Banking scams are wreaking havoc in Singapore and Malaysia, why?


(Source – Shutterstock)

For businesses and consumers banking in the Singapore and Malaysian markets, it is quite difficult to miss the upsurge in financial scams over the past two years. The increase in financial data breaches has been very noticeable across the Asia-Pacific (APAC) region since 2020, when pandemic-caused stay-at-home orders saw a wide range of cybercriminals and fraudsters emerge from the carpentry and conducting phishing scams, malware and ransomware attacks to name a few.

New data from Check Point Research indicates an increase in scams targeting the banking industry globally, with banks “attacked an average of 700 times per week over the past year, a 53% year-on-year increase.” year-on-year,” said Arthur Ng, country manager, Malaysia, Check Point Software Technologies.

The Check Point Threat Intelligence report goes on to point out that all industries and businesses face the specter of cyber risk, but some sectors are more susceptible than others, due to the fact that they are much more frequently targeted, which places these spaces on a much higher level. risk, because more frequent attacks mean a much higher probability of successful intrusions.

Of all industries, the finance and banking industry “stands out” for its large attack surface for scams, not to mention the appeal of bad actors due to the profitability of a scam or breach. successful in this tightly regulated industry.

In Southeast Asia’s largest economies like Singapore and Malaysia, malicious actors are becoming more creative and resourceful in tricking unsuspecting consumers or workers of business entities, such as e-phishing campaigns. -emails that cleverly use social engineering tactics to impersonate legitimate users and demand what might seem like genuine money transfer requests and requests for sensitive personal information.

Scams targeting OCBC bank accounts in Singapore rocked the island nation in late 2021 and early 2022, with a sharp rise in “smishing” scams, which are phishing attempts carried out via text messages. Cybercriminals deceive victims by sending so-called bank text messages claiming that there are problems with their bank accounts or credit cards.

The text messages allegedly contain a link to a fraudulent website, disguised as a legitimate banking website requesting banking information and passwords, leading to at least 790 people being scammed into parting with funds and resulting in losses of at least 13.7 million Singapore dollars. And it was even with OCBC’s use of a Fraud Monitoring System (FSS), the first Singaporean bank to harness artificial intelligence and machine learning to combat financial fraud, which successfully clawed back SG$8 million (US$5.95 million) in fraudulent transactions last year.

Meanwhile, major Malaysian bank Maybank has issued warnings to its customers about the new “SMSSpy” campaign explicitly targeting Android users in Malaysia. SMSSpy malware can view all text messages sent to the mobile phone including obtaining TAC numbers for internet banking.

These cross-causeway SMS-based campaigns show how the scams are very mobile-centric, with the majority of internet banking users in the region accessing it from their smartphones. And as you can see, there is an array of attacks on mobile devices, and it can happen at all levels: malicious apps, network attacks, and exploiting vulnerabilities between mobile hardware and the operating system.

The threat surface affecting organizations is also very wide in the region, with the Check Point Threat Intelligence report highlighting that an organization was attacked 1,286 times per week on average in Malaysia over the past 6 months.

The study indicates that 87% of malicious files delivered in Malaysia in the last 30 days were delivered via email, highlighting the popularity of invasive email scams, as well as other common banking threats such as as disruptive denial-of-service (DDoS) attacks that can invade a system of sensitive financial data and are often the basis of a ransomware attack, as well as sophisticated attacks orchestrated by nation-state-sponsored operators.

According to the country director of Check Point in Malaysia, controlling such a large threat surface means that a country like Malaysia must restructure its legislation. “Government, telecommunications providers and banks all have an active role to play in protecting consumers. However, it takes a lot of time, planning and resources to bring these plans to fruition,” Ng admitted. “A long-term plan will require calibrated management at multiple levels. The good news is that the banks and the government have already started to take steps in the right direction to remedy the situation.

Already, Malaysian online banking services are reducing exposure to scams by encrypting transactions with multi-factor authentication (MFA) and other layers of security, so they will be less dependent on notifying customers through platforms. less secure like SMS. Rather than exposing sensitive services and data to a third-party service provider like SMS systems, strengthen their own perimeter protection so that control is back in the hands of financial institutions.

To secure their networks and internal systems, it is essential for banks in the region to prevent future attacks by leveraging additional security solutions accessible through secure transaction gateways known as Application Programming Interfaces (APIs), that can help further optimize endpoint security. , sealing both user devices and system software.

It is essential that banks seize available security measures as soon as possible, as transaction data and personal and sensitive user data are exposed at an exponential rate in this part of the world.


Comments are closed.