JOHOR BARU (THE STAR/ASIA NEWS NETWORK) - Dozens of people in Malaysia have been duped by a syndicate which gained access to their online banking accounts and siphoned the money.
This has resulted in hundreds of thousands of ringgit being "transferred out" since the cases first emerged several months ago.
It is understood from reliable sources that the syndicate somehow managed to get hold of the account holders' usernames, passwords and contact details.
Security sources said that when doing an online transaction, the syndicate usually needed an account's username, password and TAC numbers.
TAC numbers are six-digit numbers sent to a registered account owner's mobile phone for verification.
"To get the TAC numbers, the syndicate members would contact the genuine account holder and dupe him into revealing the TAC numbers through the phone.
"They would usually call the victim and say that they registered the wrong mobile number when registering their online banking and that their TAC was accidentally sent to the victim instead," said a security source.
The unsuspecting account holders would reveal the TAC details to the syndicate members, who would then use it to start transferring money from the account.
The sources cited a case of a genuine account holder who was duped up to six times into revealing his TAC number in one day.
It is believed that at least two commercial banks have been affected in recent months.
Asked how the syndicates were able to get hold of all the account details and passwords, sources said there could have been a "data breach" involving the banks or other parties.
The sources said some personal information could also have been purchased or obtained via other means.
In Johor alone, there have been at least a dozen cases with losses amounting to thousands of ringgit.
It is understood that in one case, a retiree in his 50s lost his savings amounting to almost RM30,000 (S$9,900).
Sources said the victim claimed that he received the TAC number on his mobile phone and within minutes a person called him, saying he had registered the retiree's mobile number by accident and wanted the TAC details to rectify it.
"The victim called the man at least six times and started making transfers of between RM60 and RM10,000 to various accounts," one source said.
In another case in Kluang recently, a teacher in his 30s was also duped of several hundred ringgit by a person who wanted the TAC number, claiming that his wife had registered the wrong mobile phone number.
Federal Commercial Crimes Investigations Department deputy director (intelligence and operations) Senior Asst Comm Datuk Mohd Sakri Arifin, when contacted, advised the public not to disclose their details to anyone.
"Never reveal your personal online banking details, including TAC numbers, to anyone on the phone.
"Always hang up such calls and check with the bank. The bank will usually contact customers via official letters," he said.