Showing posts with label bank. Show all posts

Sunday, June 23, 2024

illions stolen from bank with insider help; Theft prompts security review

KUALA LUMPUR: The suspects linked to the siphoning of millions from a bank targeted their victims based on insider information, says Bukit Aman.

Bukit Aman Commercial Crime Investigation Department (CCID) director Comm Datuk Seri Ramli Mohamed Yoosuf (pic)said the group stole the money in stages after they had identified high-value account holders.

“The money was taken out via the bank counter and the first one was conducted around April. Several more were done in May and June.

“With inside help, the money was taken out according to bank procedures. The case only came to light after an account holder went to the bank to update details,” he said at a press conference yesterday.

He said it was possible that syndicate members who were working in the bank also directly facilitated the transactions.

Among those caught included a bank manager.

Investigations showed that the mastermind had expertise in forgery and the syndicate members would use forged identifications to take money out of targeted accounts.

“The details would be the same but the photo and thumbprints would be changed,” he said, adding that forged documents were then used to facilitate the money transfers.

Meanwhile, another case has been detected, with losses involving RM551,000.

“This was done at another bank earlier in the year and we are also investigating that case,” he said.

When contacted, Comm Ramli said 13 people, including four bank employees, were detained recently in connection with millions of ringgit that vanished.

Arrests were mostly made in Kota Kinabalu with one suspect caught in Padang Besar, Perlis.

The case is currently being investigated under Section 420 of the Penal Code for cheating.

“The involvement of bank personnel in commercial crime is a very serious matter.

“In the past, we have encountered cases where bank personnel were complicit in crimes such as criminal breach of trust or embezzlement.

“There are also those who were in cahoots with theft or scam syndicates,” he said.

Comm Ramli urged financial institutions to improve their security such as tightening procedures or imposing stricter measures in regard to withdrawal from accounts.

“Such measures are necessary to prevent theft or missing funds from customers’ bank accounts.

“We feel that improvements are needed for the sake of the account holders,” he said.

From 2022 to June 15 this year, a total of 485 cases of missing funds from bank accounts have been recorded involving RM35.01mil in losses.

“From the overall statistics, this year alone we recorded RM25.76mil in losses and 65 cases.

“The highest number was 225 cases last year, but it involved only RM4.82mil, followed by 195 cases in 2022 involving RM4.42mil,” he said.

Besides the involvement of “inside men” in financial institutions, Comm Ramli said another factor that could have contributed to the missing funds was disclosure of banking details to a third party.

“Our investigations revealed that some victims might have intentionally or unintentionally revealed details of their online banking username and password,” he said.

Comm Ramli said scammers are known for using the phishing technique to dupe victims via email or text messages.

He advised the public to stay vigilant and be wary of tactics used by scammers.

Sorce link

Theft prompts security review

d9c10f09-7654-496c-af1e-0af847d1b361

PETALING JAYA: A recent embezzlement case involving bank staff in Kota Kinabalu has sparked calls for tighter security measures in financial institutions.

Universiti Sains Malaysia criminologist Datuk Dr P. Sundramoorthy (pix) said the recent case that saw over a dozen arrested was both concerning and a wake-up call.

“Although the number of wrongdoings and criminal acts by bank employees may be very minimal, it cannot be ignored.

ALSO READ: RM24.2mil fraud: BNM requests prompt refunds to all affected account holders

“The rakyat, investors and the business community depend on the banks to safeguard their money.

“We don’t have a choice in this matter.

“Banks must aggressively play a role in eliminating undesirable employees,” he said, adding that banks need to invest in internal security and loss prevention departments, even if it incurs costs.

“These departments should have the expertise to detect embezzlement, fraud and misconduct by employees,” he said.

“Security investments are assets, not liabilities.”

ALSO READ: Millions stolen from bank with insider help

Drawing comparison with law enforcement bodies, he added that employees at highly sensitive areas should be rotated to avoid any potential for leakages within the bank, even if they are competent in their jobs.

“This is especially important for positions with access to customer accounts,” he said.

Pre-employment screening must also be done for all employees with regular assessments for those in service, he added.

Duties must also be “robustly” segregated, with dual authorisation practices implemented as well.

“That was a substantial amount of money (lost) and I hope measures will be taken.

