PETALING JAYA: Smartphones of customers of financial institutions have been infected with malware by a scammer disguised as a law enforcement officer.

The Malaysia Computer Emergency Response Team (MyCert) said yesterday it has received reports from financial institutions on this matter.

In a statement today, it said victims who visited the links given to them by the “officer” would find a web page with the logo of the Malaysian police.

The victims of the phishing campaign were instructed to click on the logo download an app that installs on their devices.

When the app is installed and opened, it will set itself as a default messaging application, replacing the official messaging application on the phone.

In addition, it runs as a service rather than a normal app so it will not be listed in the application list, MyCert said.

As a result, victims suffered money losses through unconsented transactions and risked disclosure of personal information to scammers or unknown parties, it said.

MyCert said the scammer disguises as a law enforcement officer and makes several calls to targeted victims, claiming that the victims had been involved in money laundering activities.

The scammer then threatened the victims with arrest, forcing them to download and install an unknown app, with the web link provided through SMS or a phone call.

MyCert said users who received such phone calls should contact the respective law enforcement agency for verification, and ignore the calls and never respond to any instruction.

They can also report the incident for MyCert’s response to [email protected] and forward the malicious application there for analysis.

It added that smartphone users should verify an app’s permission as well as its author or publisher before installing it.

“Do not click on adware or suspicious URL sent through SMS/messaging services. Malicious programmes could be attached to collect users’ information.

“Since the URL on mobile sites appear differently from desktop browsers, make sure to verify it first,” it added.

“Always run a reputable anti-virus on your smartphone/mobile devices, and keep it up to date regularly.”

MyCert also urged users not to use public Wi-Fi networks for bank transactions and turn off the Bluetooth connection when it was not in use.

“These can open windows for eavesdroppers to intercept the transactions or install spyware and other malware on users’ smartphones or tablets,” it said.

Accountant loses RM500,000 to ‘Macau scam’ syndicate

Bank association: Measures in place to protect customers’ data

http://www.freemalaysiatoday.com/category/nation/2015/07/04/bilked-of-rm1-3mil-by-phone-calls-from-fake-police/

Taiwan, Chinese syndicates using local numbers for scams