Maybank has recently posted a security advisory warning its customers of a campaign to steal banking user credentials.
According to Malaysia’s CyberSecurity Emergency Response Team (MyCERT), the malicious actors are targeting Malaysians that are using Android phones.
At the core of the SMSSpy campaign is a malicious app that, as the name suggests, can view any SMS received by the infected device. This includes the TAC number that is used to verify online banking transactions.
The perpetrators of the campaign use tactics such as posing as law enforcement agents, creating fake websites, and posting fake cleaning service ads on Facebook to trick their victims to install the malicious app.
READ MORE: Online Cleaner Scam Cleans Out Victim’s Bank Account Warns Police
In response, Maybank and MyCERT advise online banking customers on Android devices to watch out for such scams and stay vigilant.
They also advise users to:
- Verify application permission and the application author or publisher before installing it.
- Don’t sideload apps or install .apk files from unknown and unofficial sources.
- Don’t click on any link or suspicious URLs sent through SMS, Whatsapp, or any other messenger services.
- Install and run a reputable anti-virus app on your devices and update it regularly.
- Update your device’s operating system and applications regularly.
- Don’t root or ‘Jailbreak’ your phone.
If you have any questions or need help related to this threat, contact relevant authorities such as Cyber999 here:
- E-mail: cyber999[at]cybersecurity.my
- Phone: 1-300-88-2999 (monitored during business hours)
- Mobile: +60 19 2665850 (24×7 call incident reporting)
- Business Hours: Mon – Fri 09:00 -18:00 MYT
- Web: https://www.mycert.org.my
- Twitter: https://twitter.com/mycert
- Facebook: https://www.facebook.com/mycert.org.my