“Since it was an inside job, the bank must be responsible for covering every single ringgit and sen that was misappropriated.

“Banks must be proactive and they should work together with the victims and law enforcement to ensure such incidents are reported.

“Employee pilferage is not new but it is also not frequent. We must not tolerate it,” he said, adding that harsh penalties and criminal charges must be meted out on those involved.

Such cases, he said, also affects the credibility of the bank involved as customer confidence will drop.

Previously, Bukit Aman Commercial Crime Investigation Department (CCID) director Comm Datuk Seri Ramli Mohamed Yoosuf said that four police reports were lodged since early June regarding suspicious transactions, with losses estimated to be around RM24.2mil.

As of June 18, the police have arrested 13 suspects aged between 22 and 52 years old.

Four suspects were found to be employees of the bank.

https://www.thestar.com.my/news/nation/2024/06/22/theft-prompts-security-review

BLACK SHEEP IN BANKS, Employees you cannot bank on, Calls for banks to bolster cyberdefences

Weed out the problematic, errant, incompetent officers early

Thursday, May 30, 2024

BLACK SHEEP IN BANKS, Employees you cannot bank on, Calls for banks to bolster cyberdefences

Cops believe black-sheep bank workers may be in cahoots with scammers

PETALING JAYA: Scammers posing as bank officials seem to have access to sensitive information, which raises the question: are they in cahoots with black sheep within financial institutions?

These scammers seemed to be aware of the personal and financial information of people they target, using it to convince victims into buying into the ruse and parting with their funds.

Victims in several reported cases said the scammers appeared to be aware of details of their account balance and other data that was only known by their financial institutions.

Bukit Aman Commercial Crimes Investigations Department (CCID) director Comm Datuk Seri Ramli Mohamed Yoosuf said while scammers usually “fish” for information and adopt various deceptive tactics to hoodwink their victims into sharing information about themselves, police do not rule out the possibility of bank employees colluding with syndicates and feeding them such confidential data.

“We do not discount the possibility and probabilities of such complicity occurring. It can happen in any organisation, even in the police force or other enforcement or government agencies.

“There is probably no organisation that is pristine. There are bound to be bad apples among employees. However, we need solid evidence to prove this,” he told The Star.

ALSO READ : Calls for banks to bolster cyberdefences

Comm Ramli advised the public to regularly keep tabs on their accounts and promptly raise the alarm with the relevant authorities if they discover any discrepancies.

The same scrutiny should be applied by those who own assets such as land or other immovable property, he added.

In November last year, retiree SA Nathan received a call from a scammer who posed as a bank officer, just an hour after he called his bank to enquire about his credit card statement.

Thinking it was a genuine call from the bank, the 95-year-old divulged some banking information and ended up losing RM18,000 that was siphoned off from his credit card.

ALSO READ : Banking industry working with regulators, agencies to enhance customer security

Confused by the whole episode and in an attempt to seek clarification, the nonagenarian referred the scammer to his daughter, Getrude Nathan, 56.

The housewife received a call from the same scammer and was coaxed into revealing sensitive data. She lost RM20,000 that was charged to her credit card.

Depressed and overcome by their losses, Nathan who was in ill health at the time, passed away weeks later when his condition deteriorated.

In February, a 51-year-old man was puzzled as to how scammers found out about cash deposited into his bank account just days after he made a withdrawal from his Employees Provident Fund (EPF) account.

Fortunately, the man was suspicious and hung up.

ALSO READ : Bank Islam stops 1,632 fraudulent transactions, nearly RM11.7mil saved in four months

In March, two bank officers were arrested by Selangor police for allegedly aiding a scam syndicate in an online fraud. The duo allegedly supplied the scammers with dozens of mule bank accounts meant for moving funds from victims.

In 2014, a bank officer and her husband, both aged 34 at the time, were arrested and charged with fraudulently withdrawing almost RM78,000 from bank accounts belonging to three passengers and a crewmember of the ill-fated MH370 Beijing-bound flight that went missing on March 8 the same year.

Nur Shila Kanan, who was an employee of a bank at Lebuh Ampang, Kuala Lumpur, had transferred the funds to several other accounts before making withdrawals.

