SHAH ALAM - The case of a specialist doctor in Selangor being swindled of over RM2 million by a cryptocurrency investment syndicate last year and the recent incident of a businessman in Terengganu losing RM688,300 due to a non-existent investment have raised concerns as if online criminals know detailed information about the amount of money victims have, making them targets.
More worryingly, the increase in scam cases with losses amounting to RM4.17 billion over the past five years coincided with the issue of personal data leaks, including allegations that the personal data of 22 million Malaysians in the National Registration Department (NRD) records were reportedly sold on the database market in 2022.
Malaysian Cyber Consumer Association (MCCA) chairman Datuk Ahmad Noordin Ismail said that scammers, in general, find it difficult to accurately determine the exact amount of money in the bank accounts of the public.
Still, they could estimate the financial status of victims based on the personal profiles they obtain, such as age and occupation.
"These criminals will hack into social media, email or online application accounts randomly to obtain preliminary information before identifying easily manipulated victims.
"There are several possibilities where hackers can access information recorded online, including through the dark web or leaks of information from insiders within government departments or financial institutions.
"These criminals will then hack into the victim's social media email system to research and study how the account owner conducts business or transactions," he told Sinar.
Noordin, however, stressed that the selection of victims by scammers was mostly random and not related to data leaks.
"If the victim can be contacted by phone call, that's considered a 'jackpot' for them. From there, scammers will try to manipulate the victim.
"If they get RM100, that's enough. Then they will try the same victim again through social media," he said.
Noordin, who is also the police’s former Deputy Director of Cyber and Multimedia Crime Investigation said that cybercriminals would hack into related systems to view bank account transactions to collect personal data, passwords, and banking details to convince victims to initiate fund transfers or settle transactions.
He said all these activities were closely related and fraud tactics were becoming more complex.
"I recommend that any social media platform requires Digital Identity Registration (IDN) to facilitate authorities in tracking every online activity.
"From there, we will know who is trying to cheat. Also, introduce six IDNs for an individual to make it difficult for others to know.
"Also, introduce legislation to control bank accounts so that they are not misused for cybercrime," he said.
In the meantime, Universiti Malaysia Sarawak (Unimas), Data Science Center, Fellow Researcher Syahrul Nizam Junaini said that Malaysia will not be exempt from cybercrime, with the development of AI technology in the country.
"The sophistication of this technology will allow cybercriminals to conduct scamming, financial fraud and enable them to steal a person's identity when our personal data is stored in the cloud, and these criminals target victims based on (victim) information on social media," he said.
Syahrul Nizam said AI used in fraud usually involves sophisticated software capable of analysing and replicating a person's visual and audio characteristics.
"This technology can mimic voice patterns, speech styles, intonations, and even facial expressions, making it difficult for us to distinguish between the real and the fake," he said, adding that one example of AI software is deepfake, which can produce fake videos with the real appearance and voice of someone.
He said that the sophistication of this technology would pose a significant challenge to law enforcement agencies in dealing with crimes, especially online scams and other financial crimes.