With the help of technology, especially access to the internet and social media, Malaysians are able to go about their day to day business despite the Movement Control Order (MCO). This scenario however, creates opportunities for malicious groups to take advantage of the current situation to launch cyberattacks.
Photo: Racool_studio
“Right now, everyone is heavily reliant on their laptops or mobile phones to conduct their everyday needs such as online banking, shopping or donating to causes and charities. Criminals are not afraid to take advantage of that,” warned Tan Kim Chuan, Head of Forensic at KPMG in Malaysia.
According to Tan, cybercrimes and scams have been successful because of its simplicity, resulting in an increase in COVID-19 themed phishing lures, high-risk fake domains and scams that target individuals and businesses in a variety of ways.
According to CyberSecurity Malaysia, an estimated 838 incidents were reported from the start of the MCO on March 18 up till April 7, with most of the incidents involving fraud, intrusion and cyberharassment.
In March 2020, the authorities had opened 393 investigation papers (IPs) involving online sales of face masks as well as fraudulent withdrawals of Employees Provident Fund (EPF) savings with total losses incurred reaching RM3 million!
Whereas on April 2, Malaysia’s National Cyber Security Agency (NACSA) were informed of a malicious Android mobile app and a fraudulent website claiming to be from the Perdana Menteri’s Office, tricking victims into submitting their internet banking details. The app can also read mobile phone SMSe which could be used to steal victim private information.
Photo: Racool_studio
As such, some practical measures individuals can take against cybercriminals include:
1. Don’t install applications from untrusted sources. Look out for official announcements and only install apps from the Google Play or Apple App Store.
2. Beware of freeware video conferencing apps. Some of these apps were developed for ease of use, rather than with security and privacy features enabled by default. Require passwords for all meetings, never share your meeting IDs and enable waiting rooms to prevent any unwanted ‘bombers’.
3. Never click on unverified links in emails or text messages.
4. Do not open untrusted attachments.
5. Verify the legitimacy of sources before responding to any text message or voice calls asking for personal or sensitive information.
6. Report any related incident to the proper authorities via https://www.mycert.org.my/.
Companies should also remain vigilant and focused on embedding pragmatic remote working security controls to deal with cyber threats. These includes:
1. Educating your employees and third-party contractors on working remotely, and various risks such as the proper procedures when connecting organization devices to public Wi-Fi.
2. Providing a mechanism for employees and third-party contractors to easily report any phishing, vishing or smishing attempts, and
3. Quickly deploy cloud-based solutions to prevent and detect phishing attempts and update employees and third-party contractors about latest related developments.
Beware of cybercriminals and stay safe online!
By: Siti Farhana Sheikh Yahya