She was sentenced to six years’ jail while her mechanic husband Basheer Ahmad Maula Sahul Hameed received a four-year jail term and ordered to be whipped.

ALSO READ : What is vishing? New scam is making the rounds and you’re likely a target

The Association of Banks in Malaysia (ABM) said banks implement regular audits to examine transaction records and internal activity by employees while ensuring compliance with regulatory requirements.

ABM said these audits do not only identify potential security vulnerabilities but also ensure that bank staff observe statutory protocols.

It said upon employment, bank staff are bound by Section 133 of the Financial Services Act 2013 and Bank Negara Malaysia’s Management of Customer Information and Permitted Disclosures Policy Document. They are trained to uphold banking secrecy and possess knowledge on information security risk.

ABM also said access to personal customer information is strictly controlled and only limited to employees who require it in the course of performing their official duties.

It added that access is granted on a “need to know” and “need to use” basis to authorised personnel, who are subjected to strict authentication processes.

“Employees are granted access only to the specific systems and data needed to perform their job duties.

“Among the authentication procedures are the use of unique usernames and passwords to verify the identity of staff members.

“Comprehensive logging and monitoring systems can track and oversee when and who accessed sensitive or a specific data.

“These permissions are regularly reviewed and updated.

“Banks continuously monitor user activity within their systems, including tracking login attempts, accessed data and account modifications.

“All actions involving customer data are meticulously logged and recorded in audit trails, ensuring accountability. Such access to data is revoked when the bank staff is reassigned to other sections or leaves the organisation,” an ABM spokesman said.

It said banks also had whistleblower programmes where employees are encouraged and can anonymously report any suspicious activities or potential collusion with shady parties.

The spokesman said such reports are treated seriously and thoroughly investigated.

Source link

Calls for banks to bolster cyberdefences

PETALING JAYA: With rising cases of online fraud and unauthorised access of personal data, financial institutions should upgrade their security systems and engage cybersecurity experts to address such threats, said criminologist Datuk Dr P. Sundramoorthy.

He said apart from rogue bank officials complicit with scam syndicates, the other threat to sensitive data leakage are online hackers.

“Crime prevention initiatives and strategies do come with a cost. However, the mid-term and long-term benefits will eventually outweigh this cost.

“Banks must prioritise security and protect its customers by all means before more fall victim,” said Sundramoorthy, who is with Universiti Sains Malaysia’s Centre for Policy Research.

He said securing confidential information by having a comprehensive and multi-layered approach to cybersecurity and data protection is a primary security step banks should adopt.

He said there are several ways banks can help protect the personal financial data of their customers such as strong encryption, secure servers, firewalls and keeping software up to date to prevent data breaches.

Sundramoorthy told The Star that strict policies and regulations restricting access to customer data should be a bank’s priority.

He said banks should also limit which employees can access sensitive customer information and have strict data access policies in place.

“They must have a system using multi-factor authentication. There should be multiple steps to verify a user’s identity, such as a password plus a one-time code, making it harder for unauthorised access. There must also be frequent and consistent monitoring of transactions and accounts, alerting customers promptly if any suspicious activity is detected,” he stressed.

Sundramoorthy said banks should also constantly educate its clients on online security, to identify scams and other measures to protect their data and not solely rely on law enforcement to keep the public in the know.

Certified fraud examiner Raymon Ram, who specialises in financial forensics and fraud risk management, said the recent arrest of two bank officers who allegedly aided a scam syndicate underscores the importance of cybersecurity protocols.

The bank officers were nabbed in March for aiding a scam syndicate in online fraud.

Selangor police believe they supplied scammers with dozens of mule bank accounts meant for moving funds from victims.

Raymon said while banks in Malaysia had stringent security protocols to protect customer’s data, the case proved there were vulnerabilities that can be exploited through insider threats, corruption or online hacking.

“The risk of corruption and hackers exists and cannot be entirely discounted. Continuous improvements in cybersecurity protocols, adherence to standard operating procedures and rigorous enforcement of the Financial Services Act (FSA) 2013 are essential to mitigate these risks and maintain public trust in the financial system,” Raymon said.

