In an increasingly interconnected world, the risks we face have gone beyond traditional forms of combat. Social engineering is one such hazard lurking in the shadows of our digital age. This article serves as an important reminder to recognise the sneaky nature of social engineering strategies and why they have become a major source of concern in Malaysia.
The deceitful strategies used by malicious individuals or groups to control human psychology, trust, and emotions are known as social engineering tactics. These strategies make use of our innate social nature, frequently causing individuals and organizations to provide critical information, undermine security, or become unsuspecting partners in cybercrime. Malaysia, like many other countries, has fallen victim to these devious ploys.
The repercussions of succumbing to social engineering can be disastrous. The possible consequences range from financial losses to reputational harm and even national security breaches. As a result, it is critical to investigate the numerous aspects of social engineering, analyze its methods, and comprehend how to safeguard ourselves and our community from its evil hold.
Unveiling the Chameleons of Social Engineering Tactics
Social engineering tactics adapt to changing landscapes, taking on different forms to infiltrate your computer systems. In Malaysia, combating these approaches necessitates understanding their varied character.
Perhaps the most well-known phishing attempts in Malaysia frequently pose as legitimate emails, messages, or websites, to steal sensitive information such as login passwords and financial data. In 2022 and 2023, for example, a wave of phishing attempts attacked Malaysian banks, persuading consumers to update their personal information via bogus links. To illustrate, Mizuho Bank (Malaysia) Berhad, a subsidiary of Mizuho Bank Ltd, located in Malaysia was a victim of an ongoing phishing scam. These investment scammers claimed to be related to Mizuho Bank (Mizuho Group, 2022). Similarly, Maybank warned its customers of an ongoing phishing scam where the scammers use a tactic emailing Maybank’s customers to reveal their login credentials, posing that their accounts have been locked due to security reasons (The Star Online, 2023).
In a country where online purchasing is popular, baiting strategies are common. Malaysians have fallen prey to alluring offers or downloads that end up introducing malware into their systems, resulting in data breaches or financial losses. For instance, a college lecturer in Kuantan was baited for RM 50 before she lost a total of RM 21,939 of her savings to an online group of job syndicates (New Straits Times, 2023). Similarly, a housewife from Kuantan was baited for RM 90 through liking and subscribing to Youtube videos, before losing RM 53,875 (New Straits Times, 2023).
Malaysian social engineers are masters of deception, creating intricate setups to persuade victims into disclosing information. Impersonating a trusted entity to obtain confidential data or gain unauthorized access is one example. For instance, scammers pretend to be an officer from the Malaysian Inland Revenue Board (LHDN) claiming that the individual has an outstanding payment that is due (Says, 2022).
Tailgating and Impersonation
Physical social engineering strategies are common outside of the Internet realm. Criminals may sneak into secure areas or pose as employees, taking advantage of human trust in physical security mechanisms. (the two employees that got arrested and fired from RHB bank). According to the New Straits Times (2023), a 71-year-old retiree lost his savings of RM 202,000 by a syndicate that was posing as Bank Negara Malaysia.
Guarding Against Social Engineering Attacks
Protecting your organization from social engineering attacks requires a proactive approach. For instance, conducting regular cybersecurity training to educate employees on the social engineering risks and prevention methods. Also, implementing strict access controls to limit the information employees can access, using email filtering solutions to detect and block phishing emails and further, developing a robust incident response plan, establishing comprehensive security policies, and conducting security audits and assessments to identify vulnerabilities in the system.
Legal Implications of Engaging in Social Engineering
Also, engaging in social engineering practices is not only unethical; it is also unlawful in Malaysia. Understanding the legal repercussions can dissuade potential abusers while also providing justice to victims. The penalties and consequences include the following;
Malaysia’s Computer Crimes Act 1997
It criminalizes unauthorized access, data tampering, and abuse of computer material. Fines and jail are possible penalties for violators.
Personal Data Protection Act 2010 (PDPA)
The PDPA governs personal data processing in Malaysia. Penalties may be imposed for unauthorized disclosure or misuse of personal data.
Offences of Fraud and Forgery
Social engineering frequently involves fraud and forgery, which are criminal offences with related punishments. Victims of social engineering attacks may also file legal lawsuits to seek restitution.
In Malaysia, the fight against social engineering strategies necessitates persistent monitoring and effective efforts. Recognise the varied and devious nature of social engineering efforts, both online and offline, keep an eye out for red flags and warning signals of prospective social engineering activities, preventive steps and best practices should be implemented to protect yourself and your organization, learn about the legal ramifications of social engineering practices in Malaysia.
Our society may protect itself against the invisible threat of social engineering by internalizing these lessons and taking proactive action. Each of us bears responsibility for protecting our digital life and the security of our country. Together, the shadows can be outwitted, and Malaysia can be shielded from the insidious hold of social engineering tactics.
Condition Zebra provides Cybersecurity Solutions and Cybersecurity Training for public and private SMEs in various industries, Financial Services (Banks and insurance), Government Ministries and agencies and Government-linked companies.
Our mission is to utilize a unique strategy of combining key technologies with expertise in Information Security and Risk Management so that clients are fully prepared to prevent and deal with cybersecurity incidents.
Condition Zebra Managed Security Service Provider (MSSP) offer two services: Managed Detection & Response and Security Awareness Training
1) MDR, or Managed Detection and Response, is a comprehensive cybersecurity 24/7 service that combines advanced threat detection, real-time incident response, and continuous monitoring to protect organisations from cyber threats.
Click here to learn more about MDR
2) Information Security Awareness Program, a fully managed cybersecurity solution designed to promote a security-conscious culture within an organization. Consists of online information security training – which includes interactive training videos, quizzes, a newsletter, wallpaper to educate your users and simulated email phishing.
Click here to learn more about the Information Security Awareness Program
Mizuho Group (2022). Retrieved from: https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.mizuhogroup.com/asia-pacific/malaysia&ved=2ahUKEwidkuSH9rqBAxW-8TgGHX3sDpkQFnoECBUQAQ&usg=AOvVaw2nwfBtbLQ48_wYAijjYxtC
New Straits Times (2023). Online Job Scammer Baited Lecturer RM 50 Before Making RM 21,000. Retrieved from: https://www.nst.com.my/news/crime-courts/2023/01/868377/online-job-scammer-baited-lecturer-rm50-making-rm21000
New Straits Times (2023). 71-Year-Old Retiree Loses RM 202,800 to Phone Scam Syndicates. Retrieved from: https://www.nst.com.my/news/crime-courts/2023/07/931927/71-year-old-retiree-loses-rm202800-phone-scam-syndicate
The Star (2023). Maybank Warns of Fake Phishing Email Targeting Customers’ Login and Credit Card Details. Retrieved from: https://www.thestar.com.my/tech/tech-news/2023/08/23/maybank-warns-of-fake-phishing-email-targeting-customers-login-and-credit-card-details
New Straits Times (2023). Housewife Baited with RM 90 Commision Before Losing Over RM 50,000 to Online Job Scammer. Retrieved from: https://www.nst.com.my/news/crime-courts/2023/02/876910/housewife-baited-rm90-commission-losing-over-rm50000-online-job Says.com. (2022). A Malaysian Guy Made a Scammer Lose His Patience After Annoying Him for an Hour. Retrieved from: https://says.com/my/fun/a-malaysian-guy-made-a-scammer-lose-his-patience-after-annoying-him-for-an-hour