Cyber crooks using ‘try your luck’ modus operandi
PETALING JAYA: It’s not just e-mails and invoices. Cyber crooks have also altered bills of lading, return forms, claim forms and declaration forms, Universiti Sains Malaysia criminologist and psychologist Dr Geshina Ayu Mat Saat said.
The “try your luck” modus operandi, she said, surfaced a few years back but was not as popular as other fraudulent methods because it is time consuming with no guarantee of success.
“The modus operandi isn’t easy to pull off as it needs constant correspondence monitoring and interception.
“If it works, the criminals will continue siphoning money or valuables until the account is dry or until they’re busted,” she said.
With the Internet, hacking and siphoning can be done from anywhere in the world.
And the crime may have gone on for sometime before the account owner becomes aware.
She said businesses must ensure that their electronic correspondence is protected. Private and confidential information shared must be counter-checked.
“Both buyer and seller must check with each other the content and account details of their transactions. Get the bank to reconfirm with the paying party that a transaction will be made.”
Correspondence, she said, should also have a transaction validity duration – for example, “to be settled in two weeks”.
This gives both parties the same time frame to reduce fraud, interception and other forms of commercial crime, she said.
“After the transaction validity duration date, the recipient of the money or goods should contact the other party.”
Once done, copies of the completed transaction should be communicated to the other party for confirmation.
Bukit Aman Commercial Crime Investigation Department (CCID) intelligence and operations deputy director Senior Asst Comm Roslan Abdul Wahid said earlier this year, police probed a case of two foreign companies that dealt with heavy machinery.
In another case last year, SAC Roslan was called to assist US authorities after a university in Georgia fell victim to hackers who were based in Malaysia.
“A few million was siphoned out of the university which included the salaries of lecturers. Some IDs of female students were also hacked.”
SAC Roslan said the CCID managed to zoom in on two Africans who were both charged in court and are now serving their jail sentence in the Sungai Buloh prison.
He said the Immigration Department must work together with the police in weeding out such foreigners who had misused their visas for criminal purposes.
Symantec Malaysia (systems engineering) director David Rajoo said business e-mail compromise (BEC), or CEO fraud, is a problem for companies.
BEC scams are low-tech financial fraud in which spoofed e-mails from CEOs are sent to financial staff to request large money transfers.
The e-mail poses as a message from the targeted company’s CEO, he said. While they require little expertise and skill, the financial reward for fraudsters can be high.
He said fake wire transfer request e-mails are on the rise.
“The scammer sends an e-mail, pretending to be someone known to a target recipient. He knows your name, your e-mail address and a little bit about you.
“They’re selective about who they target to avoid organisations becoming aware of the attacks.”
Association of Banks Malaysia executive director Chuah Mei Lin advised the public to run a virus scan on their computers and contact the e-mail service provider if the account has been hacked.
“Change your e-mail password regularly and avoid using easy to guess passwords. Always use a personal firewall and ensure that the computer’s anti-virus programme is up to date,” she said.
He (scammer) knows your name, your e-mail address and a little bit about you. David Rajoo