He said the Personal Data Protection Act (PDPA) 2010, guidelines from Bank Negara and the FSA collectively provide a robust legal framework to safeguard customer data. He said the FSA mandates strict regulatory compliance, internal controls and oversight mechanisms to prevent misuse of information and ensure accountability within financial institutions.

Wednesday, May 3, 2023

Fighting chance to beat scammers

CLICK TO ENLARGE

KUALA LUMPUR: The idea of adopting a 48-hour “cooling period” when money above a threshold is transferred to new bank accounts might give scam victims enough time to pull their money back from the brink before it reaches the greasy hands of scammers.

Cybersecurity law expert and lawyer Derek John Fernandez said that is one of the ways authorities and financial institutions can stop a financial scam.

He said that as victims usually realise they are scammed after 24 hours, there is another 24-hour window for banks to stop the transaction.

ALSO READ : Cutting off the SMS channel scam route

Fernandez said this is among the immediate measures he has proposed in a 75-page paper to the government on what the authorities can do to protect consumers from financial scams.

The good-funds model, which has a cooling-off period for first-time transactions between individual accounts, is practised in some countries such as Australia to ensure that there is no fraudulent activity before funds are transferred for the first time.

“Such a period will enable a person to inform the bank of a scam transaction to a mule account and stop the payment,” said Fernandez.

“At the moment, in Malaysia, a cooling-off period is only observed for the first-time enrolment of online banking services or secure devices. During this time, no online banking activity is allowed to be conducted,” he added.

Fernandez pointed out that the average consumer is ill-equipped to combat cybersecurity threats and cybercrime by themselves.

He said the country had embraced digitalisation without proper consideration of cybersecurity.

ALSO READ : Large amounts cleared out in minutes

“The true cost of digitalisation has been totally understated because the cost of cybersecurity had not been factored in properly. We have emboldened criminals and given them great opportunities to commit crimes in the safety of being outside our country.

“Now cybercrime is the third biggest criminal activity in the world and is growing,” said Fernandez.

“Those who profit the most from digitalisation should be made to bear the true cost of cybersecurity and the losses that occur due to weaknesses in the technology they used to create those profits.

“The government itself is unable to pay totally for the cost of cybersecurity and those companies who have profited the most from digitalisation must bear a proportionate and fair cost of cybersecurity. They must be made to protect their customers with sufficient resources,” said Fernandez.

A concerted effort by law enforcement agencies, financial institutions and telco service providers to coordinate a rapid response for online financial scams is also the key to enabling vulnerable victims of scammers to at least get some of their money back, said National Anti-Financial Crime Centre (NFCC) director-general Datuk Seri Mustafar Ali.

He said that while educating the public on scam awareness is an important step in mitigating the risk of scams, there are several other robust measures that can be put in place to help prevent scams from occurring.

Mustafar listed the factors as improved legislation, enhanced consumer protection, increased enforcement, stronger cybersecurity and better collaboration between government agencies, businesses and consumers that can help identify new types of scams and develop more effective strategies for preventing them.

“Governments can put in place laws and regulations that make it easier to prosecute scammers and discourage fraudulent activities,” he said.

Mustafar, who also heads the National Scam Response Centre (NSRC), which was set up late last year, added that a proposal is in the pipeline to amend the laws and regulatory mechanisms relating to scam victim restitution, mule accounts and the power of the investigating officer.

“Law enforcement agencies can work more closely with financial institutions and businesses to track down and prosecute scammers,” said Mustafar.

He sees NSRC as the command centre – focusing on online financial scams – to coordinate efforts among law enforcement agencies (NFCC, police, Bank Negara and the Malaysian Communication and Multimedia Commission) together with financial institutions and telco service providers to coordinate rapid response for online financial scams.

“However, there is still much work to be done to combat scams and fraud, shift public attitudes towards greater awareness and caution, improve the efficiency and transparency of the financial system, and take effective enforcement actions against criminals,” said Mustafar.

Source link

Wednesday, September 28, 2022

Cybercriminals beware: public must be aware of how scams work, Putting the brakes on cybercrime

PUTTING THE BRAKES ON CYBERCRIME - PDRM

A day after The Star’s page one story on the increasing number of online financial crimes, Bank Negara announces it is joining forces with the police to stem the rising tide. The central bank is instituting tighter security controls while the cops are intensifying efforts to make the public more aware of cybercrimes.

https://www.thestar.com.my/news/nation/2022/09/27/putting-the-brakes-on-cybercrime?dmplayersource=share-link

Public must be more aware of how scams work

KUALA LUMPUR: Cybercriminals are very good at quickly adopting and exploiting new technological changes to stay ahead of law enforcement while they scam millions from the public.

