Protect banking credentials against malware this festive season

• Possible rise in cyber attacks, malware during Hari Raya celebrations
• Cyber criminals impersonate legitimate businesses by using Facebook ads 

While threat actors continue to grow in numbers and sophistication globally and locally, a recent malware campaign targeting online shoppers' banking credentials in Malaysia was able to make off with sensitive data despite being fairly unsophisticated. 

Through social engineering tactics and phishing, the cyber criminals impersonated legitimate businesses and utilised Facebook advertisements to tempt potential victims into downloading Android malware from a malicious website. 

These victims then had the option to complete payments either via credit card or transferring the required amount directly from their bank accounts.

After picking the direct transfer option, these victims were presented with a fake FPX payment page to enter their credentials for eight Malaysian banks. 

With the upcoming Hari Raya Aidilfitri celebrations, cyber attackers are on the prowl to capitalise on poorly fortified digital platforms, SMS or emails offering discounts and digital payment platforms for shopping and sending festive monetary gifts, known locally as "duit raya."

In view of this, Malaysians must remain vigilant and protect their sensitive data or personal identifiable information while enjoying the convenience of online transactions.  

Here are some tips for Malaysians to improve their cyber hygiene: 

• Due diligence and scrutinising websites for inconsistencies, such as mismatched fonts, inconsistent use of colours, changes in language usage, different prices or descriptions in various texts among others.  
• Watch out for URLs that use names of well-known brands along with extra words and characters. Look for “https” and a lock symbol in the web address to indicate that information sent between your device and the site in question is encrypted. 
• Keep an eye out for typos and grammar, as most corporations hire copy editors. 
• Verify if you have doubts about a site being impersonated. Send an email to the company before you make a purchase. 
• Don’t buy impulsively and remain skeptical of offers that are below market prices. Like the old adage, if it’s too good to be true, it probably is. 
• Don’t panic. If you feel you have been the victim of a scam, contact your bank immediately and inform them of a potential scam. 

For businesses, beyond alerting customers to threats such as phishing, online shopping scams and unauthorised transactions, it is imperative to ensure their digital architecture is protected.

Through zero trust and AI-powered, automated solutions, businesses will be able to coordinate threat detection in real time across all deployments. 

In summary, being proactive on cybersecurity is imperative to engendering confidence. This enables consumers, enterprises and financial institutions alike, to fully enjoy e-commerce and digital finance that is hassle-free.

However, a lack of education, vigilance and awareness can lead to a deficit in trust. 

Therefore, as we conclude the holy month of Ramadan, Malaysian consumers, enterprises and financial institutions must come together to ensure that their mutual dependence on secure digital transactions is not jeopardised.

Dickson Woo (pic) is Fortinet country manger