Tag Archives: Phishing

RM500 Bantuan Awal Ramadhan 2024 Scam Alert!

Is the Malaysian government giving every citizen RM500 for Ramadhan 2024?! Take a look at the viral claim, and find out why it’s just a scam!

 

RM500 Bantuan Awal Ramadhan For 2024 Scam Alert!

People are sharing links to websites that purportedly offer RM500 from the Malaysian government as Ramadhan 2024 aid (Bantuan Awal Ramadhan).

Terkini : Kerajaan umum satu lagi bayaran bantuan khas Aidilfitri RM1,000 akan disalurkan pada 8 April ini secara berperingkat.

Senarai Penerima : http://sumbangan=xxxx=xxxxx.madani2024.my.id

Latest : The general government another Aidilfitri special aid payment of RM1,000 will be distributed on April 8 in stages.

List of Beneficiaries : http://sumbangan=xxxx=xxxxx.madani2024.my.id

Bantuan Awal Ramadan RM500 Mula Dikreditkan Secara Berperingkat

Ramadan Early Aid RM500 Begins to be Credited Gradually

These scams do not only appear on WhatsApp and Telegram, but also TikTok.

Recommended : Can You Get Free Cash Via MyKasih App?!

 

Why RM500 Bantuan Awal Ramadhan 2024 Is A Scam!

This is yet another example of FAKE NEWS circulating on WhatsApp, and social media platforms, and here are the reasons why!

Fact #1 : There Is No RM500 Bantuan Awal Ramadhan For 2024

Let me start by pointing out that there is no such thing as the RM500 Bantuan Awal Ramadhan aid for 2024.

On 6 March 2024, the Malaysia Ministry of Finance called it fake news, and warning people against sharing it:

THIS IS FAKE NEWS!

The Ministry of Finance stresses that the Ramadan Aid 2024 claim is FALSE.

Be careful and don’t be easily fooled by such news on social media.

Visit the portal and follow the Ministry of Finance’s official social media channels for the latest and most accurate information.

Recommended : Warning – PDRM Parking Fine Scam Alert!

Fact #2 : Photo Taken From 2023

The photo used in this scam was actually taken from a website posting about the 2023 Ramadhan aid given by Federal Territory Islamic Religious Council (Mаjlіѕ Agаmа Iѕlаm Wilayah Pеrѕеkutuаn, MAIWP).

In its official announcement, MAIWP gave a special one-off RM500 Ramadan financial aid on 27 March 2023. However, this financial aid was limited to existing recipients of monthly financial aid from MAIWP.

Not only was this one-time financial aid limited to 2023, there was no application, and the money was automatically given to eligible recipients.

Ramadan 1444H assistance to recipients of monthly financial assistance.

RM500 One Off

The distribution of aid will be implemented in stages on March 27, 2023 (Monday) corresponding to 5 Ramadan 1444H.

Fact #3 : It’s A Phishing Scam

I investigated one of the links, and it appears to be a phishing website registered in Indonesia, using the domain “madani2024.my.id” that was created on 29 February 2024.

This phishing website attempts to trick you into giving up your Telegram account access, by asking for:

  • your phone number
  • your Telegram account password
  • your Telegram OTP

Once the scammers have that information, they can take over your Telegram account, which can then be used to scam

It is likely that the other scammers may try to steal your WhatsApp account, and/or trick you into giving up your bank account login details.

Do NOT click on the links, and do NOT share them with your family and friends!

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Crime | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Scammers Hack Your Phone If You Call Back?!

Can scammers hack your phone if you answer their calls, or call back?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Scammers Can Hack Your Phone If You Call Back!

People are sharing this advice about scammers hacking your phone if you answer their calls, or call back!

Very Very Urgent …

Please pass this message to your family and friends NOW.

Recommended : WhatsApp Block Button Scam : What You Need To Know!

 

Truth : Scammers Cannot Hack Your Phone If You Call Back!

This is yet another example of FAKE NEWS circulating on WhatsApp and social media platforms, and here are reasons why…

Fact #1 : This Is Old Fake News

First, let me just point out that this fake message isn’t even new. It has been circulating on WhatsApp and social media platforms since April 2020, if not earlier.

Fact #2 : This Hoax Is Based On One Ring / Wangiri Scam

This hoax appears to be based on the 2019 FCC warning about the “One Ring” or “Wangiri” scam, where scammers use robocall devices to give victims a miss call, in hopes that they would call back and get charged for Pay-Per-Call services.

The Federal Communications Commission is alerting consumers to reported waves of “One Ring” or “Wangiri” scam robocalls targeting specific area codes in bursts, often calling multiple times in the middle of the night. These calls are likely trying to prompt consumers to call the number back, often resulting in per minute toll charges similar to a 900 number. Consumers should not call these numbers back.

Recent reports indicate these calls are using the “222” country code of the West African nation of Mauritania. News reports have indicated widespread overnight calling in New York State and Arizona.

Generally, the One Ring scam takes place when a robocaller calls a number and hangs up after a ring or two. They may call repeatedly, hoping the consumer calls back and runs up a toll that is largely paid to the scammer.

Consumer Tips: · Do not call back numbers you do not recognize, especially those appearing to originate overseas. · File a complaint with the FCC if you received these calls: www.fcc.gov/complaints · If you never make international calls, consider talking to your phone company about blocking outbound international calls to prevent accidental toll calls. · Check your phone bill for charges you don’t recognize.

This scam, however, does not involve hacking any phone. It only requires you to call back the number, which is a Pay-Per-Call service.

Once you call back, you will get charged a premium rate, as the scammers try to keep you on the line for as long as possible.

Recommended : Can Israel Seismic Wave Card Hack Your Phone?!

Fact #3 : Scammers Cannot Hack Phone Through Calls

It is simply not possible to hack your phone through a voice call, even if you’re using VOIP (Voice Over Internet Protocol), or apps like WhatsApp or Telegram.

What is possible though is voice phishing, also known as vishing. This is a form of social engineering, where scammers pose as a bank or police officer (or someone with authority) to obtain your bank account information, or trick you into transferring money into their bank accounts.

Fact #4 : 90# Telephone Scam Only Works With PBX / PABX

The #90 or 90# scam is a very old phone scam that only works on business landline phones that use a PBX (Private Branch Exchange) or PABX (Private Automatic Branch Exchange) system. Here is the official US FCC warning about this scam.

In this very old scam, the scammer pretends to be a telco employee looking into a technical problem with your phone lines, and asks you to help him by either mailing 90# or transferring the call to an outside line. If you do that, you will enable the scammer to place premium-rate calls that will billed to your phone number.

To be clear – these codes do NOT work on mobile phones or smartphones, because they do not run on PBX or PABX systems.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

PayNow PDF Malware Scam : What You Need To Know!

Is there a new malware scam involving a PayNow PDF?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : WhatsApp Block Button Is A Scam!

People are sharing this warning about a new malware scam involving a PayNow PDF. Take a look!

I just received below the latest and new scams Modus Operandi from my Uncle. Forward to warn and share.
======================

The scammers have changed their modus operandi. They don’t ask you to download the app.
My neighbour told me yesterday that her sister (a cancer patient) wanted a part-time helper to clean her house. Hence, she went to Facebook. I called the number and made the request. The advertiser asked whether she had a Paynow, and she said that she had. He directed her to make the partial payment, and he will send the invoice to confirm. (Note: He did not ask her to download an app, as people are getting alerts). When she received the invoice in the PDF format, she did not suspect any foul play and clicked it. The invoice showed the amount paid and the balance to be paid. After that, she went to sleep. The next morning, her phone could not be switched on.
She used her laptop to check her DBS bank account. Her $20K was gone, and her two fixed deposits of $25K, which had not reached the maturity date, were also gone—the total loss was $ 70K.
When she went to the bank and asked why her fixed deposit was also gone, the receptionist told her that digital banking allows you to transfer the amount back to your account to facilitate withdrawals without going to the bank.
Police told her the malware was embedded in the PDF document.
So folks, beware that the scammers are always changing their modus operandi to con your money $$$! 😡😡😡

Recommended : WhatsApp Block Button Scam : What You Need To Know!

 

No Evidence There Is Any PayNow PDF Scam!

This is likely another example of FAKE NEWS circulating on WhatsApp and social media platforms, and here are reasons why…

Fact #1 : No Evidence Of PayNow PDF Scam

First, let me just point out that there is no evidence that anyone was ever scammed by a PayNow PDF invoice.

There has been no actual news report of such a case, never mind multiple cases involving malicious PayNow PDF documents.

Frankly, I don’t know of any PDF malware that can shut down a phone, and transfer money from a bank account, including liquidating fixed deposits!

Fact #2 : PDF Malware Generally Target Computers

PDF documents can contain malware, but malicious PDFs generally target Windows computers. In fact, many aren’t actual PDF documents, but are instead executable files masquerading as PDF files – invoice.pdf.exe, for example.

Malicious PDF documents or executables targeted at Windows computers won’t work on smartphones. The malicious PDF must not only be specifically designed to target smartphones, it must target the right operating system – iOS or Android. A malicious PDF targeting Android won’t work on an Apple iPhone, for instance.

On top of that, many PDF malware actually exploit vulnerabilities in a specific PDF reader – most commonly, the industry-standard Adobe Acrobat Reader. Most smartphones do not have Adobe Acrobat Reader installed, and instead rely on a variety of PDF readers like Samsung Note, OneDrive, Google Drive, Kindle, etc.

Embedded PDF malware that target vulnerabilities in the Adobe Acrobat Reader won’t work with other PDF readers. That’s probably why it’s rare to see PDF malware that target smartphones.

Recommended : Can StopNCII Remove All Nude / Deep Fake Photos?!

Fact #3 : PayNow Scams So Far Involve Phishing

Singapore reported 477 cases of PayNow scams in 2021, with 133 more cases in 2022. However, they were not due to PDF malware. Rather, their victims were deceived into giving scammers their digital banking credentials.

In other words, PayNow scams have so far involved phishing attacks, in which victims are tricked into logging into fake websites, or giving up their Internet banking login details by phone.

In one of these scams, victims received phone calls from people pretending to be bank employees. The callers would ask for the victims’ personal details, such as their Internet banking usernames and passwords, under the pretext that the bank needed them to verify transactions in their accounts.

Fact #4 : Singapore Police Warned About Android Malware

It seems likely that the viral warning is based on a misunderstanding of a Singapore Police Force warning about Android malware withdrawing money through PayNow.

Issued on 17 June 2023, the Singaporean police warned that scammers were tricking victims into installing an Android Package Kit (APK) file through WhatsApp and Facebook Messenger. Once installed, the malware allows the scammers to remotely access the victims’ devices, and steal their passwords.

The victims are then directed to fake websites that mimic banks like DBS to key in their banking credentials. The login information obtained through this phishing attack then allows the scammers to withdraw their victims’ money through PayNow.

To be clear – this PayNow scam does NOT involve any PDF. It requires the victim to install an APK file – to gain access of your 2FA (Two-Factor Authentication) device, and provide bank login information through a fake (phishing) website.

This allows the scammers to log into your bank account using the login info you provided, and authenticate all transfers using your mobile phone.

Recommended : Nurse Lost RM380K After Pressing Instagram ‘Like’ Button?!

Fact #5 : Here Are Some Common Cybersecurity Tips

Here are some simple cybersecurity tips to help you avoid getting scammed online:

  • Never install APK files (for Android) from unknown or untrustworthy sources.
  • Never sideload IPA files (for Apple iOS) from unknown or untrustworthy sources.
  • Always check the entire filename, including its file extension:
    – PDF documents should end with .pdf, and not .pdf.apk or .pdf.ipa or .pdf.exe.
    – Word documents should end with .doc or .docx, and not .doc.apk or .doc.ipa or .doc.exe.
  • Never click on any link to go to any bank website. Always type in the link yourself into a web browser, or better still – use the official app issued by the bank.
  • Never give your bank login details to any person, even if they claim to be a police officer, a bank officer, or even a cybersecurity expert!
  • Never give your 2FA authentication code / TAC or OTP number to any person, even if they claim to be a police officer, a bank officer, or even a cybersecurity expert!

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can SIM swap attack empty bank account without warning?!

Can a SIM swap attack empty your bank account without warning?! Take a look at the viral warnings, and find out what the facts really are!

Updated @ 2023-10-07 : Added new viral message, and other updates.
Originally posted @ 2022-01-16

 

Claim : SIM Swap Attack Can Empty Bank Account Without Warning!

This message has gone viral on social media and WhatsApp, warning about a new high tech fraud called SIM Swap Fraud that can empty bank accounts without warning.

The message includes a link to a Straits Times report about a young couple who lost $120,000 in a fake text message scam targeting OCBC Bank customers.

Your BANK Account could be Emptied without an Alert!

Dear All, Please let’s be very careful.. There is a new HIGH TECH FRAUD in town called the SIM SWAP FRAUD, and hundreds of persons are already VICTIMS.

Here is a new variant circulating in 2023:

My cousin received a call , asking if he had been vaccinated, if vaccinated to press 1.

If not vaccinated, press 2. As a result, he pressed 1, the phone was blocked and his online bank information/account were all transferred. Please be Alert and Careful and forward to more people to know about this new trick/scam. Forwarded as received.

Recommended : Beware Of Telegram Screenshot Hack + Scam!

 

Truth : SIM Swap Attack Is Real, But Don’t Work Like That

The truth is – SIM swap attacks are real and very dangerous, but they do not work like the viral messages claim.

Here is what you need to know about the viral message, and SIM swap attacks.

