Protecting Banking Credentials Against Malware This Festive Season

11/05/2022 10:14 AM
Opinions on topical issues from thought leaders, columnists and editors.

By Dickson Woo

While threat actors continue to grow in numbers and sophistication globally and locally, a recent malware campaign targeting online shoppers’ banking credentials in Malaysia was able to make off with sensitive data despite being fairly unsophisticated. Through social engineering tactics and phishing, the cyber criminals impersonated legitimate businesses and utilised Facebook advertisements to tempt potential victims into downloading Android malware from a malicious website. Victims then had the option to complete payments either via credit card or transferring the required amount directly from their bank accounts.

After picking the direct transfer option, victims were presented with a fake FPX payment page to enter their credentials for eight Malaysian banks.

With the Hari Raya Aidilfitri celebrations, cyber attackers are on the prowl to capitalise on poorly fortified digital platforms, SMS or emails offering discounts and digital payment platforms for shopping and sending festive monetary gifts, known locally as “duit raya”. Malaysians must remain vigilant and protect their sensitive data or personal identifiable information while enjoying the convenience of online transactions.

Here are some tips for Malaysians to improve their cyber hygiene:

  • Due diligence and scrutinising websites for inconsistencies, such as mismatched fonts, inconsistent use of colours, changes in language usage, different prices or descriptions in various text among others.

  • Watch out for URLs that use names of well-known brands along with extra words and characters. Look for “https” and a lock symbol in the web address to indicate that information sent between your device and the site in question is encrypted.

  • Keep an eye out for typos and grammar, as most corporations hire copy editors.

  • Verify if you have doubts about a site being impersonated. Send an email to the company before you make a purchase.

  • Don’t buy impulsively and remain sceptical of offers that are below market prices. Like the old adage, if it’s too good to be true, it probably is.

  • Don’t panic. If you feel you have been the victim of a scam, contact your bank immediately and inform them of a potential scam.

For businesses, beyond alerting customers to threats such as phishing, online shopping scams and unauthorised transactions, ensuring their digital architecture is protected is imperative. Through zero trust and AI-powered, automated solutions, businesses will be able to coordinate threat detection in real time across all deployments.

Being proactive on cybersecurity is imperative to engendering confidence. This enables consumers, enterprises and financial institutions alike, to fully enjoy e-commerce and digital finance that is hassle-free. However, a lack of education, vigilance and awareness can lead to a deficit in trust.

As we approach the end of the holy month of Ramadan, Malaysian consumers, enterprises and financial institutions must come together to ensure that their mutual dependence on secure digital transactions is not jeopardised.


Dickson Woo is Country Manager of Fortinet Malaysia.

(The views expressed in this article are those of the author(s) and do not reflect the official policy or position of BERNAMA)