Dozens of people in Malaysia have been duped by a syndicate which gained access to their online banking accounts and siphoned the money.
This has resulted in hundreds of thousands of ringgit being “transferred out” since the cases first emerged several months ago.
It is understood from reliable sources that the syndicate somehow managed to get hold of the account holders’ usernames, passwords and contact details.
Security sources said that when doing an online transaction, the syndicate usually needed an account’s username, password and TAC numbers.
TAC numbers are six-digit numbers sent to a registered account owner’s mobile phone for verification.
“To get the TAC numbers, the syndicate members would contact the genuine account holder and dupe him into revealing the TAC numbers through the phone.
“They would usually call the victim and say that they registered the wrong mobile number when registering their online banking and that their TAC was accidentally sent to the victim instead,” said a security source.
The unsuspecting account holders would reveal the TAC details to the syndicate members, who would then use it to start transferring money from the account.
The sources cited a case of a genuine account holder who was duped up to six times into revealing his TAC number in one day.
It is believed that at least two commercial banks have been affected in recent months.
Asked how the syndicates were able to get hold of all the account details and passwords, sources said there could have been a “data breach” involving the banks or other parties.
The sources said some personal information could also have been purchased or obtained via other means.
https://www.straitstimes.com/asia/se-asia/money-stolen-from-accounts-in-at-least-2-banks-in-malaysia-by-syndicate-that-dupes