Fact #1 : SIM Swap Attacks Are Not New

SIM swap attacks are really not new. Scammers have been using SIM swap attacks since 2015, if not earlier.

Fact #2 : SIM Swap Warnings Are Mostly False

The viral message is correct about the risk of SIM swap attacks, but pretty much wrong about everything else.

In fact, the method by which the SIM swap attack works is completely made up. So the viral message is really FAKE NEWS.

There’s no way your bank account will be emptied without any action on your part. Neither will your bank accounts be emptied because you participate in a COVID-19 vaccination SMS survey.

Fact #3 : No Evidence Of Such Fraud

There is no evidence of SIM swap attacks requiring users to complete the process by responding to an SMS survey about vaccination.

Neither is there any evidence that SIM swap attacks alone can lead to your bank accounts being emptied.

Fact #4 : Straits Times Article Was Not About SIM Swap Attack

One of the viral messages include a link to a Straits Time article to mislead you. That’s because the article was about a phishing attack, not a SIM swap attack.

In that phishing attack, the victim received an SMS  with a link that took him to a fake website that “looked exactly like the OCBC login page“. He then keyed in his bank login details, thus handing over control of his bank account to the scammers.

The victim also ignored automated messages warning him that his “account was being setup on another phone“. That had nothing to do with a SIM swap attack. It was an SMS-based phishing attack.

Recommended : How To Turn On Two-Step Verification In Telegram!

Fact #5 : SIM Swap Attacks Generally Do Not Require Any Action

In most SIM swap attacks, scammers use your personal information, either purchased from other criminals or obtained through earlier phishing attacks or social engineering, to request for a SIM card replacement.

All that does not require any action on your part. In most cases, you only realise you’ve been hit when you lose access to your mobile number.

Fact #6 : SIM Swap Attack May Require Action In Some Cases

The Press 1 claim in the viral message is partially correct, but it only happens in a particular circumstance.

In India, scammers have tricked people by offering a free network upgrade, or to help improve signal quality on their phones :

  1. The scammer will call the victim, claiming to be from their mobile service provider.
  2. The scammer will try to get the victim to reveal his/her 20-digit SIM card number.
  3. The scammer will use the 20-digit SIM number to initiate a SIM swap with the mobile service provider.
  4. The mobile service provider will automatically send an SMS to confirm the swap.
  5. Once the victim confirms the swap, his/her SIM card will stop working.
  6. The scammer now has access to the victim’s mobile number.

Fact #7 : SIM Swap Attack Does Not Hack Your Phone

The SIM swap attack does not involve any hacking of your phone.

You only lose access to your mobile number. Your phone is not hacked.

Recommended : Can Greeting Photos + Videos Hack Your Phone?!

Fact #8 : SIM Swap Attack Does Not Empty Bank Accounts

Once the scammers successfully gain control of your mobile number, they can use it to intercept one-time passwords (OTP) like TAC numbers.

This allows them to change passwords to your bank accounts, social media accounts, etc. which is why SIM swap attacks are so dangerous and damaging.

However, it does not mean your bank accounts are immediately emptied. For one thing – the scammers need to know your bank login.

That’s why SIM swap victims often have had their bank logins and passwords stolen earlier though phishing attacks. The scammers only need their mobile numbers to receive OTP / TAC numbers to authenticate the transfers.

Fact #9 : SIM Swap Attack Can Be Used To Cheat Friends Too!

Stealing money from your bank account requires extra work, so scammers who do not have your bank login details will resort to cheating your friends.

With access to your phone number, they can easily gain access to your social media accounts (Facebook, Twitter, Instagram) as well as instant messaging apps (WhatsApp, Telegram).

Once they have control, they can send messages to your friends, pretending to be you. Naturally, they will concoct some story to ask your friends for money.

The idea is to use your (now) stolen accounts to convince your friends that you genuinely need their help. The money that they transfer goes directly to the scammers, or their mules (people who rent their bank accounts to scammers).

Now that you know the facts behind the SIM swap attack or scam, please SHARE this article with your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MobileTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Warning – PDRM Parking Fine Scam Alert!

Scammers are targeting motorists with the PDRM parking fine scam! Make sure you warn your family and friends!

Here is what you need to know about the PDRM parking fine scam!

 

PDRM Parking Fine Scam Email

People are getting emails warning them that they just committed a parking violation, while offering them a cheap fine if they pay quickly.

Fines Inquiry and Payment

Dear recipient,

We are writing to draw your attention to a recent traffic violation in Malaysian jurisdiction.

Our traffic enforcement staff have observed your vehicle parked in a no-parking zone. This contravenes section (no. 2016-691] of the Road Traffic Act.

The fine is set at MYR 50. Payment of the fine is required within 7 days of the date of notification, to avoid further legal consequences.

If the fine is not paid within the time limit, you may be subject to legal action, resulting in an increase in the original fine.

Payment deadline: [08/26/2023]

Methods of payment accepted:

Cordially,

Malaysian Police Department

Recommended : Bantuan Tunai Rakyat Malaysia 2023 Scam Alert!

 

PDRM Parking Fine Email Is A Scam!

These PDRM parking fine emails are scam emails. This was confirmed by PDRM itself.

On 7 August 2023, the Cyber Crime division of the Royal Malaysia Police (PDRM) posted an alert warning motorists not to fall for the MyBayar scam.

These emails are designed to scare its victims into action. Hence, it offers a very cheap way to quickly “settle the problem”. However, if you take a breath, and analyse the email CAREFULLY, you will see many problems with it.

  • Letter is from PDRM : The Royal Malaysia Police (PDRM) will never write to you by email.
  • Letter is in English : The Royal Malaysia Police (PDRM) will never write to you in English.
  • Typo in the name : The fake email used My Bayar PDRM, instead of MyBayar PDRM.
  • Lack of name and personal details : The fake email refers generically to “Dear recipient“, without listing your full name and MyKad number.
  • Lack of vehicle details : The fake email doesn’t mention the vehicle make and plate number.
  • Lack of location details : The fake email does not mention where the offence occurred, or even when it occurred.
  • Fine is much too low : PDRM traffic fines are never as low as RM50. The cheapest fine is RM150 for Category 4 offences, but you can pay as low as RM70 within 15 days.
  • No such law : The fake email refers to the Road Traffic Act. There is no such act in Malaysia. The proper name is the Road Transport Act 1987 (Act 333).
  • No such section : If you look at the Malaysia Road Transport Act 1987 (PDF download), you will see that there is no such thing as Section 2016-691.

The email appears to be from My Bayar PDRM (typo in the name), but if you inspect the email address, you will see that it was sent by “in-to-no-reply@silverbackgames.xxx” or “hello@sooqr.com” or some other email address.

Obviously, this email did not originate from an official PDRM email address! This should immediately tell you that this is a fake or scam email!

Recommended : How A University Student Lost RM22K In Online Job Scam!

If you click on the Pay My Fine link in the scam email, you will be taken to a fake My Bayar PDRM website (with the same typo in the name).

You may notice that you now have 7 days to pay the RM 50 fine, instead of just 5 days in the email. Odd, isn’t it?

Also odd is the fact that the page does not mention your name, your MyKad number, your vehicle type and model, or even its plate number! The page also doesn’t mention where the offence took place, or the time you were caught committing said offence.

Do NOT proceed after this point… This is a scam website!

But if you have itchy fingers, and click on the Pay The Fine button, you will be asked to pay for the RM50 fine using your debit or credit card.

Needless to say, PLEASE DO NOT SUBMIT YOUR DEBIT / CREDIT CARD DETAILS!!!

If you provide these scammers with your debit / credit card details and TAC / OTP numbers, they will be able to charge ANY AMOUNT they want to your credit card, or withdraw ANY AMOUNT they want from your bank account!

Recommended : Wedding Invitation Scam : Don’t Install APK File!

It’s even worse if you are asked to log into your bank account to pay the fine. DO NOT DO THAT!

If you provide them with your bank login and password, as well as OTP/TAC number, these scammers will be able to transfer money out of your bank account!

Please note – this is a scam! This is a phishing attack to gain access to your credit card and/or bank account.

Regardless of how you get any notification from PDRM about any traffic offence you may have committed, you should always check the status through these official MyBayar PDRM options:

Please SHARE this warning with your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Automotive | Cybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

PDRM Warning : Watch Out For MyBayar Scam!

PDRM is warning motorists not to fall for the MyBayar scam! Here is what you need to know about the MyBayar PDRM scam!

 

PDRM Warning : Watch Out For MyBayar Scam

On 7 August 2023, the Cyber Crime division of the Royal Malaysia Police (PDRM) posted an alert warning motorists not to fall for the MyBayar scam.

The MyBayar PDRM scam starts with an official-looking email that warns motorists that they have been caught contravening the law, and offers a cheap RM50 fine if paid within 5 days:

Last notice of contravention before prosecution

Dear recipient,

We are writing to draw your attention to a recent traffic violation in Malaysian jurisdiction.

Our traffic enforcement staff have observed your vehicle parked in a no-parking zone. This contravenes section (no. 2016-691] of the Road Traffic Act.

As a result of this infringement, a fine of MYR 50 has been imposed. This fine must be paid within 5 days of the date of this notification to avoid further legal consequences.

Failure to pay the fine within the allotted time may result in legal proceedings being taken against you, which could lead to increased fines, penalties and the possible suspension of your driving license.

Recommended : Bantuan Tunai Rakyat Malaysia 2023 Scam Alert!

 

MyBayar PDRM Scam : How Does It Work?!

Many people who received the MyBayar PDRM email might be shocked to find out that they were caught committing a traffic violation, and then relieved that it was only RM50 if they paid quickly.

That’s how the scammers trap their victims – by offering a cheap RM50 fine, when we all know that fines for traffic offences are at least RM150, and can go all the way up to RM1,000!

Those who received this fake MyBayar PDRM email would be tempted to quickly pay the cheap RM50 fine, before it becomes a lot more expensive!

But if you take a closer look at the email, you will spot some problems with it:

  • Weird English : The email title of “Last notice of contravention before prosecution” is nonsensical.
  • Typo in the name : The fake email used My Bayar PDRM, instead of MyBayar PDRM.
  • Lack of name and personal details : The fake email refers generically to “Dear recipient“, without listing your full name and MyKad number.
  • Lack of vehicle details : The fake email doesn’t mention the vehicle make and plate number.
  • Lack of location details : The fake email does not mention where the offence occurred, or even when it occurred.
  • Fine is much too low : PDRM traffic fines are never as low as RM50. The cheapest fine is RM150 for Category 4 offences, but you can pay as low as RM70 within 15 days.
  • No such law : The fake email refers to the Road Traffic Act. There is no such act in Malaysia. The proper name is the Road Transport Act 1987 (Act 333).
  • No such section : If you look at the Malaysia Road Transport Act 1987 (PDF download), you will see that there is no such thing as Section 2016-691.

The email appears to be from My Bayar PDRM (typo in the name), but if you inspect the email address, you will see that it was sent by “in-to-no-reply@silverbackgames.xxx” or “hello@sooqr.com” or some other email address.

Obviously, this email did not originate from an official PDRM email address! This should immediately tell you that this is a fake or scam email!

Recommended : How A University Student Lost RM22K In Online Job Scam!

If you click on the Pay My Fine link in the scam email, you will be taken to a fake My Bayar PDRM website (with the same typo in the name).

You may notice that you now have 7 days to pay the RM 50 fine, instead of just 5 days in the email. Odd, isn’t it?

Also odd is the fact that the page does not mention your name, your MyKad number, your vehicle type and model, or even its plate number! The page also doesn’t mention where the offence took place, or the time you were caught committing said offence.

Do NOT proceed after this point… This is a scam website!

But if you have itchy fingers, and click on the Pay The Fine button, you will be asked to pay for the RM50 fine using your debit or credit card.

Needless to say, PLEASE DO NOT SUBMIT YOUR DEBIT / CREDIT CARD DETAILS!!!

If you provide these scammers with your debit / credit card details and TAC / OTP numbers, they will be able to charge ANY AMOUNT they want to your credit card, or withdraw ANY AMOUNT they want from your bank account!

Recommended : Wedding Invitation Scam : Don’t Install APK File!

It’s even worse if you are asked to log into your bank account to pay the fine. DO NOT DO THAT!

If you provide them with your bank login and password, as well as OTP/TAC number, these scammers will be able to transfer money out of your bank account!

Please note – this is a scam! This is a phishing attack to gain access to your credit card and/or bank account.

Regardless of how you get any notification from PDRM about any traffic offence you may have committed, you should always check the status through these official MyBayar PDRM options:

Please SHARE this warning with your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Automotive | Cybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Bantuan Tunai Rakyat Malaysia 2023 Scam Alert!

Watch out for the Bantuan Tunai Rakyat Malaysia 2023 scam on WhatsApp, Telegram, Facebook and Twitter!

Find out how this scam works, and WARN your family and friends!

 

Bantuan Tunai Rakyat Malaysia 2023 Scam Alert!

These scam messages about Bantuan Tunai Rakyat (BTR) 2023, or Bantuan Percuma Kerajaan Malaysia 2023, is going viral on WhatsApp, Telegram, and social media platforms like Facebook and Twitter.