This is why the number of online financial crimes is rising around the world and in Malaysia, according to Inspector-general of Police Tan Sri Acryl Sani Abdullah Sani.

Such crimes can have terrible consequences, he pointed out in his speech before he and Bank Negara governor Tan Sri Nor Shamsiah Mohd Yunus launched a virtual Financial Crime exhibition yesterday.

“Financial crimes can devastate the victim and lead to more mule accounts being created for the purpose of scams. It can also have a negative impact on the nation’s economy in the long term,” said Acryl Sani.

Loan scammers and Ah Long (loan sharks) use social media sites and chat applications to advertise their loan offers with fast approvals.

“The syndicates will deal with the victims online and demand various documents and fees before duping them,” he explained.

Bukit Aman expects the syndicates will still employ similar tactics, but they will focus on a younger victim pool – students and youths – to pull off illegal money lending and mule account scams now.

“We are cooperating with banking institutions to ensure investigations, especially those involving mule accounts, can be completed faster,” Acryl Sani said.

Fraud in online purchases, loan and investment scams, the Macau and African scams, business email hacks and SMS scams are the main types of financial crimes and such cases have been on the rise from 2019 to 2021 (the last full year on which statistics were collected), the IGP said.

In 2019, there were 13,703 cases recorded with Rm539mil in losses; followed by 17,227 cases in 2020 and Rm511.2mil in losses; and 20,701 cases last year with Rm560.8mil lost. As at July this year, 12,092 cases had been recorded, resulting in Rm414.8mil in losses, he said.

Bukit Aman has rounded up 33,147 suspects between 2019 and July this year, while 22,196 cases have been prosecuted.

While there is some awareness among members of the public of such crimes nowadays, it is still not strong enough to prevent increasing numbers.

The Royal Malaysia Police has various programmes and campaigns to raise awareness about cybercrimes among the public, such as the “Let’s Fight Scammers Together” campaign.

“We will step up such activities this year,” Acryl Sani added.

The IGP advised the public to safeguard their personal information and avoid downloading files or applications from unverified sources onto mobile devices.

Account holders who encounter suspicious transactions involving their bank accounts should immediately notify their banks, contact the CCID infoline via Whatsapp at 013211 1222, or the CCID Scam Response Centre at 03-2610 1559/1599 or BNMTELELINK at 1-300-88-5465.

“They should also lodge a police report to facilitate the investigation,” said Acryl Sani.

The virtual Financial Crime exhibition by Bank Negara Malaysia Museum and Art Gallery, which can be accessed at bit.ly/bnm_ crime, lays out various types of financial crimes and how they have evolved over time.

It features interactive exhibits that allow the public to simulate financial scam scenarios. Through the various exhibits, the public will be able to learn strategies – such as Spot, Stop and Share, aka 3S – to protect themselves and others from becoming victims.

Putting the brakes on cybercrime

Banks to further tighten security control to stay one step ahead of scammers

KUALA LUMPUR: If you notice your online banking transactions taking a little longer in the future, don’t complain. It’s a sign that your bank is trying to protect you from cybercriminals.

Concerned by the rising number of scams and online financial crimes globally and in Malaysia, Bank Negara is directing the banking industry to undertake tighter security controls, its governor Tan Sri Nor Shamsiah Mohd Yunus said.

ALSO READ: Public must be more aware of how scams work

The level of concern is great enough to bring about a rare high-level meeting between Nor Shamsiah and Inspector-General of Police Tan Sri Acryl Sani Abdullah Sani yesterday, when they also launched a virtual Financial Crime Exhibition.

“Bank Negara requires banks in Malaysia to adopt high standards of security, especially for Internet and mobile banking services,” Nor Shamsiah said in her speech at the event.

ALSO READ:Watch out! There are many ways in which we get duped

This will include measures such as migration of SMS one-time-passwords (OTPs) to a more secure form of authentication; further tightening of detection rules and triggers for blocking scam-related transactions; and subjecting first-time enrolment of online banking services and secure devices to a cooling-off period.

