Police net seven cyber-crooks who siphoned off RM250,000

KUALA LUMPUR (Sept 14, 2011): Using a combination of phishing and hijacking handphone numbers, a syndicate siphoned out about a quarter million ringgit from some online banking accounts over the past nine months.

Police learnt just how elaborate the syndicate's modus operandi was only after crippling the gang of cyber crooks with the arrest of six people in a raid on Friday.

The suspects aged between 20 and 27 comprised a Sierra Leone national said to be the mastermind, a male Jordanian and a male Pakistani, and four Malaysians, two of whom were women.

They were nabbed when a federal commercial crimes investigations department CCID team led by cyber crimes and multimedia head ACP Kamaruddin Md Din raided the apartment at the Millenium Square at Section 14, Petaling Jaya where police also seized computers, fake MyKad and bank cards.

Police learnt that the suspected mastermind had come to Malaysia in 2005 as a student and graduated with a degree in information technology from a well known college in Petaling Jaya last year while Jordanian was registered as a civil engineering student of a local college since 2008. The Pakistani was here on a social visit visa.

Investigations revealed that the syndicate members had managed to retrieve personal particulars including the usernames, passwords from an online banking kiosk at a bank in Petaling Jaya and even obtained the transaction authorisation code (TAC) which is sent out by the bank to the registered handphones of online banking users to execute cash transfers from their victims' accounts.

Federal CCID director, Commissioner Datuk Syed Ismail Syed Azizan told a press conference today that the syndicate had skimmed the personal online details of those who had used the kiosk by secrets attaching a thumbdrive with a spy software which downloaded and stored the usernames and passwords when the bank customers logged into their online accounts.

He said the syndicate members would discreetly remove the thumbdrive and later downloaded the confidential information into their computer from where they logged on to user accounts to find out the registered handphone numbers of the bank customers.

Then, using fake MyKad, police report or authorisation letters from the target customers, the crooks would report the handphones lost and applied for new SIM cards from the unsuspecting telecommunications companies.

"This new tactic is a combination of phishing and hijacking SIM cards. Obviously when a new SIM card is issued, the one used by the victim will be cancelled and this will raise their suspicions," Syed Ismail said.

"To counter this, a syndicate member on the pretext of being a telco staff, will call up their victims a day ahead to inform them that they will face interruptions in their mobilephone services for about two hours.

It is during this two hours that the syndicate would get the new simcard and obtains the TAC numbers with which they can transfer all available cash in his victims account to another account of an accomplice. The biggest single loss was RM50,000." he said.

Meanwhile, he said in an unrelated case also on Friday, the CCID arrested two Nigerians and a Malaysian aged between 17 and 23 for cheating a 29-year-old Australian woman of about RM75,000 by luring her into a non-existent business venture.

"This is another group of scammers who had targeted Australians by sending out emails claiming they are businessmen. We believe they are behind at least 12 cases involving Australian victims," Syed Ismail said, adding the latest victim had alerted police when she realised she had been conned.

He said the suspects were caught when they turned up at the KL Sentral to meet the victim to collect more money.