Bantuan percuma kerajaan 2023 khas untuk yang mana bergelar usahawan,pendidik,suri rumah,kerani dan yang kerja sendiri di waktu sekarang, boleh dapatkan geran RM2500 😱 🧕👩‍🍳👩‍💻👷‍♂️👨‍🎓👨‍🌾
✅ Bantuan ni percuma
✅ Tak perlu bayar semula
✅ Maksimum sehingga RM2,500 / RM5,000
JOM CLAIM:

Free government assistance 2023 especially for those who are entrepreneurs, educators, housewives, clerks and self-employed at the moment, can get a grant of RM2500 😱 🧕👩‍🍳👩‍💻👷‍♂️👨‍🎓👨‍🌾
✅ This help is free
✅ No need to pay again
✅ Maximum up to RM2,500 / RM5,000
CLAIM HERE:

As one lady shared in the video below, she got tricked by the scammers, who took over her Telegram account to send the same scam message to all of her contacts!

While she claimed that she did not click any link, I will show you how she got scammed…

Recommended : Beware Of Telegram Screenshot Hack + Scam!

 

Bantuan Tunai Rakyat Malaysia Scam : How Does It Work?

Warning : To show you how the scammers work, I will share the links they use. I will highlight those dangerous links in red. Do NOT go to those links.

Super Long Link

To trick people into clicking on the scam links, the scammers intentionally use a misleading and very long URL, so you are less likely to notice the domain.

This is the scam link : http://bantuan-kerajaan-my-fase-3-trd.financialanchorllc.com

Note how the scammer used a long list of descriptive keywords – “bantuan“, “kerajaan“, “my“, “fase 3“, which helps to mislead people, and make it more difficult for them to notice that the domain is “financialanchorllc.com“.

Obviously, financialanchorllc.com is not a Malaysian government domain (which ends with .gov.my), and it has nothing to do with Malaysia or financial aid.

A quick WHOIS check reveals that the ownership of this domain is hidden by a paid service – which is not what a genuine government agency would do.

Pro Tip : Always check the domain of a link before you click on it. Avoid super-long links like this because they are often used to mask the domain name.

Recommended : Will Scanning RFID Bar Codes Hack Your Phone?!

Fake Telegram Invitation

After clicking to go to https://bantuan-kerajaan-my-fase-3-trd.financialanchorllc.com, you will be taken to what looks like an invitation to join a Telegram group. But in reality, it is a fake Telegram invitation.

A real Telegram invitation will have a link like this – https://t.me/XXXXXXXX. But this scam page has the link – https://bantuan-kerajaan-my-fase-3-trd.financialanchorllc.com.

Also, a real Telegram invitation can detect if you are using Windows / Mac or Android / iOS, and suggest that  the right download for your device.

A real Telegram invitation will not ask you to Join Group. Rather, it will allow you to either View In Telegram, or Preview channel in the web browser itself.

Recommended : Bursa Malaysia Stock Investment Scam Alert!

Fake Telegram Login Page

If you click on Join Group, you will be taken to this Telegram login page.

WARNING – THIS IS A SCAM PAGE. This is what is known in cybersecurity as a “phishing attack”.

First of all, Telegram invitations will never ask you to log into your Telegram account. It will simply launch the Telegram app and load the group for you.

Secondly, if you look at the link, it leads to the same scam domain, specifically https://bantuan-kerajaan-my-fase3-gcc.financialanchorllc.com/main/index.php.

Do NOT log into your Telegram account in this page.

Recommended : Scam Alert : How Fake Job Syndicates Operate!

If you log into your Telegram account using this phishing page, then the scammers will gain access to your Telegram account, and take it over for their own use.

They can then use your Telegram account to send the same scam message, or worse, cheat your family and friends of their money!

Recommended : Can Restaurant Menu QR Code Hack Your Phone?!

The lady in the viral video likely logged into this phishing page, thus giving the scammers control of her Telegram account. That was likely how they were able to message everyone on her contact list.

She also likely did not enable Two-Step Verification in Telegram, which would let her recover her account even after scammers have gained access.

That is why people who were hit by this scam had to call and inform their relatives and friends, or publicly post about it to warn all of their contacts.

Unfortunately, it is not always possible to warn all of their contacts, and inevitably, someone will get cheated of their hard-earned money. That’s why these scams are so popular – they really work, and scammers are making a ton of money!

Help us fight against these scammers. SHARE this article out, and WARN your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Software | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

How A University Student Lost RM22K In Online Job Scam!

Find out how a university student just lost over RM22,000 in an online job scam!

Please SHARE this article to warn your family and friends to avoid such online job scams!

 

Online Job Scam Are Targeting The Poor + Desperate!

Online job scams have been around for a long, long time. But fake job syndicates have become more active recently, probably because more people are getting laid off, and inflation is eating into our money.

Online job scams come in a variety of ways, but most commonly, you get unsolicited messages through WhatsApp or iMessage, offering you the opportunity to make a lot of money through part-time work, in the comfort of your own home.

This is especially appealing to people who are currently jobless and desperate. Or in this recent case – a university student who is just starting out in life.

I am Shirley , a permanent employee at XXXX Company in the recruitment department. The HR department sent me this number and asked me to contact you to get you to a job opportunity.

Hello! I am Miss Aisyah Binte Ahmed, from The Recruitment Dept. at YYYY Digital, Malaysia. Our company is hiring part-time and full-time online Employees. Can I briefly share the details with you?

Recommended : Scam Alert : How Fake Job Syndicates Operate!

 

How A University Student Lost RM22K In Online Job Scam!

I had earlier written about how fake job syndicates cheat people of their hard-earned money, but I didn’t realise that these scammers are also targeting university students!

A university student recently shared how he quickly lost over RM20,000 to an online job scam, despite being warned that it could be a scam!

How They Reel The Student In…

These online job scams always start by offering their victims an EASY way to make A LOT of money!

It all started two days ago, when an unknown person asked me if I’m interested in a part time job. I usually don’t decline offers like this because I’m also a student looking for internship or job opportunities.

He gave me simple tasks, like subscribing to YouTube channels and get RM10 for each subscription. I was interested as money did really go to my account.

Then, I was added into a group. They would give these free tasks of subscribing to YouTube channels.

These scammers also know that people are now wary of scams, and will always demonstrate their willingness to pay… at least in the beginning.

And occasionally will provide merchant tasks throughout the day, which you bank in a certain amount of money to them, which was said to help improve crypto merchant’s reputation or some sort, then they’ll return you a good amount of earnings after the task is completed. It takes around half an hour to do so. So for these two days I earned around RM500.

This is how the scammers establish trust with their victims, and convince them to “invest” to get even more money!

Recommended : Watch Out For Telegram Phishing Attack!

The Scam Happens Very Quickly

The “merchant tasks” is when they start scamming you, and the scam occurs very quickly. You may think that you’re earning a lot of money, but you will never see a cent of it.

So here’s where the fishing begins. A merchant task has started. A rule was stated that I must complete all the tasks given or I will not get the money that I banked in before.

It doesn’t matter how little you “invest” in this “merchant task” scheme. Once you are in, they will quickly use your “earnings” to force you to keep paying them!

I chose the least risk package, give RM300 to get RM360. Then, I was required to continue the next task. Same, I chose the smallest amount RM2000 to get RM2600. Again, need to continue the next task, I chose the smallest RM5000 to get RM7000. Then, RM15000 to get RM19500.

Then, RM40000 to get RM52000. At this point, I still haven’t realize it’s a scam. All I’m focussed on is I need to take back the money that I banked in, so I’m just thinking about completing the tasks given.

By The Time He Realised… It Was TOO LATE!

Because the university student was so engrossed in getting back the money he “invested” earlier, he didn’t realise that he was giving the scammers more and more money… until it was much too late.

There’s one trick that this scammer is using. He let me start with a small investment, then proceed with stages. They force me to continue because I want to rescue the money that I put in in the previous task. So it keeps getting bigger and bigger.

Unfortunately, by the time the university student realised his mistake, it was much too late… He had already lost over RM22K!

At that time, I have not enough money in my bank to fork out RM40k. So I panic and find my friend to lend me some money.

Luckily my friend as a sideliner noticed that this is a scam and stopped me. I woke up finding that evervthing was too late. Just like that, two days, RM22300, gone.

Recommended : Must You Disable Facebook Auto-Fill To Block Scams?!

Scammers caught on CCTV by hacker

Many People In The Group Are Scammers

As the university student later realised, many of the people in the group are part of the online job scam syndicate. Their job is to give the victims the perception that this is a legitimate job with many people participating.

During merchant tasks, I’m asked to leave the big group and will be joining a small group of 3-4 members. One of the scary parts in this operation after I realize it’s a scam is that, all the group members in the group are actually controlled by the same person.

Out of the 4 members, two might be playing rich vips who will play the highest package, pressuring you to play with more money, the other person looks like a newcomer like me and plays along with me, choosing the lowest package.

Precautions Were Useless

The university student was actually warned by his parents that it could be a scam. He even prepared for the possibility he could be scammed:

Some Precautions | Made While Attempting This:

I was being very careful with this. I shared with my parents on the first night. My parents did warned me about it being a scam, but didn’t stop me from it since I’m earning something. They just ask me to be extra cautious.

I have two bank accounts, so I moved most of my savings such that I have a “small” account and a “big” account, to prevent losses if anything goes wrong.

I also created a new chat account with another phone number solely for this “part time job”. I also made a plan and promise to only invest my earnings, so I cannot touch my savings.

But as German Field Marshal Helmuth von Moltke once said, “No plan survives contact with the enemy“, and the student’s precaution was useless when he got “emotionally invested” in getting his money back, and ended up taking out all of his saving from the “big account”!

I believe we always read about news of scams in Malaysia, asking why are they so dumb, why they fall into these type of scams. Until I’m in their shoes. I was being very cautious taking the above steps and always remind myself to not be greedy, play only the least risk.

The worse part is, when I’m within that situation and cannot think straight. I even use my savings from my “big” account, just because I want to rescue the money I put in.

Recommended : How To Block Facebook Ads + Pay Scammers!

The university student is now “emotionally depressed” and “thinking about suicide” over the loss of so much money. But do the scammers care? No, they couldn’t care less if people commit suicide over the loss of their hard-earned money.

He has also contacted his bank fraud hotline, and lodged a police report. Unfortunately, he is unlikely to ever recover any of the money he lost. But I hope he understands that his life matters more to his family than money, and he can always make back the money as long as he lives.

Please SHARE this article out, and WARN your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Scam Alert : How Fake Job Syndicates Operate!

Find out how fake job syndicates operate, and how they reel you into their scams, and cheat YOU of your hard-earned money!

Make sure you SHARE this article, to warn your family and friends to avoid the fake job scams!

 

Fake Job Scams : What Are They?

Fake job scams have been around for a long, long time. But fake job syndicates have become more active recently, probably because more people are getting laid off, and inflation is eating into our money.

Fake job scams come in a variety of ways, but most commonly, you get unsolicited messages through WhatsApp or iMessage, offering you the opportunity to make a lot of money through part-time work, in the comfort of your own home.

Good day YouTubers!! This is Alexa from Youtube Entertainment. We invite you to participate in our event by liking and subscribing to our channel and we will give you XXX. Please reply “YES” if you are interested. Thank you.

Hi, I’m the recruitment manager of XYZ company. XYZ invites you to do regular work at home.

You can easily earn [large amounts of money] with your mobile phone every day, and your salary will be settled on the same day.

Please add my WhatsApp to sign up. The number of places is limited, only for today.

Hey! You have been selected for a job. Daily salary XXXX to YYYYY. WhatsApp [number removed]. Reply YES to apply.

Recommended : How To Block Facebook Ads + Pay Scammers!

 

Scam Alert : How Fake Job Syndicates Operate!

I personally have received many of such fake job offers, and have always ignored them. But when I saw a sudden surge of fake job offers, I decided to look into it. I also wanted to find out how they worked.

So I took a dive into two different fake job scams last week, and here was what I found…

How They Reel Their Victims In

It all starts with scammers tasked with “fishing” for victims. They will try to contact you by email, Facebook Messenger, SMS, WhatsApp, Telegram, or iMessage. Regardless of the method, the hook is simple – we are offering you an EASY way to make A LOT of money!

Once you are suitably impressed, these “fishing” scammers will offer you a simple task to show you just how easy it is to make a lot of money. To entice me, the two scammers offered me a pretty good sum of money for a very simple task:

Syndicate A : Subscribe to this YouTube channel, and send me the screenshot to receive XXXX.

Syndicate B : Like this YouTube video, and send me the screenshot to receive YYYY.

Recommended : Watch Out For Telegram Phishing Attack!

The Fishing Scammer Hands You Over To The Syndicate

After you complete that task, the fishing scammer then hands you off to the actual fake job syndicate, ostensibly for payment. You are asked to contact the company secretary / account manager on Telegram, with a “payment code”.

From what I surmise, the “payment code” is actually the fishing scammer’s referral code – they get paid for every victim they send the syndicate.

This will be your last contact with these fishing scammers. They are off to reel in more victims!

Recommended : Must You Disable Facebook Auto-Fill To Block Scams?!

Syndicate Baits You With Payment

The syndicate secretary / account manager will ask you to register your details with them, but they are not too particular with any details, except for your phone number. If you give them the fake number, they will know because they will check with the fishing scammer using their referral code. But feel free to give them other fake details – they won’t care.

The fake job syndicate will then send you the payment for that “test” job, using a mule account. If you ask them why they are sending you the money through a different company account or even a random person’s account, they will tell you that they have many bank accounts because of daily transaction limits.

Syndicate Baits You With Simple Tasks

The syndicate will then add you to their Telegram channel offering multiple tasks per day. Instead of YouTube channels or videos, you are tasked to very simple tasks like:

  • open a link to a product page on an online shopping platform
  • take a screenshot of that product page
  • post that screenshot to the Telegram group
  • share that screenshot with your syndicate agent

You will breeze through the first three tasks easily, and the fake job syndicate will pay you promptly.

