Firstly, I don’t know if this story is true or not. But based on the story, it has logic to be happened. I just want to share for us as nowadays, there’s no guarantee our money will be save. Read the story and make your own conclusion :-
ONLINE BANKING HACKED
This is a public service message. Feel free to share if you think it will benefit your friends and family. Unfortunately its not such a short one.
So this happened to me:
1. A month ago, my Maybank2u account was hacked two days after I received my salary. Damage was about RM11k from both my current and savings accounts.
2. My best guess at the sequence of events:
– Hackers broke into my secondary email and used it to change password and access my primary email
– Unidentified person impersonates me and goes to a Digi dealer at 9pm (just before it closes) to request for a Sim-card replacement for my phone number.
– They had access to my Maybank2u account and by 10pm, purchase four Samsung handphones and some accessories from Mobile 88 (an online shopping site). Payment is made using Maybank2u. TAC is sent to the new sim-card which they have just obtained.
3. I only realised something was amiss the following morning. While I was driving to work, I noticed my phone had ‘No Service’. When I got into office, tried to access my email but failed because password had been changed. Checked my online banking and realised it had been emptied. Luckily my credit cards weren’t affected.
4. Tried to stay calm. Called Maybank to freeze my online banking and credit cards. I also asked them to reverse the transactions if possible. Called Digi to find out what happened and realised my sim-card was cloned the night before. So I asked Digi to suspend the new sim-card. Made a police report. Last, gave a copy of my police report to Maybank and Digi for them to open investigations into the incident.
Response from Maybank/Digi/Police:
1. Maybank – 6/10: Response from Maybank was fair but not helpful. Their cyber security team contacted me promptly to get more details from me and ascertained that there was no system error within 2 weeks.
But critically, they did not attempt to stop or reverse the transaction. According to their officers, for online banking unlike credit card payments, the payment goes through once a valid TAC number is received and there is ‘nothing they can do’.
This really changed my perspective on the risks of online banking.
2. DIGI – 0/10: One month after my initial report and numerous follow-ups (including going personally to their service center), I received ZERO response from their team other than periodic SMS’ stating that they are still in the process of investigating.
No one from DIGI has contacted me to understand or explain.
I suspect I am not the only victim and they are still trying to figure out how to address the situation. However, given the severity of the case, I feel it is not okay to keep the progress of the investigation under wraps without giving updates to me as the consumer.
3. Police – 4/10: No progress so far. Relies heavily on the investigation done by Maybank and Digi. I get the feeling they do not have the right resources to handle such organised/cyber crime.
Reflection/Lessons for all:
1. This might seem obvious, but keep different login names and passwords for accounts and change them regularly.
2. Be alert to phishing scams. This is a tough one and it happens to the best of us.
3. Be alert and respond quickly when you see red-flags such as notification of change in password or unusual usage patterns in your email account or ‘No Service’ in your sim-card. Someone could be trying to hack into your account and in my case, it was the first sign that someone had replaced my simcard.
4. Financial planners aren’t going to teach this but keep some of your cash reserves in a separate bank account, preferably non-online or FD. I managed to pull through the past month because some of my savings were in another account.
I guess I’m angry not only because of the money lost, my own carelessness that was a factor in it, but also because technology and corporate institutions I had come to rely on have seemed to fail me in the past month.
Whatever happens after this, I will vote with my feet but my hope is that the banking and telco players, as well as regulators take note and make improvements to safeguard the system.
These are some suggestions for improvements:
1. Telco’s are a weak link in online banking. Using TACs as a two-factor authentification system is flawed if a stranger can walk up to a dealer and clone my sim-card. Minimum verfication should be to scan/read identification cards.
2. I would pay money for an online banking service that uses a security token device instead of using mobile phone to receive TAC. I’ve seen a nifty one by Natwest (UK) and a simpler gadget by DBS (Singapore), but as far as I know, only HSBC has this in Malaysia.It would be helpful if Maybank2u makes it compulsory for passwords to be changed periodically.
3. Online banking security is one-size-fits-all based on ‘general’ customer requirements. I could not customise safe-guard settings such as disallowing changes in transaction limit online with a TAC.
4. I’m really worried at the Visa wave debit cards. Maybe I’m just not ready for it.
I really hope the police nail these bastards but for now, I don’t think the chances are high.
- Many thanks for the advise/feedback/support.
- Digi contacted me this morning to assure the case has been escalated. Hope to get some updates from them soon.
- Contacted Mobile88. They have been helpful.
- I’ve been contacted by a few other victims who have fallen into a similar predicament but did not know how to proceed beyond approaching their banks/telco.
Source :- FB Eric Chua
Hopefully Eric could get some solution. Maybe he can’t get his money but wish the culprit could be caught. So beware if you are using online banking or not using it. Don’t think it is safety not using online banking as there’s also news that people who don’t even know using computer lose their money because online banking.