Maybank has recently issued a cyber security alert to its customers, in response to the advisory released by Malaysia’s Cybersecurity Emergency Response Team (MyCERT) addressing the latest digital fraud campaign known as ‘SMSSpy’.
As stated by The Federation of Malaysian Consumers (FOMCA), cyber criminals are getting even more creative with their tricks to easily manipulate us, a potential victim. Well, buckle up folks! Here’s another scam tactic coming for you.
You must be asking yourself “should I be worried about this? I am always careful though”
Yes! You definitely should! Here is why.
What is SMSSpy and why is it threatening the Android users?
According to MyCERT, SMSSpy refers to an Android malware that is found to be attacking the online users in Malaysia by replicating itself as one of the applications on the legitimate platform such as Google Play.
MyCERT added that one of the tactics performed by SMSSpy campaign is through a phone call. The scammer will usually pretend to be a person from the law enforcement agency, giving a warning to the potential victim that they are being charged with some kind of a crime and their account has been freezed. Feeling scared and panicked, the victim often follows the instruction blindly just to quickly make this problem go away.
So what will they do next? The scammer will ask the victim to transfer a particular amount of money and install an Android application that contains malicious malware to complete the transaction so this so-called issue will be resolved.
MyCERT further stated that once the user has installed any application containing this malware into a phone, the online banking credentials such as passwords or username will be compromised or stolen. These apps will have the access to view user’s SMS and use the TAC numbers to authorize an online transaction. This will impact severely in terms of financial loss as well as the disclosure of one’s personal information.
Eight fake websites users should keep an eye out
Users should also beware of the fake website when browsing through the internet as this campaign often impersonates legitimate services to carry out their grand scheme. MyCERT has listed out eight websites in Malaysia that have the similar domain names as the services impersonated.
- Grabmaid
- Maria’s Cleaning
- Maid4u
- YourMaid
- Maideasy
- MaidACall
- MyMaidKL
- PetsMore
Read more on the list of indicators involved in SMSSpy campaign
What should users do to prevent it?
Should you find yourself in this situation, do not panic! MyCERT have laid out a few useful recommendations for users to avoid being one of the SMSSpy victims.
- Users must avoid installing applications or clicking on suspicious URLs’ from unknown sources or platforms such as Whatsapp or Messenger. Usually, the links would have the indicator type ‘Apk’.
- Allows the application permission before installing it.
- Users need to install a verified antivirus app and constantly update the operating system on the smartphone or tablet to strengthen the security of the devices.
- Users are advised to immediately contact relevant authorities for instance, Cyber999 for any issues related to this threat.
Last but not least, let’s be smart users and no matter how fancy our gadget is, always be mindful of the potential threat that might come with it if we are not careful.