Fantastic, isn’t it? What could go wrong? After all, there are hundreds of other people participating in the same tasks, and getting paid!

Recommended : Can SIM Swap empty bank accounts without warning?!

Syndicate Tempts You With Pay To Earn Scam

At this point, you have done some calculations, and realise that you can easily make good money every day doing these simple tasks.

That’s when the fake job syndicate offers you the opportunity to make some serious cash. But there’s one catch – you need to PAY them to get access to jobs with serious money.

For every dollar you prepay, the fake job syndicate promises that you will get that back PLUS 10% to 30%, within minutes. Just in case you are worried about losing your money, hey, they are offering a refund. Honest!

And how can they offer you so much money for so little work? The syndicate throws in the magic word – cryptocurrency! Of course! That’s the only way anyone can make tons of money easily, with both eyes closed!

Recommended : BitiCodes Scam Alert : Fake Celebrity Endorsements!

Syndicate Pressurises You With Bots

To convince you that they are legit, you will see many people posting screenshots of their payments to the Telegram group. They will also publicly announce how much they are investing. In some cases, they also post excitedly about how much money they already made, and how much they plan to make today.

This is just a charade to make you believe that people are really making money through this scheme. Most of these “participants” appear to be bot accounts, with a few sock puppet accounts. If you monitor these accounts over time, you will see them change names. I even spotted one of these fake participants (mercado livre in the screenshot above) become the Telegram group admin!

The genuine victims are those asking questions in the group like “We have to prepay?” But oddly enough, no one else in the group (except the Telegram group admin) will respond. That’s not how real people behave.

And if you check their receipts, you will notice some discrepancies in their receipts, which suggest that they were edited:

  • transfers within the same bank were labelled as transfers “to other banks”.
  • account numbers are too short / long for that particular bank

The others are possibly genuine receipts (by people who were scammed earlier), with their dates and times changed.

Recommended : 2023 Turkey Earthquake : Fake Photos + Scam Alert!

Once You Pay, It’s Game Over

I managed to get in touch with two victims of this scam, who claimed that once they deposited the prepaid amount, they were ghosted and removed from the Telegram group.

So that appears to be the scam – they bait you with a bit of money, until you are convinced that they are real. Then once you prepay them for the “big job”, they dump you right away.

Your assigned syndicate agent will block you, and you will get kicked off the Telegram group, which often disappears after scamming a few victims. Often, you will find your Telegram conversations with them mysteriously deleted. By then, it’s much too late – you have already lost your money.

To ensure they don’t lose money, they will price the introductory offer low enough to entice victims, but high enough to cover their costs and then some. But they will inevitably score some big fish, which is why the fake job scam persists.

Now that you know how the fake job scam works, please DO NOT get trapped into it! NEVER pay to get a job. It is just a scam!

Please SHARE this article out, and WARN your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Malaysian Telcos Ban SMS Links To Prevent Scams!

Malaysian telcos have started banning SMS links, as part of the MCMC’s initiative to prevent scams! Here is what you need to know!

 

Malaysian Telcos Ban SMS Links To Prevent Scams!

On Tuesday, 2 May 2023, four Malaysian telcos – Maxis, Celcom, Digital and U Mobile started banning SMS links, as part of the MCMC’s initiative to prevent scams.

From this day onwards, users will be blocked from sending or receiving SMS with a link. MCMC had earlier issued the directive to all telcos on February 14, 2023, but the ban on SMS links is only now being implemented.

The ban on SMS links is currently not mandatory for all telcos, and is being implemented in phases. Currently, the ban is limited to SMS between individuals.

Businesses using short codes like 6XXXX, 2XXXX and 1XXXX will eventually be banned from including a URL link in their SMS messages. They will be given time to switch to other methods to send promotional messages with links to their customers.

The MCMC has issued a directive to all telcos to block sending and receiving of SMS with URL link. The objective is to prevent users from becoming victims of online scams

MCMC issued the directive to all service providers on Feb 14 and is currently assessing the progress. For now, the block is still not mandatory.

The blocking of person-to-person SMS with URL links will take effect from 2 May 2023. For SMS sent by business via short codes such as 6XXXX, 2XXXX and 1XXXX, this will be done later and specific notification to business users will be sent.

Malaysia Deputy Communications and Digital Minister Teo Nie Ching said in February 2023 that blocking such SMS links will ensure that people won’t click on them and possibly end up as a scam victim.

Recommended : Scam Alert : Watch Out For Telegram Phishing Attack!

 

Only SMS Links Banned, Links Via Other Platforms Still A Risk

While this measure is really helpful in reducing scams, the ban is limited to SMS links. Scammers can still send links through instant messaging platforms like WhatsApp, Telegram, Facebook Messenger, WeChat, etc.

That does not mean that links are inherently bad. Links in messages, even SMS messages, are mostly safe.

Perfectly Fine

  • Clicking on a link to read an article / terms and conditions of a promotion
  • Clicking on a link to enrol in a promotion which does not require you to log into any website
  • Clicking on a link to check in for a flight, or get a travel update

However, they can be used to send you to a phishing website which is designed to look like a genuine bank / payment website. Hence, it is critical that you should NEVER log into any website through a link.

NEVER DO THIS

  • Clicking on a link to log into a bank website
  • Clicking on a link to make a purchase or payment
  • Clicking on a link to log into any account / email

Phishing attacks work by tricking you into going into a fake website that looks like the real website. But you still have to log into the fake website to give the scammers your login details.

If you click on a link, and you are asked to login – this is likely a phishing attack. But don’t worry – as long as you refuse to log into any website after clicking on a link, the phishing attack fails.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > CybersecurityMobile | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Scam Alert : Watch Out For Telegram Phishing Attack!

Watch out for the phishing attack that will allow scammers to take over your Telegram account!

 

Scam Alert : Watch Out For Telegram Phishing Attack!

Scammers are now targeting Telegram users with a phishing attack that is designed to trick them into giving up their accounts! The Telegram phishing attack works like this:

Step 1 : The scammer gains control of your friend’s Telegram account, and sends this message to you:

Dear Telegram users. The system detects that this account is abnormal and has potential security risks.

To ensure that you can log in to your account normally, you need to invite friends for auxiliary verification  

The risk control account has not been verified. The system will cancel the account after 24 hours! 

Personal Information Authentication:[link removed]

Step 2 : The scammer, masquerading as your friend, asks you to help him/her verify his/her Telegram account by clicking on the link.

There are security risks in my account, and I need friends to help me verify it. Please click on the official link to help me verify it and follow the prompts. thank you

Step 3 : If you click on the [removed] link to help your friend, you will be taken to a website that looks like an official Telegram website. DO NOT DO THIS.

Step 4 : You will be asked to log into your Telegram account on the fake website. DO NOT DO THIS.

Step 5 : The fake Telegram website will ask you to key in your Login code, or take and upload a screenshot of your Telegram. DO NOT DO THIS.

Step 6 : If you continue, the scammer will be able to take over your Telegram account, and use it to scam your friends by asking them for money, etc.

The scammer will also have access to your Telegram chats, and all associated media including photos and videos, which could potentially be leaked or used to extort you or other people.

Recommended : Beware Of Telegram Screenshot Hack + Scam!

 

How To Protect Against Telegram Phishing Attack

A phishing (pronounced as fishing) attack is a social engineering attack, that uses your trust for an institution (like a bank), authority (Telegram), or someone you know, to give up your login details.

Here are some ways you can protect yourself against any phishing attack on Telegram, or other platforms.

Verify Identity Before Trusting

Many people fall for phishing attacks because it is human nature to trust your friends and to help them. However, on instant messaging apps, you don’t actually know if it’s really your friend on the other end!

So if a friend messages you on Telegram, WhatsApp, Facebook, Twitter, Instagram, etc to ask for help, ALWAYS verify their identity before proceeding.

If possible, call or message your friend on the phone, or via a different platform (use WhatsApp if the request came on Telegram, for example).

But if you are unable to call your friend, try asking the other person something that only your real friend would know:

  • Do NOT ask questions like “Are you really Sarah??
  • Do NOT ask questions that can be answered by reading previous chat messages.
  • Ask something that only you and your friend would know, like “Hey Sarah, what was that restaurant we went to last week?
  • Ask a fake question that your friend would readily know is not true, like “Hey Sarah, are you coming over tonight?

If the other person cannot answer or gives you the wrong answer, he/she is not your friend, and that account has likely been taken over by a scammer.

Recommended : How To Block Facebook Ads + Pay Scammers!

Look At The Link

Whenever you see a link being shared, always check if it leads to a legitimate website, or attempts to masquerade as a real website, by substituting characters in the link.

This Telegram phishing attack, for example, uses a link to telegram.0rg.ee. The real Telegram domain name is telegram.org. This is called domain spoofing.

If you see an attempt to impersonate a legitimate website by using a similar-looking domain name, do NOT click on it.

Never Login Via A Link

It is common for people to share links on Telegram, and in Telegram groups. Heck, we share links to our article in the Tech ARP Telegram group!

Clicking on links in Telegram, WhatsApp, emails, etc. is not dangerous, because most lead to legitimate websites that do NOT require you to log in.

What is dangerous is logging into any website through a link. I cannot hammer this enough – NEVER LOG INTO ANY WEBSITE through a link!

Phishing attacks work by tricking you into going into a fake website that looks like the real website. But you still have to log into the fake website to give the scammers your login details.

If you click on a link, and you are asked to login – this is likely a phishing attack. But don’t worry – as long as you refuse to log into any website after clicking on a link, the phishing attack fails.

Turn On Two-Step Verification

All banking platforms, and many mobile apps now offer two-step verification to prevent scammers from taking over user accounts. However, this is often an optional feature that you must manually enable.

Telegram has a two-step verification feature, which prevents scammers and hackers from hijacking your account by requiring a secret password that only you will know.

Please follow our guide on how to turn on Two-Step Verification in Telegram.

Just make sure you do NOT give that password out to anyone, or key it into any website!

Read more : How To Turn On Two-Step Verification In Telegram!

Warn Your Family + Friends!

It is important to publicise phishing attacks, whenever they happen. If people are alerted, they are less likely to fall for such attacks.

However, scammers and hackers can quickly change the way their phishing attack works, so it is important that people understand how phishing attacks work in general.

You can help prevent phishing attacks by sharing this articles, and other cybersecurity warnings, with your family and friends.

Please help us FIGHT SCAMMERS by sharing this cybersecurity article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Business | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

How To Block Facebook Ads + Pay Scammers!

Many Facebook users are getting hit by the Facebook Ads and Facebook Pay scams! Here is how you can prevent it from happening to you!

 

Facebook Ads + Pay Scam Hits Many Bank Customers!

Many bank customers are complaining that they are being charged for fraudulent Facebook Ads advertisement campaigns!

They discovered that their debit cards were charged for Facebook advertisements that they never approved. Some have also stated that their credit or debit cards were used to purchase goods and services using Facebook Pay.

Stephanie WongI found out the money deducted from my bank acc through multiple continuous transactions yesterday, then I called Maybank customer service immediately. They helped me to cancel the card but then the thing happened again this morning.

@ruffleseedI heard tens of millions of Ringgit were reported misappropriated through @facebook
on multiple bank over the past few weeks.

Delete your phone number from Facebook now and do not let @messenger handle your SMS. @MyMaybank has yet to answer us re: this intrusion.

@ItsNeoah : Banyak kali kena kat credit card ambank. Alhamdulilah call ambank dia mintak isi dispute form then tgok next cycle bil dah takde. Letih ngan scammer ni.

Translation : [My] Ambank credit card got hit many times. Alhamdulillah, after calling Ambank, they asked me to fill out a dispute form, then when I checked the next bill cycle [the charges] was removed. Tired of this scammer.

[/su_note]

Read more : Facebook Ads Scam Hits Many Maybank Customers!

 

How To Block Facebook Ads + Pay Scammers!

Here are some ways to prevent getting hit by the Facebook Ads scam, whether you are a bank customer in Malaysia or other countries.

Do NOT Use Debit Cards

First, you should NEVER use a debit card if you can help it. You should certainly not use a debit card online, or register it on any online or mobile payment platform, whether it’s for Apple Pay, Google Pay, or Facebook Pay.

It doesn’t matter if Bill Gates or Elon Musk or BTS endorses debit cards. DO NOT USE DEBIT CARDS!

You should certainly never use your debit card to fund Facebook advertisements. Always use a credit card, which offers you some protection against such fraudulent transactions.

Disable Your ATM Card’s Debit Card Function

Even if you have never requested for a debit card, you likely already own one – your ATM card likely doubles as a debit card! Banks have been forcing customers to take on debit cards, often by making ATM cards double as debit cards.

If possible, ask your bank to disable debit card function in your ATM card. But it is likely that they will refuse to do so – they make money from debit card transactions after all!

If your bank refuses to disable the debit card function in your ATM card, you can ask them to set the limit to ZERO. That will effectively block scammers from accessing your bank account!

Monitor Your Credit Card Transactions

Using a credit card to purchase products and services on online and mobile payment platforms offers you some protection against fraud, but you must always monitor the transactions and report any fraudulent transactions right away.

Depending on the country and card network, you usually have about 60 days to dispute credit card charges. So don’t wait. Report them as soon as you spot them! This will reduce the loss and reports you make, and speeds up the refund process.

Recommended : Maybank FB Ads Scam : How To Recover Your Money?!

