Chartered, and UOB Bank.

“Emphasising customer privacy, malware shielding is only activated upon the customer launching the mobile banking app and does not run in the background 24/7,” said ABM chairman Datuk Khairussaleh Ramli in the statement.

He added that customers’ banking information and personal data will remain confidential.

Bank Negara governor Datuk Seri Abdul Rasheed Ghaffour said the fight against online scams is a shared responsibility, welcoming the move by banks to enhance online banking apps with added security features.

“This helps to create a more secure banking environment for all Malaysians. We also urge members of the public to remain vigilant against requests to download apps from unofficial sources,” he added.

Customers are advised to reach out to their banks’ 24/7 fraud hotline for assistance should they encounter a temporary restriction.

When contacted, National Cyber Security Agency (Nacsa) chief executive Dr Megat Zuhairy Megat Tajuddin said the measure is well-suited to address specific challenges faced by users in Malaysia as cyber threats are becoming increasingly sophisticated and prevalent.

“In 2023, 40% of the total incidents monitored by the National Cyber Coordination and Command Centre (NC4) were malware-related. In 2024, up until June, the NC4 handled 34% of incidents related to malware,” Megat Zuhairy said.

While the temporary restriction is regarded as an important preventive step, Megat Zuhairy said its effectiveness is also dependent on users.

“They need to adhere to recommended cyber hygiene practices such as to only download apps from official platforms and avoid performing online activities through unsecured WiFi networks,” he said.

Malaysia Cybersecurity Community rawSEC chairman Ts Tahrizi Tahreb said the malware shielding technology could potentially prevent several types of banking malware that are used by hackers to infiltrate devices and perform unauthorised financial transactions.

“Some of them include Cerberus which can mimic legitimate banking app interfaces to capture user credentials and one-time passwords through overlays and screenshots,” he said.

Tahrizi added that another type of malware called Gustuff has been known to target over 100 banking apps and can automate bank transactions on compromised devices.

“These malware types often exploit vulnerabilities in mobile banking applications, making them prime targets for shielding technologies,” he said.

Malaysia Cyber Consumer Association (MCCA) said the initiative represents a proactive approach to addressing the growing threat of cyberattacks on financial systems.

“However, MCCA also emphasises the importance of implementing this feature with caution, transparency, and a strong focus on user education,” its chairman Siraj Jalil said.

He added that the criteria used to define a “compromised device” must be transparent and precise.

“The effectiveness of such a solution hinges on its ability to accurately identify compromised devices without generating false positives. A significant number of false positives could lead to legitimate users being locked out of their banking apps, causing unnecessary frustration and potential financial disruption.

“If users find themselves frequently locked out of their apps, they might resort to using web-based banking solutions, which may not be as secure as the mobile apps, or they could turn to unofficial methods to bypass the restrictions, further exposing themselves to risks,” said Siraj.

Tahrizi said banks can further enhance security and customer protection by implementing some additional measures.

“Banks should regularly test their apps through application security testing (AST) and infrastructure security testing (IST). All identified issues should be tracked, with priority given to remediating critical and high vulnerabilities,” he added.

Customers also need to be constantly reminded of the latest potential online scam attempts.

“Ongoing education and awareness of safe mobile banking practices, such as recognising phishing attempts and avoiding suspicious downloads, can empower customers to protect themselves, and this is a very effective first line of defence,” he said.

Source link 

Related posts:

THE FIGHT AGAINST CYBERCRIME IN FINANCIAL SERVICES

EXCLUSIVE On top of the scams list: Beating the cheats

 

Hackers grow more sinister and brazen in hunt for bigger ransoms

 

Cybercrime crews are increasingly turning to more sinister techniques to try to bend major companies to their will, abetted by new technology. — Image by freepik

A hack on a London hospital has left hundreds of millions of health records exposed and forced doctors to reschedule life-altering cancer treatments. In North America, a gang tried auctioning off data about LendingTree Inc customers after finding credentials in another breach. And in the recent compromise of car-dealership software provider CDK Global, hackers took the brazen approach of attacking not just once, but twice.

These recent high-profile incidents show how cybercrime crews are increasingly turning to more sinister techniques to try to bend major companies to their will, abetted by new technology.

"They’re becoming more aggressive in the ways they try to make money,” said Kevin Mandia, co-founder of Ballistic Ventures and the former chief executive officer of Google’s threat intelligence firm Mandiant. "It’s trying to create more pain so they get paid more, or they cause more disruption.”

