Syndicate targets Malaysian bank clients

In Johor alone, there have been at least a dozen cases with losses amounting to thousands of ringgit.
In Johor alone, there have been at least a dozen cases with losses amounting to thousands of ringgit.PHOTO: ST FILE

JOHOR BARU • Dozens of people in Malaysia have been duped into revealing security codes for access to their online banking accounts and had their money siphoned out.

This has resulted in hundreds of thousands of ringgit being "transferred out" since the cases first emerged several months ago.

Sources said the syndicate behind the scam had managed to get hold of the account holders' usernames, passwords and contact details.

But an online banking transaction requires the account holder to key in his username, password and TAC number. TAC numbers are six-digit numbers sent to the registered account owner's mobile phone for verification.

Said a security source: "To get the TAC number, a syndicate member would call the genuine account holder on the phone and dupe him into revealing the TAC number. He would usually call the victim and say that he had submitted the wrong mobile number when registering for his online banking account, so the TAC number was accidentally sent to the victim instead."

The unsuspecting account holders would reveal the TAC details to the syndicate member, who would then use it to start transferring money from the account.

The sources cited the case of a genuine account holder who was duped up to six times into revealing his TAC number in one day.

It is believed that at least two commercial banks have been affected in recent months. Asked how the syndicate was able to get hold of all the account details and passwords, sources said there could have been a "data breach" involving the banks or other parties.

The sources said some personal information could also have been bought or obtained via other means.

In Johor alone, there have been at least a dozen cases with losses amounting to thousands of ringgit.

In one case, a retiree in his 50s lost his savings of almost RM30,000 (S$9,900).

Sources said the victim claimed that after he received the TAC number on his mobile phone, someone called him within minutes to say he had registered the retiree's mobile number by accident and wanted the TAC details to rectify it.

"The syndicate member called the man at least six times and made transfers of between RM60 and RM10,000 to various accounts," one source said.

In another case in Kluang, a teacher in his 30s was duped of several hundred ringgit by a person who wanted the TAC number, claiming that his wife had registered the wrong mobile phone number.

Federal Commercial Crimes Investigations Department deputy director (intelligence and operations) Mohd Sakri Arifin advised members of the public not to disclose their details to anyone.

"Never reveal your personal online banking details, including TAC numbers, to anyone on the phone. Always hang up such calls and check with the bank. The bank will usually contact customers via official letters," he said.


A version of this article appeared in the print edition of The Straits Times on January 07, 2019, with the headline 'Syndicate targets Malaysian bank clients'. Subscribe