Remove Your Credit Cards ASAP

If you register your credit cards for use with Facebook Ads or Facebook Pay, try to REMOVE them as soon as you are done.

Do NOT leave them registered to your Facebook Ads or Facebook Pay account, as a scammer or hacker who gains access to your Facebook account can make fraudulent purchases or run fraudulent advertisements using those credit cards without additional verification.

That appears to be the modus operandi of the Facebook Ads scam that has affected so many Maybank customers in recent weeks.

But if you have never registered your credit or debit cards with Facebook, or removed them after using, even if scammers hacked into your Facebook account or gained access through phishing attacks, they won’t be able to use your credit or debit cards!

Enable PIN For Facebook Pay

If you are using Facebook Pay, a scammer who gains access to your Facebook account could potentially use the debit or credit cards you registered earlier to make fraudulent transactions.

To prevent that, you should enable PIN confirmation for Facebook Pay:

  1. Go to Settings in the Facebook website (not app).
  2. Go to Account Settings, and select Orders and payments.
  3. In the Orders and payments page, select Settings.
  4. In the Security section, select Require PIN Confirmation.
  5. You will be asked to enter a 4-digit number as your PIN.
  6. Key in the 4-digit number again to confirm your PIN.

After that, you will be required to key in the 4-digit PIN whenever you make a payment, or change your bank account details, or connect your payment info with other Meta apps.

Recommended : Can Greeting Photos + Videos Hack Your Phone?!

Turn On Two-Factor Authentication

To make it harder for scammers / hackers to gain access to your Facebook account, turn on two-factor authentication:

  1. Go to your Security and Login Settings.
  2. Scroll down to Use two-factor authentication and click Edit.
  3. Choose the security method you want to add and follow the on-screen instructions.
When you set up two-factor authentication on Facebook, you’ll be asked to choose one of three security methods:
Once you’ve turned on two-factor authentication, you can get 10 recovery login codes to use when you’re unable to use your phone.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MoneyTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Facebook Ads Scam Hits Many Maybank Customers!

Many Maybank (MBB) customers are getting hit by the Facebook Ads scam!

Find out what’s going on, and what you can do to avoid this Facebook Ads scam!

 

Facebook Ads Scam Hits Many Maybank Customers!

Many Maybank customers are complaining that they are being charged for fraudulent Facebook Ads advertisement campaigns!

They discovered that their debit cards were charged for Facebook advertisements that they never approved.

Stephanie Wong : I think i am a very cautious person as I did not link my card to any platform or make purchase through any unsafe website at ALL, but it still happens to me.

I found out the money deducted from my bank acc through multiple continuous transactions yesterday, then I called Maybank customer service immediately.

They helped me to cancel the card but then the thing happened again this morning.

@ruffleseedI heard tens of millions of Ringgit were reported misappropriated through @facebook
on multiple bank over the past few weeks.

Delete your phone number from Facebook now and do not let @messenger handle your SMS.

@MyMaybank has yet to answer us re: this intrusion.

Recommended : Beware Of Telegram Screenshot Hack + Scam!

Fahim Fahmi : Begitu saja duit kena curi 😢

Translation : That’s how [my] money got stolen 😢

Danish Ihsan : Aku dah kena jugak, satu hari 2 transaction.. nasib sedaq awai, habis rm800.. kalau tak lagi banyak.. maybank dah tak selamat, tadi kat bank pun ada akak kena jugak transfer to others acc beribu2 jugak lah,. Solusi, jangan guna maybank buat masa sekarang..

Translation : I got with with 2 transactions in one day.. luckily, I realised early, but lost rm800.. if not it would have been more.. maybank is not safe, just now at the bank a lady transferred thousands [of ringgit] to other people’s account. Solution, don’t use Maybank for now..

Recommended : Watch Out For TNG eWallet SMS Phishing Scam!

 

Analysis : Facebook Ads Scam May Not Be Related To Maybank

Many of those customers are angry with Maybank over these fraudulent charges to their debit cards, which meant the money was directly withdrawn from their bank accounts.

However, on closer analysis, the scammers may not necessarily be taking advantage of leaked Maybank debit card information, or hacked Maybank itself…

Fact #1 : Other Bank Customers Are Affected Too

While most recent Facebook Ads scam cases appear to be affecting Maybank customers, other bank customers are reporting that they took were charged for those fraudulent advertisements.

@eeshepeeka : nohh laki cek pun kena last week tp kat CIMB. ada few transaction for 2 days nasib dia tolak sikit2. sekali deduct RM12+ sehari 3x ja. deduction description pun sama sebiji cam dlm gambaq tu. haiyaa

Translation : Well, my husband also got [scammed] last week but at CIMB. there were a few transactions for 2 days, but luckily [the scammer] deducted only small amounts. each time deducting RM12+ a day for 3 times. The deduction description is the same as the one in the picture. haiyaa

@ItsNeoah : Banyak kali kena kat credit card ambank. Alhamdulilah call ambank dia mintak isi dispute form then tgok next cycle bil dah takde. Letih ngan scammer ni.

Translation : [My] Ambank credit card got hit many times. Alhamdulillah, after calling Ambank, they asked me to fill out a dispute form, then when I checked the next bill cycle [the charges] was removed. Tired of this scammer.

Recommended : Can SIM Swap empty bank accounts without warning?!

Fact #2 : Most Of Them Ran Facebook Ads In The Past

In addition to analysing their stories, I also spoke to someone who knows several Maybank customers who got hit by the scam. From what I can ascertain, most of them ran Facebook Ads in the past.

Stephanie Wong : 3.) Did not run any ads recently, but few years ago

@wnn_tasha : I last pakai FB ad guna akaun ni tahun 2018. Silap tak remove payment method tu.

Translation : I last used FB ad using this account in 2018. My mistake for not removing the payment method.

They said that they paid for Facebook page a few years ago to boost their audience.

That said, at least two Maybank customers said that they have never registered any debit or credit card with Facebook:

Fahim Fahmi : Tak pernah ada link kad dengan FB atau social media yang lain

Translation : [I] never linked [any] card with FB or other social media

@ruffleseed : I have never set up payment methods on Facebook nor have I ever used Facebook ads.

Recommended : Beware Of Telegram Screenshot Hack + Scam!

Fact #3 : Scammer Likely Got Access To Those Facebook Accounts

What is interesting is that most of those who were affected by this Facebook Ads scam reported that their Facebook accounts were used to create and run those ads.

If their debit or credit cards were merely stolen, the scammers could have created a new Facebook account to use those stolen cards to run Facebook ads.

Fortunately, one of the victims “caught” the scammer logging into her account from the United States. This clearly shows that the Facebook Ads scam requires the scammer to gain access to their Facebook accounts.

It is likely that the scammers gained access to their victims’ Facebook accounts using phishing attacks, and simply used the debit or credit cards that those victims earlier registered with Facebook to run advertisements in the past.

Fact #4 : Facebook Auto-Fill Is Not The Problem

After these cases went viral, people blamed the Auto-Fill feature in Facebook, and shared videos and photos on how to disable it.

The truth is – this Facebook Ads scam very likely has nothing to do with Auto-Fill, which is a feature used in many other services and platforms.

Auto-Fill only makes it easier to fill in your debit or credit card details. It does not bypass any verification that is required to make a payment.

Read more : Must You Disable Facebook Auto-Fill To Block Scams?!

Fact #5 : You Can Recover Your Money!

Now, this is important – you need to move fast to cut your losses, and recover the money. You can also improve your Facebook account security to prevent it from happening again.

For more details, please read our guide – Maybank FB Ads Scam : How To Recover Money?!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MoneyTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Must You Disable Facebook Auto-Fill To Block Scams?!

Must you immediately disable Auto-Fill in Facebook to block scams?!

Here is what you need to know about Facebook Auto-Fill, and getting scammed on Facebook!

 

Claim : Facebook Auto-Fill Opens You To Scams!

People are sharing warnings about Facebook Auto-Fill, together with instructions on how to disable it to block Facebook Ads scams.

Guys check ur Facebook
And make sure these are OFF
this week a lot of MBB customers kena scam

1. Please check your bank account.
2. Please disable ‘auto-fill’ option in Facebook…

Recommended : Facebook Ads Scam Hits Many Maybank Customers!

 

Truth : Facebook Auto-Fill Does Not Open You To Scams

There appears to be a spate of scams involving Facebook Ads and Maybank users, but it does not appear to be related to the Facebook Auto-Fill feature, and here are the reasons why…

Fact #1 : Facebook Introduced Auto-Fill In 2013

Facebook started introducing Auto-Fill sometime in September 2013, and gradually rolled it out globally over the years, so this is not a new feature.

Fact #2 : Many App Use Auto-Fill

Facebook isn’t the only app or platform to use Auto-Fill. Many services and platforms use Auto-Fill to make it easier to fill up forms and make payments.

The Auto-Fill feature is used in most, if not all, e-commerce / online shopping / online payment platforms, to expedite payments. The idea is that if they make it easier it is for you to pay, you will tend to buy more!

Many apps and services also use Auto-Fill to help you fill onerous forms with common details like your full name, email address, address and telephone number.

Fact #3 : Facebook Does Not Automatically Have Your Details

Facebook enables Auto-Fill by default for forms and payment, but that does not mean it has access to your debit or credit cards, or even your personal details. You need to manually key in your Contact Info and/or Payment Info for Facebook Auto-Fill to work.

If you have never given Facebook your credit card details, there is no way for its Auto-Fill to automatically fill in the credit card details for any transaction. Even if a scammer gains access to your Facebook account, he/she cannot use Auto-Fill because you never keyed in your debit or credit card details in the first place!

I did a quick check on two cases involving Maybank that came up recently (first example) (second example), and noticed that both parties who reported that they got fraudulently charged for Facebook Ads never registered their credit card with Facebook at all!

So whatever may be going on, it does not appear to be a Facebook Auto-Fill issue. But just in case you are worried, here are the latest steps on how to disable Auto-Fill on the Facebook mobile app.

  1. Tap on your icon at the upper right corner of the Facebook app to access the Menu.
  2. Scroll down the Menu until you see the Settings & privacy group.
  3. Tap on Settings.
  4. Scroll down the Settings & privacy page, and tap on Browser.
  5. Scroll down the Browser settings page to the Auto-fill section.
  6. You can tap on the Contact info and Payment info to check what information you shared with Facebook.
  7. To disable Auto-fill for contact information, unselect Auto-fill contact forms.
  8. To disable Auto-fill for payment, unselect Auto-fill payment forms.

Recommended : Can SIM Swap empty bank accounts without warning?!

Fact #4 : Auto-Fill Cannot Bypass TAC Verification

Even if you registered your credit card details with Facebook, and then use Auto-Fill to make a purchase, you will still need to authenticate that purchase.

Of course, it is possible to conduct a SIM swap attack, but that’s a different story altogether…

Fact #5 : Existing Facebook Ads Account Is A Risk

Those who have earlier registered a Facebook Ads account and ran advertisements may be at risk, because their credit cards would already be linked to their Facebook Ads account.

A scammer who gains access to their account (usually through phishing attacks) can easily create and run advertisements using their existing Facebook Ads account using the credit cards that have already been registered and approved earlier.

To minimise your risk, never ever use a debit card! Always use a CREDIT CARD, and always keep an eye on the transactions. Report to the bank once you see a fraudulent transaction.

But this has nothing to do with the Facebook Auto-Fill feature, and is not a concern if you never pre-approved your debit or credit cards with a Facebook Ads account.

Fact #5 : Existing Facebook Pay Account Is A Risk

Similarly, if you are using Facebook Pay, a scammer who gains access to your Facebook account could potentially use the debit or credit cards you registered earlier to make fraudulent transactions.

Again, you should NEVER use a debit card with Facebook Pay. Use a credit card, and always keep an eye on the transactions, and report to the bank once you see something fishy.

On top of that, you should enable PIN confirmation for Facebook Pay:

  1. Go to Settings in the Facebook website (not app).
  2. Go to Account Settings, and select Orders and payments.
  3. In the Orders and payments page, select Settings.
  4. In the Security section, select Require PIN Confirmation.
  5. You will be asked to enter a 4-digit number as your PIN.
  6. Key in the 4-digit number again to confirm your PIN.

After that, you will be required to key in the 4-digit PIN whenever you make a payment, or change your bank account details, or connect your payment info with other Meta apps.

Recommended : Maybank FB Ads Scam : How To Recover Money?!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MoneyTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Watch Out For TNG eWallet SMS Phishing Scam!

In this article, we will show you many types of TNG eWallet SMS phasing scam, so you can avoid them!

 

Watch Out For TNG eWallet SMS Phishing Scam!

People are getting these SMS messages that appear to be from TNG eWallet, but are really just phishing scams!

RMO TNG eWallet: Bantuan e-dompet kepada golongan B40&M40 RM1000 akan dikreditkan ke dalam TNG eWallet anda. Kemaskini maklumat dan semakan status di www.tngewalletbantuangov.com

RMO T’n GO Your account function has been closed. You need to confirm the device immediately. Follow my.tngwallc.com

RMO TNG Wallet: Permohonan GOpinjam anda telah diluluskan, RM3000 telah kredit ke TNG Wallet anda. Sila semak baki dan tuntutan anda di http://logtouchngo.cc

RMO GOV: Terima kasih atas sokongan anda dari kerajaan BN. Bantuan e-dompet kepada rakyat Malaysia berjumlah RM500 telah kredit ke TNG Wallet anda. Sila sahkan identiti dan semak baki anda di https://touchngoemy.top/

 

How TNG eWallet SMS Phishing Scam Works!