Customers will also be restricted to one mobile device or secure device for authenticating online banking transactions, and banks will also be required to set up dedicated scam hotlines.

ALSO READ: Consumers must become more aware of scams

While the control measures may entail some inconvenience, they are important to protect customers.

“These controls may lead to some friction or inconvenience in the online banking experience of customers.

“For example, online banking transactions might take a little longer to process. Financial institutions will also conduct more checks when customers request to change or register a new phone number,” Nor Shamsiah said.

Fighting crime: Bank Negara Governor Tan Sri Nor Shamsiah Mohd Yunus and Inspector General of Police Tan Sri Acryl Sani Abdullah Sani at the virtual launch of Bank Negara Malaysia Museum and Art Gallery’s ‘Financial Crime: Scan Before You’re Scammed’. — Bank Negara

However, she said, when implementing these measures, Bank Negara and the financial industry will continue to carefully balance between security considerations and customer convenience.

She also said that financial institutions have been directed to be more responsive to scam reports lodged by customers and to facilitate efforts to recover and protect stolen funds, including working with relevant agencies to prevent further losses.

“Bank Negara will also continue to monitor and take appropriate action with financial institutions to ensure that the highest levels of controls and security standards are observed.

CLICK TO ENLARGECLICK TO ENLARGE

https://cdn.thestar.com.my/Content/Images/cybercrime.jpg

“We will also continue to take effective preventive measures against ever-evolving financial scams.”

Together with the financial industry, Bank Negara will continue to ensure that banking and payment channels remain secure and equipped with the latest security controls, she said.

Acknowledging that criminal tactics change all the time, she said that Bank Negara continuously intensifies deterrent efforts and introduces additional controls as well as safeguards and collaborates with other stakeholders to keep ahead of scammers.

These include rolling out preventive measures, pursuing more effective and coordinated enforcement actions, and raising public awareness.

“The effort to eradicate financial scams requires cooperation and concerted action from all parties – not just from Bank Negara and the financial industry, but also from law enforcement agencies and relevant ministries and agencies, as well as the public,” she added.

Bank Negara, together with the police, Malaysian Communications and Multimedia Commission and National Anti-Financial Crime Centre, will work together to further elevate the Commercial Crime Investigation Department’s Scam Response Centre into a more systematic information-sharing platform that will enable quicker action to prevent further losses.

Nor Shamsiah said the cooperation of law enforcement agencies is key, especially in sharing information and intelligence.

The public also has a role to play in protecting themselves by making sure to be aware of scams.

“An important aspect of dealing with financial scams is raising public awareness about tactics used by criminals and the steps that the public can take to avoid becoming victims.

“In this regard, Bank Negara, the financial industry and law enforcement agencies will continue efforts to enhance the effectiveness of awareness programmes and improve on the dissemination of information to the public,” she said.

The virtual Financial Crime Exhibition launched yesterday is an example of such efforts as it seeks to educate the public about financial scams. It can be viewed at bit.ly/bnm_crime.

By FARIK ZOLKEPLI and RAGANANTHINI VETHASALAM

Source link

Pages

Share This

Sunday, June 23, 2024

illions stolen from bank with insider help; Theft prompts security review

Theft prompts security review

BLACK SHEEP IN BANKS, Employees you cannot bank on, Calls for banks to bolster cyberdefences

Weed out the problematic, errant, incompetent officers early

Thursday, May 30, 2024

BLACK SHEEP IN BANKS, Employees you cannot bank on, Calls for banks to bolster cyberdefences

Cops believe black-sheep bank workers may be in cahoots with scammers

Calls for banks to bolster cyberdefences

Wednesday, May 3, 2023

Fighting chance to beat scammers

Wednesday, September 28, 2022

Cybercriminals beware: public must be aware of how scams work, Putting the brakes on cybercrime

PUTTING THE BRAKES ON CYBERCRIME - PDRM

Public must be more aware of how scams work

Putting the brakes on cybercrime

Putting the brakes on cybercrime

PUTTING THE BRAKES ON CYBERCRIME - PDRM

United States: Putting Brakes On Cybersecurity Threats