The one-two punch approach used in the CDK incident indeed delivered a blow to its customers: Auto dealerships throughout the US were slowed for days. If a ransomware victim isn’t quick to pay an extortion fee, the logic goes, a second hit could be crippling enough to blackmail them into paying up.

Tactics like leaking sensitive records and double-hacks aren’t completely new, but have become more common and represent an evolution from traditional ransomware attacks, when scammers simply would encrypt data, demand a payment and then move to the next victim.

These days, when hackers ask for money, they’re sometimes refusing to negotiate ransom demands, according to one expert not authorised to speak about the matter, and they are insisting on extraordinary sums. The Russian-speaking hackers in the London hospital attack demanded US$50mil (RM235.92mil). UnitedHealth Group Inc made a US$22mil (RM103.80mil) payment to a cybercrime group after a February hack on the insurance giant’s subsidiary Change Healthcare.

Those kinds of demands point to hackers putting significantly more pressure on victims. The average ransom payment was US$381,980 (RM1.80mil) in the first quarter of this year, according to the incident response firm Coveware. 

Another reason hackers are growing more demanding: They’re getting smarter about picking their targets, homing in more often on victims whose systems are critical to entire supply chains. The so-called ransomware-as-a-service model has made this strategy easier. A core hacking group will develop and lend its malware to other scammers, known as affiliates, in exchange for a cut of their ransom proceeds.

This is a favourite technique of the group known as BlackCat, according to the blockchain analysis firm Chainalysis Inc. That’s one reason known ransomware payments exceeded US$1bil (RM4.71bil) in 2023, a new record, Chainalysis determined.

Harassing researchers

Hackers have also started to harass the researchers who investigate them.

One especially ruthless group is generating fake nude photos of them with artificial intelligence, said Austin Larsen, a senior threat analyst at Mandiant, a unit of Google Cloud. Similar groups have been alerting police to false emergencies at researchers’ addresses and publishing private information about them online, he added.

Recently, Larsen said his colleagues have taken what was for them an unprecedented step of removing their names from research reports they have written about some of the nastiest gangs.

Some extortionists make phone calls to executives who work at victimised organisations to try coaxing them into paying a fee. In other cases, attackers have called executives by spoofing the numbers of their children – a new tack that Charles Carmakal, chief technology officer at Google’s Mandiant.

"As these tactics get bigger and more aggressive, they’re going to be more disruptive to people’s ordinary lives,” said Allan Liska, an analyst at Recorded Future Inc, who compared the extortion methods to real-world violence like the kind in mafia movies.

"If you send somebody a finger, they’re more likely to pay a ransom,” he said. "This is the equivalent of that.”

Health-sector attacks

The attacks in the health sector show that some of hackers’ increased brazenness is apparent in the types of targets they’ve put in their sights.

Hospitals in London for weeks have struggled to overcome a hack that forced doctors to turn away patients. Seeking to further maximise their leverage, the gang behind the breach threatened to publish data stolen in the incident, ultimately making good on that promise.

In the Change Healthcare hack, thieves from the BlackCat cybercrime group caused outages and delayed payments at pharmacies and health-care organisations for weeks. Even after UnitedHealth made a payment to BlackCat, it had little visibility into whether patient data was safe.

A 2022 attack on Medibank, one of the largest health insurers in Australia, represented a transformative moment in digital crime tactics, said Carmakal of Mandiant. In that case, scammers demanded roughly US$15mil (RM70.78mil) in exchange for not going public with patients’ most sensitive health records. When Medibank declined to pay, extortionists leaked information about Australians who had undergone abortion procedures, and hackers called patients in hospitals in a coordinated harassment campaign.

Cybercrime campaigns have continued despite more action from international law enforcement. The problem is that hackers often work from countries that protect them from extradition to the West, Liska said. "They don’t fear retaliation,” he said.

US President Joe Biden has vowed to take on ransomware, and the Department of Justice has created its own ransomware task force to tackle such aggressive attackers. That effort has led to more arrests, Liska said, but not enough to keep pace with the proliferation of new groups.

That’s in part because it has become easier to conduct such campaigns. Hackers can find pre-made ransomware kits on the Internet, paying as little as US$10,000 (RM47,190) to attack US companies, according to Liska.

"Go mow the lawn for the summer and you'll make enough money to start your first attack,” Liska said. – Bloomberg

Related stories:

US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth

Hackers roil entire industries with attacks on IT supply chain