The many examples of the TNG eWallet phishing scam employ SMS spoofing technology to send you SMS messages that appear to be from the TNG eWallet team.

What most people don’t know is that – the TNG eWallet team will never send you any SMS messages to :

  • offer you money from government or other agencies
  • inform you that money has been credited to your eWallet
  • ask you to log into your eWallet account using a link
  • ask you to update your account information using a link

The TNG eWallet team warned users against clicking on any links sent by SMS, even if they appear to be genuine. Genuine TNG eWallet SMS messages will never have a link attached.

These links do not lead to the real TNG eWallet website (https://www.touchngo.com.my/), but use similar-looking fake domains, like:

tngewalletbantuangov.com
my.tngwallc.com
logtouchngo.cc
touchngoemy.top
ewallettouchng.top
touchngosign.com
touchngolog.top
logintouchngo.cc
touchngo.life
touchngologin.cc
my.touchngo.com
my.touchwalf.com
my.touchwalp.com
my.tngowalle.com
my.tngowallet.com
tngwallet.top

If you see such domains, you should be alert that you are being targeted by a phishing scam. NEVER CLICK ON A LINK in any TNG eWallet SMS.

If you click on any of these links, you will be taken to a page that looks like a genuine TNG eWallet login page, but is really a phishing scam page.

If you key in your login details, as well as your phone number and One-Time Password (OTP), the scammers will have full access to your eWallet, and can freely transfer out your eWallet balance.

As many of us link our credit cards to the TNG eWallet, the scammers can also reload your eWallet using those credit cards, and transfer the money out.

So make sure you IGNORE any SMS message that asks you to click on a link, even if it appears to be from TNG eWallet.

Please help to fight financial scams, by SHARING this article with your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MoneyTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Fact Check : Is Semak.Info A Phishing Website?!

Is the Semak.Info website used to check for GE15 voter information really a phishing website?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Semak.Info Is A Phishing Website!

After the official voter information website by the Malaysia Election Commission (SPR) went down a day before the GE15 election day,, people were advised to try an alternative voter information website called Semak.Info.

However, this warning then went viral later that day, claiming that the Semak.Info website is really a phishing website!

The app.semak.info is a phishing site to track your mobile number. Please be informed. Please do not forward. Thanks.

 

Truth : Semak.Info Is NOT A Phishing Website!

This is yet another example of FAKE NEWS circulating on WhatsApp and social media, and here are the reasons why…

Fact #1 : Semak.Info + App.Semak.Info Are Different Pages

First, let me point out that Semak.Info, and App.Semak.Info are two different pages on the same website. Think of them as two different rooms in the same office.

Semak.Info is the public-facing page, where users can check their GE15 voter information. Think of it as the information desk at your office.

 

App.Semak.Info, on the other hand, appears to be the website administrator’s page. Think of it as the back office.

That’s why it has a login page, just like how your back office would have a door with a lock – so that the public can’t just walk inside.

 

Fact #2 : Phishing Websites Masquerade As Genuine Websites

Phishing (pronounced as fishing) is a social engineering attack that attempts to obtain your login information, or personal information like credit card and bank account numbers, etc.

Hackers accomplish this by creating fake websites that look like the real website, to trick you into revealing sensitive information like your bank account login and password, or your security questions.

The Semak.Info page does not ask for any login or critical personal information, so it is not a phishing website.

The App.Semak.Info page is blank, with a simple login function. It does not pretend to be an SPR or banking website, and so it is also not a phishing website.

Fact #3 : Semak.Info Is Owned By DAP

When Semak.Info was first circulated, I too was concerned about this “unknown” website. But a quick check showed that the Democratic Action Party (DAP) was the one promoting its use on Facebook.

I did a little digging, and confirmed that the Semak.Info domain is owned by the Democratic Action Party. It also looked like they bought the domain, and developed the website for GE14, way back in 2017.

Fact #4 : Phone Number Used To Send WhatsApp

Some people asked me why this Semak.Info website would require a phone number, when the official SPR website does not require one to obtain voter information.

What they may not realise is that the DAP team added a WhatsApp messaging feature to their Semak.Info website.

Once you key in your phone number and identity card number, the website will give you your voter information. At the bottom though is a blue Whatsapp [sic] button.

If you click on that button, the website will attempt to send a WhatsApp message to that phone number you keyed in earlier, with key voting information.

It doesn’t automatically send the message. You are given a preview of the message, and you will need to tap on the “Continue to Chat” button to actually send that message to the phone number.

Fact #5 : You Can Use A Fake Phone Number

You may be worried that the DAP team could be harvesting your phone number, and tying it to your identification card number.

Frankly speaking, that kind of data is already easily available and sold (illegally) to marketers and scammers alike. So no one actually needs to “scam” you into keying your phone number.

If you are worried, you can use a fake phone number with this website. Just key in any 7-digit number, with a legitimate 3-digit telco prefix (like 011, 012, 017, 018, etc.), and you are good to go.

Please WATCH OUT about such FAKE NEWS on WhatsApp and social media. They are designed to suppress voter turnout in the 15th General Election.

Regardless of what you may read or see on social media, please take the time and effort to cast your vote. This is not only your right, it is your responsibility as a citizen of Malaysia.

Remember – democracy does not guarantee us a good government. Democracy only guarantees us the right to vote out a bad government!

Happy voting on 19 November 2022!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Fact Check | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Watch Out For Nestle 2022 Anniversary Phishing Scam!

Please watch out for the Nestle 2022 Anniversary phishing scam!

Find out why it is just a SCAM, and WARN your family and friends!

 

Nestle 2022 Anniversary Phishing Scam Alert!

People are now sharing the Nestle 2022 Anniversary message on WhatsApp (translated into English) :

CONGRATULATIONS!

Your family has been chosen to receive a lucky drag for the Nestle 2022 Anniversary at the Nestle office.

This contest has been approved by the Malaysian court / police, with the cooperation of Bank Negera Malaysia (BNM).

The link attached to the a website with the following instructions :

  1. Winners must keep the PIN-CEK number as evidence for winner verification and prize collection
  2. There are two ways to submit the contest form – through WhatsApp or this website.
  3. The contest form must be completed with your details. Incomplete forms will be rejected by the sponsor without notice.
  4. Every valid application will be shortlisted. There is no limit to the number of applications.
  5. First Prize Winner : RM10,500
    Second Prize Winner : RM9,300
    Third Prize Winner : RM8,500
  6. To redeem your prize, just use your WhatsApp to :
    a) Fill in the Nestle winner application number
    b) Fill in your full name and identity card number
    c) Attach a clear picture of your BANK ATM CARD – front and back
    d) Go to the nearest ATM machine, and WhatsApp the details above to +60124181128

 

Nestle 2022 Anniversary Phishing Scam : How Does It Work?

The Nestle 2022 Anniversary phishing scam is DANGEROUS. Please warn your family and friends to AVOID it.

Fact #1 : There Is No Such Nestle Giveaway!

There is no such anniversary giveaway by Nestle Malaysia. There is no reason for Nestle Malaysia to give out so much money.

They are a business, not a charity. They are in the business of selling you products, not giving you money.

Businesses do sponsor giveaway contests, but they are generally low value. Nestle Malaysia, for example, is currently giving away RM30 Shopee vouchers.

Fact #2 : Nestle Would Not Use Free Websites

Nestle is a large multinational company. It would not be using free website services like Wix.

Nestle Malaysia has its own website (https://www.nestle.com.my/) and Facebook page (https://www.facebook.com/Nestle.Malaysia) where they post official contests and promotions.

Always verify if a contest is genuine by visiting the official website / social media page.

Fact #3 : Nestle Would Never Ask For Pictures Of Your ATM Card!

Nestle, and any legitimate brand, would NEVER ask you to send them pictures of your bank ATM card!

Sending the pictures of your ATM card will allow them to clone the card, or trick bank staff into giving the scammers access to your bank account.

NEVER EVER SEND ANYONE PICTURES OF YOUR BANK ATM CARD!

Fact #4 : Nestle Would Never Ask You To Go To An ATM

No legitimate contest would require you to go to an ATM machine to receive money.

NEVER TRUST ANYONE WHO ASKS YOU TO GO TO AN ATM MACHINE.

Fact #5 : Nestle Would Never Ask For Your PIN / TAC

Nestle would never ask you for your ATM card’s PIN or any TAC number you may receive.

Giving out those details is how scammers get access to your bank account.

NEVER GIVE OUT YOUR PIN OR TAC NUMBER!

Fact #6 : This Lets Scammers Withdraw Money From Your Bank Account

I know many of us are in dire straits during this COVID-19 pandemic, having lost jobs, income or even loved ones.

Unfortunately, scammers are counting on our desperation to prey on us, using such anniversary scams.

This particular Nestle 2022 Anniversary Scam is a real danger, because it will allow scammers to gain access to your bank account and withdraw money.

Also watch out for the other anniversary scams that I have covered over the years :

Please WARN your family and friends about these scams!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Business | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Verified : KKM + MySejahtera SMS Messages Are Legit!

Are scammers sending fake SMS messages from KKM and MySejahtera to scam you out of your money?

Take a look at the viral post, and find out what the FACTS really are!

 

Claim : KKM + MySejahtera SMS Messages Are Fake!

People have been sharing a screenshot of two SMS messages from KKM (Malaysia Ministry of Health) and MySejahtera, claiming that they are scam messages.

RM0 MySejahtera: You are COVID-19 positive. Kindly refresh your MySejahtera Profile and click to declare your close contact: https://bit.ly/3jNvOqL

RM0 KKM Anda adlh COVID19 positif & masih belum menjawab status kesihatan hari ini. Segera lengkapkan H.A.T. di MySejahtera. Rujuk https://bit.ly/2VMaWrC

This is a scam. If receive don’t click. Please inform all ur family members and friends ….NETIZEN WATCHDOG

Many also include a link to the Kuan Evening Edition video to prove that these messages are indeed fake messages used by scammers in “phishing attacks”.

 

Truth : KKM + MySejahtera SMS Messages Are Legit!

The SMS messages in the screenshot are legit, and came from KKM and MySejahtera.

The truth is that viral message is FAKE NEWS, and here are the facts…

Fact #1 : The MySejahtera SMS Message Is Legitimate

The MySejahtera SMS message in English is legitimate. It warns you that you have tested positive for COVID-19.

You are therefore required to declare your close contacts in the MySejahtera app or website.

The link – https://bit.ly/3jNvOqL – leads to the Close Contact reporting page in the MySejahtera website (https://mysejahtera.malaysia.gov.my/help/closecontact/).

Fact #2 : The KKM Telephone Number Is Genuine

On 24 September 2021, KKM confirmed that the 03-2703-3000 telephone number is genuine.

The Malaysia Ministry of Health uses that telephone number to call those identified as COVID-19 positive to fill up their Home Assessment Tool (HAT) in the MySejahtera app.

Fact #3 : The KKM SMS Message Is Legitimate

The KKM SMS message in Bahasa Malaysia is also legitimate.

It is a reminder that you did not fill in your Home Assessment Tool (HAT) in the MySejahtera app today.

Those who are under home quarantine must complete that home assessment test every day.

The Ministry of Health may issue a compound if you fail to perform the home assessment test, as required.

The link in the SMS – https://bit.ly/2VMaWrC – actually leads to a PDF infographic on the Home Assessment Tool (HAT) – https://www.infosihat.gov.my/images/media_sihat/poster/pdf/DiManakahHAT.pdf

The infographic explains who needs to perform self-monitoring using the HAT feature, and how to do it in the MySejahtera app.

Now that you know the truth, please SHARE this fact check, so your family and friends won’t be fooled by the fake news!

It is critical that everyone understands that these alerts are genuine, and take them seriously!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Maybank B40 Subsidy Scam : Do NOT Click Or Call!

Watch out for the new Maybank B40 subsidy scam! It is a phishing attack to gain access to your Maybank account!

Do NOT click or call. Just delete it, and WARN YOUR FAMILY AND FRIENDS!

 

Maybank B40 Subsidy Scam : Do NOT Click Or Call!

Scammers are sending out this SMS claiming that Maybank (MBB) will issue the B40 subsidy after you fill in some information.

Please do NOT click on the message, or call the telephone number. Just delete it and warn your family and friends!

 

Why This Maybank B40 Subsidy Offer Is Just A Scam

Let us show you why this Maybank B40 subsidy offer (and similar offers) is just a scam.

If you spot any of these warning signs, BACK OFF and DO NOT PROCEED!

Warning Sign #1 : No Such B40 Subsidy Program

The Malaysian government has not announced any B40 subsidy program.

Neither would Maybank offer free money for the B40. It’s a bank, not a charity.

Warning Sign #2 : Bad Grammar

The bad English grammar should be a warning sign that this is not a legitimate offer.

Warning Sign #3 : Not Using The Real Maybank Domain

A genuine Maybank campaign would use the real Maybank domain – www.maybank.com.my.

The use of a different domain should warn you that this is not a legitimate Maybank website.

In fact, Google Chrome will warn you that this website is a phishing attack – to get your personal and banking information.

Warning Sign #4 : Asking You For Your Information

The banks – whether they are Maybank, Public Bank, CIMB, etc – will NEVER ask you to fill in your personal details.

Think about it – they already have your information because you have an account with them!

Even if there is a legitimate B40 subsidy programme, they only need you to log into your Maybank account. They do NOT need you to register your details again.

These scammers ask you for these details so they can use them in phishing calls, to convince you that they are really from Maybank.

