14 DAY TRIAL // Seven cybercriminals were arrested in Kuala Lumpur after stealing 250.000 Malaysian Ringgits (equivalent of €50,000 or $80,000) by using a complex combination of banking kiosk phishing and mobile phone number hijackings.
According to TheSunDaily, after a well-planned police raid, the suspects, aged between 20 and 27, were apprehended, law enforcement forces confiscating computers and forged documents.
The thieves, some of which came to Malaysia as students from countries such as Pakistan, Jordan, Sierra Leon started their complex operation by modifying a thumbdrive containing spyware which they cleverly attached to an online banking booth.
After they obtained usernames and passwords from those who performed transactions at the certain kiosk, they'd use them to access the accounts of customers and obtain their phone numbers registered for financial operations.
With the help of different fake authentication documents, they would request new SIM cards from telecommunication companies.
As Commissioner Datuk Syed Ismail Syed Azizan revealed in a press statement "This new tactic is a combination of phishing and hijacking SIM cards.”
Because of the fact that when a new SIM card is issued, the old one is canceled, they called up their victims a day before the heist took place, pretending to be a representative of the telephone company and warning them that the communication services might not work for a few hours the next day.
“It is during this two hours that the syndicate would get the new simcard and obtains the TAC numbers with which they can transfer all available cash in his victims account to another account of an accomplice. The biggest single loss was RM50,000 (€10,000 or $17,000)," said the commissioner.
TAC numbers are sent by the monetary institution to mobile phones to authorize the execution of cash transfers in online banking operations.
It's clear that cybercriminals are starting to combine multiple methods which include social engineering, device skimming and, as seen before, even phone number hijacking to achieve their goals, which comes to demonstrate that you can never be to safe in a world where digital environments rule our lives [via].