According to CyberSecurity Malaysia, an estimated 838 incidents have been reported from the start of the Movement Control Order (MCO) up till April 7. Most incidents involve fraud, intrusion and cyber harassment.
Authorities had also opened 393 investigation papers (Ips) involving online sales of face masks as well as fraudulent withdrawals of Employees Provident Fund (EPF) savings with total losses incurred reaching RM 3 million.
Head of Forensic, KPMG Malaysis says, “Right now, everyone is heavily reliant on their laptops or mobile phones to conduct their everyday needs such as online banking, shopping or donating to causes and charities. Criminals are not afraid to take advantage of that.”
Just one careless step could lead someone into becoming a victim of fraud and losing more in what is already a difficult situation,” he added.
Tan further pointed out that cybercrimes and scams have been more successful because of its simplicity and doesn’t require complicated countermeasures to prevent cyber incidents.
Tan says there are some practical and logical preventive steps which include :
- Don’t install applications from untrusted sources. Look out for official announcements and only install apps from the Google Play or Apple App Store.
- Beware of freeware video conferencing apps. Some of these apps were developed for ease of use, rather than with security and privacy features enabled by default. Require passwords for all meetings, never share your meeting IDs and enable waiting rooms to prevent any unwanted ‘bombers’.
- Never click on unverified links in emails or text messages.
- Do not open untrusted attachments.
- Verify the legitimacy of sources before responding to any text message or voice calls asking for personal or sensitive information.
- Report any related incident to the proper authorities via https://www.mycert.org.my/.
Tan also urges companies to educate their employees and third-party contractors on working remotely and various risks such as the proper procedures when connecting organisation devices to public Wi-Fi.
“Companies should quickly deploy cloud-based solutions to prevent and detect phishing attempts and to also provide a mechanism for employees and third-party contractors to easily report any phishing, vishing or smishing attempts,” Tan said.