{"id":20628,"date":"2020-04-15T17:21:00","date_gmt":"2020-04-15T11:51:00","guid":{"rendered":"https:\/\/www.kaspersky.co.in\/blog\/?p=20628"},"modified":"2020-04-15T17:36:37","modified_gmt":"2020-04-15T12:06:37","slug":"verification-app-scam","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.in\/blog\/verification-app-scam\/20628\/","title":{"rendered":"New banking scam tricks"},"content":{"rendered":"

Cyber scams have been going on since the dawn of the internet. Victims are scammed for their money and private data usually, via emails, phone calls or messages with links leading to a scam website. The techniques the scammers use are always changing, but the underlying principles remain the same: they pretend to be someone they are not and using this cover they lure you into doing something you won\u2019t normally do.<\/p>\n

Here\u2019s a new scam technique that has just surfaced in Malaysia. It relies on several methods such as Social engineering<\/a>, a scam<\/a> website and a mobile app.<\/p>\n

Part 1: Social engineering<\/h2>\n

In the past, scammers would call to identify themselves as an officer from a bank or other organization. They would provide their rank and ID if they have that to make them seem more credible. They would go on to request for you to read out your bank account number or even your personal identification number. After which, they would then proceed to ask you some \u201csecurity questions\u201d \u2013 of which when you tell them, you\u2019d be giving away the information they want.<\/p>\n

In a new twist, instead of receiving a call from a scammer, victims would receive an SMS or in some cases a WhatsApp message form a \u201cBank\u201d informing them of a privacy breach and that their information has been compromised. In the message they are requested to go to the bank\u2019s website to perform an identity verification.<\/p>\n

The link provided leads them to a page that at first glance looks unsuspicious and almost similar in design to the real page \u2013 but it isn\u2019t. It\u2019s a well-designed webpage designed to mimic those of the real website of this bank.<\/p>\n\n

Part 2: A New Twist \u2013 Download the app<\/h2>\n

It all seems quite like a regular scam, up until now. In the usual scenario, this page would be a phishing page designed to steal your data. But in this case it\u2019s not. This page instructs users to download an app (an Android app \u2013 has already been removed from Google Play) under the pretext of a secure app for details confirmation, The victims are asked to install it, then open it and fill in the details within it.<\/p>\n

\"\"

image from Bank Negara Malaysia\u2019s Twitter post<\/p><\/div>\n

Now that\u2019s phishing. Once the information is filled in, the scammers would use it to withdraw or transfer all the monies from the bank account \u2013 now that they have all the necessary data to access it. Once that has been done, the scammers would contact the victims via WhatsApp or SMS and request for them to delete the information they have submitted. The communication then ends.<\/p>\n

\n

#scamalert<\/a><\/p>\n

BNM does not select random people to beta test our app or system. <\/p>\n

Regardless of platform\u2014online, phone call, sms, whatsapp etc\u2014whenever you *have* to give personal info incl banking details & password\/PIN\/TAC number\u2014THAT is a SCAM. <\/p>\n

Stop before you lose your money pic.twitter.com\/ZV9rrblVFV<\/a><\/p>\n

\u2014 Bank Negara Malaysia (@BNM_official) April 14, 2020<\/a><\/p><\/blockquote>\n