Malaysian website that helps users check if they have been hacked is fake, creator warns

A screengrab of the website, which purports to help users check if their personal data has been compromised.
A screengrab of the website, which purports to help users check if their personal data has been compromised. PHOTO: SCREENGRAB FROM WWW.SIAPAKENAHACK.COM

PETALING JAYA - The viral Malaysian website which claimed to help users check if their personal data had been compromised is fake, its creator said on Sunday (Nov 19), warning that it was aimed at educating Malaysians to be vigilant of fake websites.

A check of the now-viral website by The Star shows that it claims to have been developed by the Ministry of Malaysia National Cyber Communication Council (MNCCC).

However, a page opens up after a visitor submits their phone number claiming that it is "a fake website to teach you about phishing schemes".

The page also revealed that the MNCCC Ministry did not exist.

The creator of the website, C.F. Fong said on Sunday that the site was meant to be educational, The Star reported.

"The whole idea is to educate people because recently people were keying in their identification card (IC) numbers into the website," said Fong, the founder of security services company LGMS.

He was referring to another popular website created by tech blogger Keith Rozario that allows the public to check if their personal data had been stolen.

Fong said that the best way to check whether an IC number has been registered with different phone companies is to check with the telecommunication companies directly and not a website.

"You shouldn't depend on any broker or third party to find out," he told The Star.

The public concern over such data breaches come as the Malaysian authorities is investigating a massive online leak of data involving 46 million mobile phone users.

Authorities have traced that data leak to an Internet Protocol address in Oman, the New Straits Times reported on Saturday (Nov 18).

Inspector-General of Police Mohamad Fuzi Harun said a team comprising police and Internet regulator Malaysian Communications and Multimedia Commission (MCMC) had some leads on the case and those involved had been identified. But no arrests had been made so far.

The data breach, which took place in 2014, involves the personal details of tens of millions of Malaysians. At one point, the data had been put up for sale online.

The breach appears to be one of the largest leaks of customer data in Asia and has alarmed many in Malaysia, whose total population is 32 million.

Fong said Malaysians should always double check to ensure that the sites they key in their information to is legitimate.

He said that about 500 people had put in their phone numbers into his website since Sunday morning.

"Someone can create a similar website like this but with sinister motives. The moment you key in your phone number, a prompt may ask you to install a plug-in or simple software for verification," he said, adding that people were usually less defensive when asked to key-in their phone numbers.

Fong said this was the time when the website could send malware or ransomware for hackers to hack into the account.

"The correct procedure is not to key in anything on any website that you are unsure of," he said.

Fong added that there were telltale signs on the website that should have revealed that the website was not real.

"The Malaysian coat of arms is not real. The tigers had no tails and there were only three instead of five keris," he said.

He said people naturally let their guard down when they see something familiar.

He also advised Malaysians to be extra careful of sites that asked for personal information, especially websites they were not familiar with.

"If you are more technical and IT savvy, you could actually check the origin of the website, the owner, the place the website is hosted and also by Google-searching the website," said Fong.

The site was blocked on Thursday by the MCMC and Rozario has said the site will be taken down on Sunday (Nov19).