20 October 2019, Sunday | 02:29am

Online transfer scam: ‘Favourites’ list leaves account holders vulnerable

2019-10-08

 

PETALING JAYA: Having a list of ‘favourite’ account numbers in the fund transfer feature of your online banking platform can leave you vulnerable to scams.

A kindergarten teacher had RM2,800 transferred from her bank account on Saturday by scammers who had logged into her online account.

Fortunately, Gan Saw Huat, 56, of Subang Jaya alerted her bank in time to have her account frozen.

The amount was transferred by the scammers to her sister-in-law’s account, which was registered in Gan’s favourite funds transfer list.

Money sent to accounts listed as a “favourite” do not require a transaction authorisation code (TAC), that is sent by the bank to the account holder’s cellphone via SMS to validate an online transfer.

“I had just returned home from the market at about 9.45am and on checking my phone, I found a text message that alerted me of the transfer,” she told theSun.

“I had received two phone calls from two unknown numbers earlier but I could not answer them.

“I believe the scammers might have tried to call me. Luckily, the bank found that the money was transferred to my sister-in-law’s account. As advised by the bank, I lodged a police report.”

The scammers would pose as bank officers and ask recipients of fraudulent transfers to redirect the funds to a third-party account.

Subang Jaya police chief ACP Risikin Satiman said the use of a “favourites” transfer list is convenient as it avoids the repeated entry of the recipients’ account numbers.

However, he said it had become an avenue for scammers to fraudulently transfer funds.

“The scammer in this case had failed to obtain the TAC from the potential victim,” he said.

“They then tried to use the favourites. This is when the scammers would make a call to obtain the TAC number for a fund transfer into their own accounts.

“However, the scammers here failed as the victim did not answer their calls. This tactic has been used in the past by phishers.”

Risikin also advised users not to use simple passwords derived from their birthdates, vehicle, MyKad or phone numbers as it would be easy for criminals to access their accounts.

 

 

Source: The Sun Daily

Average: 5 (1 vote)