Warning Sign #5 : Asking You For Your Bank Login!!!

This is a BIG warning sign. Banks will NEVER ask you for your user name and password.

If you key in this information, you are basically giving these scammers access to your Maybank account.

They will call or message you and try to get your TAC (Transaction Authorisation Code) number that is sent to your mobile number. DO NOT GIVE THAT TO THEM!

If you sent them your user name and password, please contact the bank immediately, and change your password!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MoneyTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

INTERPOL : Alarming Rate Of COVID-19 Cyberattacks!

According to INTERPOL, cybercriminals are taking advantage of the COVID-19 pandemic, boosting cyberattacks at an alarming pace.

Learn more about their key findings, and what they are projecting will happen in the near future!

 

COVID-19 Pandemic : New Opportunities For Cyberattacks!

The COVID-19 pandemic has forced organisations and businesses to rapidly deploy remote work systems and networks to support staff working from home

Cybercriminals are taking advantage of these new COVID-19 work-from-home normals, targeting staff of major corporations, governments and critical infrastructure to steal data and generate profits.

Online Scams + Phishing

 Threat actors have revised their usual online scams and phishing schemes. By deploying COVID-19 themed phishing emails, often impersonating government and health authorities, cybercriminals entice victims into providing their personal data and downloading malicious content.

Around two-thirds of member countries which responded to the global cybercrime survey reported a significant use of COVID-19 themes for phishing and online fraud since the outbreak.

Ransomware + DDoS

Cybercriminals are increasingly using disruptive malware against critical infrastructure and healthcare institutions, due to the potential for high impact and financial benefit.

In the first two weeks of April 2020, there was a spike in ransomware attacks by multiple threat groups which had been relatively dormant for the past few months.

Law enforcement investigations show the majority of attackers estimated quite accurately the maximum amount of ransom they could demand from targeted organisations.

Data Harvesting Malware

Taking advantage of the increased demand for medical supplies and information on COVID-19, there has been a significant increase of cybercriminals registering domain names containing keywords, such as “coronavirus” or “COVID”. These fraudulent websites underpin a wide variety of malicious activities including C2 servers, malware deployment and phishing.

From February to March 2020, a 569 per cent growth in malicious registrations, including malware and phishing and a 788 per cent growth in high-risk registrations were detected and reported to INTERPOL by a private sector partner.

Misinformation

An increasing amount of misinformation and fake news is spreading rapidly among the public. Unverified information, inadequately understood threats, and conspiracy theories have contributed to anxiety in communities and in some cases facilitated the execution of cyberattacks.

Nearly 30 per cent of countries which responded to the global cybercrime survey confirmed the circulation of false information related to COVID-19. Within a one-month period, one country reported 290 postings with the majority containing concealed malware. There are also reports of misinformation being linked to the illegal trade of fraudulent medical commodities.

Other cases of misinformation involved scams via mobile text-messages containing ‘too good to be true’ offers such as free food, special benefits, or large discounts in supermarkets. 

 

INTERPOL : Projection Of Future COVID-19 Cyberattacks

Here are INTERPOL’s projection of future COVID-19 cyberattacks :

  • A further increase in cybercrime is highly likely in the near future. Vulnerabilities related to working from home and the potential for increased financial benefit will see cybercriminals continue to ramp up their activities and develop more advanced and sophisticated modi operandi.
  • Threat actors are likely to continue proliferating coronavirus-themed online scams and phishing campaigns to leverage public concern about the pandemic.
  • Business Email Compromise schemes will also likely surge due to the economic downturn and shift in the business landscape, generating new opportunities for criminal activities.
  • When a COVID-19 vaccination is available, it is highly probable that there will be another spike in phishing related to these medical products as well as network intrusion and cyberattacks to steal data.

 

Recommended Reading

Go Back To > CybersecurityEnterprise + Business | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


COVID-19 Email Scams + Malware Are Spreading!

As the COVID-19 coronavirus spreads across the world, so are COVID-19 email scams and malware!

Tatyana Shcherbakova tells us what she and her team discovered!

 

Warning : COVID-19 Email Scams Are Spreading!

As the COVID-19 coronavirus spreads, fake information is being created and distributed at a very high rate, confusing people all over the world.

Cybercriminals are taking advantage of the confusion, creating various email scams, with some realistic ones pretending to be from the WHO.

Tatyana Shcherbakova, a senior web content analyst, details how her team looked at the COVID-19 email scams, and came across the realistic ones from WHO…

 

WHO Is Warning You? These Are COVID-19 Email Scams!

At first, we found emails offering products such as masks, and then the topic became more commonly used in Nigerian spam emails. We also found scam emails with phishing links and malicious attachments.

One of the latest spam campaigns mimics the World Health Organization (WHO), showing how cybercriminals recognize and are capitalizing on the important role WHO has in providing trustworthy information about the coronavirus.

Users receive emails allegedly from WHO, which supposedly offer information about safety measures to be taken to avoid a COVID-19 infection.

Once a user clicks on the link embedded in the email, they are redirected to a phishing website and prompted to share personal information, which ends up in the hands of cybercriminals.

This scam looks more realistic than other examples we have seen lately, such as alleged donations from the World Bank or IMF for anyone who needs a loan.

In order to stay safe, we advise users to carefully study the content of the emails they receive and only trust reliable sources.

If you are promised a vaccine for the virus or some magic protective measures, or content of the email is making you worried, it has most likely come from cybercriminals.

This is especially true if the sender suggests clicking on a link and sharing your personal data or opening an attachment.

You should not donate any real money or trust information with promises to help those affected by the virus, even if the email comes from someone who introduces themselves as an employee of a trusted organization.

Finally, double check the email address, as scammers often use free email services or addresses that have no relation to the organization mentioned.

 

Malware Masked As COVID-19 Coronavirus Documents!

They also found malicious files disguised as documents related to the COVID-19 coronavirus. The malicious files were masked under the guise of pdf, mp4 and docx files about the COVID-19 coronavirus.

The names of files imply that they contain video instructions on how to protect yourself from the virus, updates on the threat and even virus detection procedures, which is not actually the case.

In fact, these files contained a range of threats, from Trojans to worms, which are capable of destroying, blocking, modifying or copying data, as well as interfering with the operation of computers or computer networks.

Some malicious files are spread via email. For example, an Excel file distributed via email under the guise of a list of coronavirus victims allegedly sent from the World Health Organization (WHO) was in fact a Trojan-Downloader, which secretly downloads and installs another malicious file.

This second file was a Trojan-Spy designed to gather various data, including passwords, from the infected device and send it to the attacker.

 

COVID-19 Email Scams + Malware : How To Avoid

As governments and businesses are forced by the COVID-19 coronavirus to encourage their employees to work from home, it is critical that they employ these cybersecurity practices to reduce risk of falling for phishing attacks, or malware :

  • Provide a VPN for staff to connect securely to the corporate network
  • All corporate devices – including mobiles and laptops – should be protected with security software
  • The operating system and apps should be updated with the latest patches
  • Restrict the access rights of people connecting to the corporate network
  • Ensure that the staff are aware of the dangers of unsolicited messages

 

Recommended Reading

Go Back To > Cybersecurity | Business | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Microsoft : Cybersecurity Trends + How To Stay Safe In 2020!

As part of Safer Internet Day (SID), Antony Cook from Microsoft shared the key cybersecurity trends in 2020, and how we can stay safe against those dangers.

Even if we are experienced techies, it is enlightening to find out what Microsoft believes are the cybersecurity threats that we should be looking out for in 2020.

 

Microsoft : Key Cybersecurity Trends In 2020!

Cybersecurity Trend #1 : Less Ransomware But More Attacks

Ransomware has declined in recent years, dropping more than 60% from its peak. But Microsoft sees a rise in other types of cyberattacks.

Attackers have learned that ransomware attracts too much attention from law enforcement, and organisations have gotten better at backing up their data.

So hackers are moving onto other activities like cryptocurrency malware and phishing, where they can more easily profit with less attention.

Cybersecurity Trend #2 : Mining Malware Will Be Big!

Attackers are often acting for financial benefit, so they will make big bets on cryptocurrency, especially in Bitcoin.

They will focus more on mining malware that lets them use your computer to mine cryptocurrency coins without being detected.

Coin mining software is easily available, and cybercriminals have put malware into many widely-shared and used software. They are also trying to inject these malware through websites illegally streaming copyrighted content like the latest movies.

Cybersecurity Trend #3 : Embedded Threats

Attackers are now more sophisticated, targeting legitimate and trusted software supply points to deliver malware. There have been many examples of this attack vector :

  • a routine update for a tax accounting application,
  • popular freeware tools which have backdoors forcibly installed,
  • a server management software package,
  • an internet browser extension or site plugin,
  • malicious images which active scripts when clicked,
  • peer-to-peer applications

In those cases, attackers were able to change the code of legitimate software that people trust and install without hesitation, allowing them to “hitch a ride”.

This attack vector is very dangerous and frustrating, because it takes advantage of the trust that consumers and IT departments already have for legitimate software.

Cybersecurity Trend #4 : Phishing Scams

Phishing continues to be one of the most effective ways to compromise systems, because it targets human decisions and judgment.

Microsoft noted that the percentage of inbound emails that were detected as phishing messages increased 250% throughout 2018, and they expect the final figures for 2019 to show the same trend.

 

Microsoft : How To Stay Safe In 2020!

Here is a summary of what Microsoft believes we should do to stay safe online against cybersecurity threats in 2020 :

Cybersecurity Tip #1 : Practice Good Security Hygiene

  1. Keep your operating system and software updated.
  2. Turn on email and browser protections.
  3. Apply the cybersecurity configurations that your hardware and software vendors recommend.
  4. Stay away from any unfamiliar software or websites.
  5. Use only legitimate software, and not just your key applications.

Cybersecurity Tip #2 : Implement More Access Controls

System administrators should implement more access controls, using Zero Trust or at least privilege models.

This will limit hackers that successfully break into your network from accessing more than a segment.

Cybersecurity Tip #3 : 3-2-1 Backup!

Make sure you create and keep backups, and the cloud is a great tool for this.

Microsoft recommends adhering to the 3-2-1 rule – keep three backups of your data on two different storage types, with at least one backup offsite.

Cybersecurity Tip #4 : Keep Vigilant!

Even if we implement strong cybersecurity measures, we must remain vigilant, and keep an eye out for suspicious activity.

Not just system administrators, but users as well. If you see anything suspicious – report it to your IT department immediately.

It can be anything from a sudden slowdown in your computer’s performance, to strange web pages and images appearing.

 

Recommended Reading

Go Back To > Computer SystemsHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Kaspersky Travel Scam Alert + Advisory For The Holidays!

Kaspersky Lab just issued a travel scam alert and advisory for this holiday season. Pay attention, so you will enjoy a great holiday!

 

Travel Scam Operations On The Rise!

Kaspersky Lab researchers have uncovered several travel scam operations last month, seeking to trick holiday-goers looking for great bargains.

Fraudsters Are Phishing For Unwary Victims

There were more than 8,000 phishing attacks, disguised as offers from popular lodging platforms. In fact, 7,917 of those phishing attacks specifically targeted people looking for Airbnb rentals.

In one example, fraudsters created a phishing page that look like an Airbnb page, and pretended to offer cheap city-centre rentals with high review scores. Once the victim confirmed and paid for the booking, both the fraudsters and the offer disappeared.

Spam Is Still Effective!

In just one day, the researchers detected 7 different fake email blasts that are very convincingly disguised as offers from popular booking platforms for airline tickets and accommodation.

Three of those spam emails actually offered FREE FLIGHTS in return for the completion of a short online survey, and sharing the link with other people. After answering just three questions, victims were asked to enter their phone numbers, which were then used to subscribe to paid mobile services.

 

Travel Scam Methods

Spam and phishing attacks were amongst the most effective attack vectors. They use social engineering to manipulate and exploit human behaviour.

Fake Websites

These travel scam operations are often very sophisticated, using fake sites that are almost identical to the legitimate websites.

They, therefore, easily trick unwary victims into handing over their credit card details, or pay for a product or service that does not exist.

Mobile Booking Risk

More people are booking their flights and accommodations on a mobile device, which makes it harder to spot fake links. This makes mobile users particularly vulnerable to both spam and phishing attacks.

 

Kaspersky Travel Scam Advisory

To avoid these travel scams, Kaspersky Lab recommends taking these security measures :

  • If an offer seems too good to be true, it probably is. AVOID IT!
  • CHECK the link in the browser’s address bar before you key in sensitive information like your login and password.
    If it is misspelled (e.g. airbnb.com.room.online), or does not match the page you are visiting (like this example below), or uses special symbols instead of letters, don’t key in any information. CLOSE THE PAGE!

An Expedia page with a Booking.com address??? Something’s NOT right…

  • Book your stay and tickets only with trusted providers.
    Make sure you are on their actual websites by typing in their address in the browser’s address bar.
  • NEVER click on links that come from an unverified source, whether it’s in an email, an instant message or through social networks.
  • Use a security solution with behaviour-based anti-phishing technologies like Kaspersky Security Cloud, or Kaspersky Total Security, which will warn you if you get tricked into visiting a phishing web page.

 

Recommended Reading

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


The 2019 Imagine Cup Asia Teams Introduce Themselves!

On the eve of the 2019 Imagine Cup Asia competition in Sydney, we met with the top 12 Asian teams that will compete for a coveted spot in the 2019 Imagine Cup 2019 World Championship!

Let’s take a look at the twelve awesome Asian teams, and see the innovative ideas they will be pitching in the 2019 Imagine Cup Asia Regional Finals!

