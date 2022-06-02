PETALING JAYA: Is it the bank’s fault if money is stolen from your savings account? Or is the bank to blame as well?

Commenting on a recent incident of a man losing RM32,000 in 15 minutes without receiving any notifications from the bank, cybersecurity experts said the public should take steps to safeguard their savings rather than blame the banks.

According to LGMS Berhad chairman and cybersecurity expert Fong Choong Fook (pix), alerts from banks can be blocked by scammers when people install applications and Android Application Package (APK) files from untrusted sources.

“The question that I would ask is if the victim has installed any applications lately or installed any third party APK files from social media or advertisements, since it is the most common way for scammers to hijack one-time password (OTP) notifications.

“My advice is, don’t install APK files from sellers on social media as scammers can capture the username and password of the e-banking system. Anyone in close proximity to your mobile phone can access the OTP to make a transfer.

“There was another case reported recently where a man’s bank account balance was cleared out because his roommate had his pin number and used the victim’s phone to obtain and delete the OTP.”

He urged the public to keep their mobile phones safe so that third parties will not have access to view or hide the OTP sent by banks.

Fong added that people should not set simple pin codes using personal details including birthdays and identification card (IC) details as this will be easy for anyone to hack their phones and get the OTP.

“Set a pin number and ensure it has nothing to do with your personal data. I know a lot of people like to use their date of birth and IC number as their pin codes.”

In regard to the incident of the bank customer losing RM32,000 from his account, Universiti Sains Malaysia Assoc Prof Dr Selvakumar Manickam, who is also the director of its National Advanced IPv6 Centre, said in cases of fraud, the onus is on the victim to be cautious and vigilant in protecting his account and learning how to use technology securely.

He advised people not to conduct sensitive activities such as banking transactions on public devices, and to be wary of scammers’ threats.

“The loss suffered by the victim is most probably due to him inadvertently sharing his online banking information with others or being taken advantage of by someone close to him.

“Since most banking can be done using smart devices, ensure authentication via biometric or facial recognition is enabled. There is an urgent need to educate Malaysians on cyber-awareness. The government must take preemptive measures before more cases occur.

In this regard, Alliance for Safe Community deputy chairman Prof Dr Wong Shaw Voon said a continuous detailed forensic and risk assessment are required to catch up with current technological developments.

“A detailed forensic probe must be carried out to ascertain the facts. However, it was the negligence of the individual too. So it’s important to get a quick fix from both ends.

“Be sensitive to messages delivered by banks, and always cross-check with reliable sources, Also get the latest operating system, and app patches from reliable sources.

“Once you notice something unusual, quickly inform the authorities, including the bank,” he said.