 

What Is The Imagine Cup?

Held and sponsored by Microsoft since 2003, the Imagine Cup is the world’s premier student technology competition. Teams of students from across the globe work together with mentors and industry leaders to bring their biggest and boldest ideas to life.

 

The 2019 Imagine Cup Asia Regional Finals

This year, Microsoft organised the 2019 Imagine Cup Asia Regional Finals in Sydney, Australia. Hundreds of teams from 17 Asian countries submitted their projects, but just twelve great teams won a shot to participate in the Asia Regional Finals.

These twelve teams will compete for US$20,000 in prizes on 12 February, but only one team will win the ultimate prize – an all-expenses paid trip to the World Finals in Seattle!

There, the 2019 Imagine Cup Asia Regional Champion will participate along the best and brightest teams from across the globe to claim the title of World Champion, US$100,000 cash prize, and the chance to take home the Imagine Cup!

 

The 2019 Imagine Cup Asia Regional Finalists


RailinNova

Country : China

Project : Rail Component Inspection Robot

Their Rail Component Inspection Robot (which combines AI and IoT) operates through automatic positioning, and identifies various defects through multi-sensor fusion in order to realise the replacement of workers in a rail inspection project.


Alpha-India

Country : India

Project : Spot – AR Based Product Filtering

Spot allows you to recognise packaged foods and check if it contains a certain ingredient or exhibits a certain character.

If a tourist visits India, he is unaware of what he can eat because packets have information written in a foreign language.


Caeli

Country : India

Project : Caeli – Breathe Freely

Caeli is a smart automated Anti-Pollution and Drug delivery mask specifically designed for Asthmatic and Chronic Respiratory Patients.

Caeli implements breakthrough features to improve the quality of life for respiratory patients living in polluted areas.


RVSAFE

Country : India

Project : RVSAFE

Disasters often strike, when we are least prepared to face them. They leave behind a trail of destruction, adversely affecting human life, and property.

The loss caused by disasters can be significantly reduced with better communication and proper management. Keeping this in mind, we designed RVSAFE, a one-stop solution for effectively handling any kind of disasters (natural or man-made).


CodeSell

Country : Indonesia

Project : Selection – Social Media

Sellution is a software as a service (SaaS) to help SMEs to perform social media marketing, not just in an easy way, but is also effective and efficient.

Sellution’s main features are optimizing marketing content, help finding the right audience, and recommendations.


Fhisherman

Country : Korea

Project : Fishing Phishing

Fishing Phishing by the Fhisherman team from Korea is a smartphone application that uses Machine Learning to analyse call voices in real-time.

It is designed to detect scam calls and warn the users!


SUFECS

Country : Malaysia

Project : Smart Urban Farming with Automated Environmental Controlled Systems (SUFECS)

SUFECS was developed to transform the farming experiences of urban farmer.

With SUFECS, farmers can monitor and control the artificial environment to achieve the most suitable environment for crops.


LookUP

Country : New Zealand

Project : LookUP

It is estimated one in five people in the world are dyslexic. However, most QnA platforms are completely text-based.

LookUP is a medium in which the dyslexic and non-dyslexic communities can effectively collaborate and learn from one another.


AidUSC

Country : The Philippines

Project : Aqua Check – Water Contamination Mobile Application

Aqua Check utilises Microsoft Azure’s Custom Vision to empower anyone to analyse for contamination by taking a photo of a water sample through a microscope.

Using Azure Web and Azure Maps, we are able to map the contamination locations.


InclusiveAR

Country : Singapore

Project : Mobile Augmented Reality Navigation Application for Wheelchair Users

This project aims to develop a mobile application, InclusiveAR, to assist wheelchair users in travelling.

InclusiveAR will map out wheelchair-accessible routes and provide visual guidance to direct wheelchair users to their destinations using AR.


The Straw Hats

Country : Sri Lanka

Project : Mind Probe

Our project aims to help people with disabilities like ALS, DMD, etc. which impair their ability to communicate.

We tap into their brain waves and use that to predict the number they are thinking and use that information to interface with a smartphone.


Maker Playground

Country : Thailand

Project : Maker Playground

Maker Playground is a next-generation IDE for IoT project development from developing device firmware, generating circuit diagram, programming your device, and designing an IoT dashboard all in one software.

 

See You @ The 2019 Imagine Cup Asia!

Congratulations to the 12 awesome teams!

Later today,, they will present their projects at the 2019 Imagine Cup Asia Regional Finals… and by 5 PM, we will find out who the 2019 Imagine Cup Asia Regional Champion will be!

 

Recommended Reading

[adrotate group=”2″]

Go Back To > Software | Business | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Kaspersky Lab Protection For Household 2.0 Revealed!

Kaspersky Lab is not letting their woes with the US Department of Homeland Security detract them from their core business of protecting consumers against cyberthreats. That was the message they conveyed when they presented the Kaspersky Lab protection options for Household 2.0.

 

Household 2.0

The modern home has changed. In the new era of Household 2.0 which consists of 2.4 people and 0.3 pets, there is an average of 6.3 connected devices per house! Yet, the Kaspersky Cybersecurity Index found that 39% of people are leaving their devices unprotected from cyberthreats like hacking, malware, financial fraud and more.

To protect these connected devices that play such a prominent role in Household 2.0, Kaspersky Lab is introducing updated versions of Kaspersky Internet Security and Kaspersky Total Security.

 

Kaspersky Lab Protection For Household 2.0

The updated Kaspersky Internet Security and Kaspersky Total Security come with anti-phishing technology to prevent users from falling victim to fake or spam emails, fake websites and fraud.

In addition, the updated URL Advisor tells a user whether a link in the search engine leads to a trusted, suspicious, dangerous or phishing website, or a website that may cause their computer harm, via a special indicator close to each link.

Many people are also worried about ransomware and the loss of their digital memories. To give them peace of mind, the new Kaspersky Internet Security and Kaspersky Total Security have updated anti-ransomware features.

Protecting your mobile devices is the new App Lock feature for Android. You can now protect specific apps like instant messaging services, social media or email accounts with a secret code. You can also use the Kaspersky Secure Connection service to encrypt your network traffic whenever you use a public or insecure Wi-Fi network.

Children are also increasingly connected to the Internet. To protect them, parents can use Kaspersky Safe Kids parental controls in Kaspersky Total Security to set time limits, restrict applications and prevent access to pages with adult content, obscene language or information on drugs and weapons.

 

The 2018 Kaspersky Lab Product Price List

Products One Device Three Devices Five Devices
Kaspersky Total Security RM 109 / ~US$ 27 RM 199 / ~US$ 49 NA
Kaspersky Internet Security RM 100 / ~US$ 24 RM 179 / ~US$ 44 RM 249 / ~US$ 68
Kaspersky Anti-Virus RM 39.90 / ~US$ 9.70 RM 119 / ~US$ 29 RM 199 / ~US$ 49

Here are some Amazon purchase links :

 

The Kaspersky Think Security Campaign

In conjunction with the announcement of the new Kaspersky Lab protection fo household 2.0, Techlane Resources, the Kaspersky Lab distributor in Malaysia, announced the Kaspersky Think Security Campaign.

You can now purchase Kaspersky Internet Security 3 Devices 1 Year at RM 179 / US$ 44 and get the following Kaspersky products absolutely FREE :

[adrotate group=”2″]

  • Kaspersky Internet Security 1 Device 1 Year,
  • Kaspersky Internet Security for Mac 1 Year, and
  • Kaspersky Internet Security for Android 1 Device 1 Year

You can also purchase Kaspersky Anti-virus 1 Device 1 Year at RM39.90 / ~US$ 9.70 and get the following Kaspersky products absolutely FREE :

  • Kaspersky Anti-Virus 1 Device 1 Year,
  • Kaspersky Internet Security for Mac 1 Year, and
  • Kaspersky Internet Security for Android 1 Device 1 Year

Go Back To > Events | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Trend Micro : Worst Cyber Threats Facing SMBs

Hackers have plenty of impetus for targeting large enterprises, especially government agencies, financial institutions and health care organizations. Even large entertainment firms such as Sony Pictures, retailers like Target and telecommunications companies including TalkTalk have been exploited by cyber criminals.

That said, the highest valued companies are not the easiest targets, especially since there are relatively few of them compared to the amount of small and medium-sized businesses. Hackers on the prowl will follow any and all leads to a quick payday. Often, this means firing into the crowd, so to speak.

Cyber criminals will have better success going after a larger number of targets than trying to orchestrate advanced targeted attacks against one bigwig organization. Even as cyber criminals continue to become more ambitious, in all likelihood, cyber attackers will continue to go after smaller businesses in 2016. For this reason, it’s worth reviewing some of the biggest cyber threats currently facing SMBs.

 

DDoS attacks

Distributed denial of service attacks represent a huge cyber threat to any business, but especially to SMBs that can only afford limited bandwidth. As hinted at in the name, the purpose of a DDoS attack is to shut down a server, thereby blocking user access to specific Web services or applications. This is accomplished by flooding network intrastate with meaningless traffic. Hence the name, the heavy distribution of requests results in a network crash.

There are countless motives for orchestrating a DDoS attack. For example, it may be executed in an attempt to shut down specific security services, so as to orchestrate a more serious, supplementary attack. However, more often than not, the goal is extortion. Hackers will flood a network, and will send ransom notes to the company stating that they won’t ease up until a certain amount of money has been paid to them. This is precisely what happened to ProtonMail in late 2015. Cyber attackers shut down the company’s central data center, and then requested a ransom of 15 Bitcoins, the rough equivalent of $6,000. In response to pressure from third parties, ProtonMail paid the ransom. However, the cyber criminals did not ease up.

The first main takeaway here is that DDoS attacks remain a significant threat to all organizations, but especially companies that offer Web-based services, and in particular, SMBs that might not have significant bandwidth. The second lesson from the incident is that any SMB that falls prey to an attack should not pay a ransom. Recovery will be time consuming, and will most likely impact revenue. However, paying cyber criminals a ransom only for them to continue the attack will result in even more lost money. When it comes to prevention, network vigilance is key. Any early signs of an impending DDoS attack may make it possible to mitigate the effects. Laying out a smart network infrastructure that can evenly distribute barrage of traffic may also alleviate some of the strain.

 

Striking the point of sale

Point-of-sale malware is not a new cyber threat, but it’s one that has become especially prominent in the past few years. According to Trend Micro, SMBs were hit particularly hard in 2015, having accounted for 45 percent of all scenarios involving POS malware. Everything from restaurants to boutiques to small service providers are heavily targeted, mainly because cyber security is not quite as strong for these companies. Not to mention, smart, sneaky new strains of POS malware are always being created.

For example, Trend Micro researchers recently discovered a form of malware that seeks out POS systems in a network. Dubbed “Black Atlas,” the malware does not appear to target specific companies in any particular industry. However, SMBs are the most likely to be affected.

Other POS threats come in the form of skimmers. These are basically rigged payment processing units that are designed to collect card information, which is then sold on the Dark Web. Part of the reason this is such a big problem for SMBs is because smaller businesses are more likely to purchase less-expensive, poorly vetted card payment systems. Some of these are actually pre-configured with skimmers. In fact, Trend Micro noted that in China, cyber criminals can actually receive text messages every time a skimmer successfully plunders payment information.

In order to avoid being snagged by a POS malware scam, SMBs are encouraged to always purchase verified, well-known payment processing systems. This will significantly reduce the threat of skimmers. Defending against POS malware is slightly more complicated as strains continue to become more elaborate, and generally more difficult to detect. There have been several cases in the past few months of hotel chains having customer payment information stolen as a direct result of POS malware.

The good news, however, is that the use of EMV chip technology significantly reduces the chances of payment information being pilfered. Rather than using the same code for every transaction – as magnetic stripes do – these chips generate a single-use script for each purchase, so that even if hackers to manage to collect this information, it is essentially useless.

Therefore, SMBs are encouraged to make the shift to EMV card processing systems as soon as possible, especially considering that as of October 2015, liability for stolen payment data shifted to merchants. Any business that does not have EMV card reading technology, and is hacked, can therefore be held accountable for the ensuing damages. Many small businesses can hardly afford to become the victim of a POS malware ploy, let along cover subsequent legal damages.

 

Phishing scams

Phishing scams will always be a problem for companies of all sizes. As long as corporations continue to fall for these ploys, hackers will work tirelessly to bring down their targets, which include SMBs. Much like DDoS attacks, modern phishing scams often take the extortion angle. One of the most prominent, recent examples is the notorious CryptoLocker strain. There are various forms of encryption malware, and many of them start off as phishing scams.

[adrotate group=”2″]

Basically, an employee might receive an email with a request to download a certain PDF or XML. In theory, an aware user should be cognizant of the danger involved with downloading a shady file, but on a particularly busy day, a phishing email may trick even the most wary of workers. Upon opening the cleverly disguised executable, files on the network are locked down. What typically follows is a payment request in order to decrypt the files.

Other phishing ploys might target social media portals, so as to take control of an account. For an SMB that relies on its Web presence to drive traffic to brick-and-mortar locations – for example, a restaurant, bar or mechanic shop – a hacked company Facebook page isn’t exactly choice marketing. Regardless of the targeted medium, a phishing scam can cause serious productivity setbacks for SMBs.

When it comes to securing against phishing scams and cyber threats in general, employee vigilance is hugely important. Granted, even this won’t always be enough to prevent a business from becoming the victim of a cyber attack. For the real tricky threats, SMBs will have to rely on threat protection.

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!