KUALA LUMPUR: The news on scammers being able to read people's SMS, carrying the one-time password (OTP), for financial transactions, leading to money being stolen from their bank's account has triggered concerns among many Malaysians, who are mostly very comfortable with online transactions nowadays.
Yesterday, Malaysians have been urged to avoid using house cleaning or food delivery services that require customers to download a third party application under the Android Package Kit (APK).
Deputy Finance Minister II Yamani Hafez Musa (Perikatan Nasional-Sipitang) said the APK application would allow scammers to read victims' SMS carrying the one-time password (OTP), which is commonly used to facilitate financial transactions.
Commenting on this issue, Kaspersky general manager for Southeast Asia, Yeo Siang Tiong, said the company's analysts have been actively recommending the public to only install apps from official sources.
"Having the ability to install apps outside of the Google Play store can be quite convenient for those who are adventurous. However, this freedom comes with increased risks of infection as these unregulated and possibly malicious apps will also have access to user's devices and steal personal data, OTP, money and more," he explained.
Technically, no one is safe from scammers.
"They do it because they know we can be emotional and have our guards down when we need something badly, when they have triggered our sense of urgency, and when they have touched something that is relevant to us," said Yeo.
"Because of this, our main suggestion is for smartphone users to always have a safety net – a security solution installed in your devices. Having one can save you in your vulnerable moments. We can make mistakes so it's important to have another layer of security aside from vigilance," he explained.
Safe way to install apps
For Android users, Kaspersky recommends installing applications from the official app stores only.
"With its strong safety rules, official app monitoring, many user reviews, and security researcher scrutiny, Android's official store tends to be a safe place for downloading apps. Even when malware does make it to Google Play, it is quickly identified and removed," said Yeo.
In the latest versions of Android, the relevant feature is called Install unknown apps, and it is enabled separately for each app.
"If you have allowed installation from unknown sources for some apps, you will need to disable it separately for each app," he said.
But if you still need to install the apps that are not available in the official store, you can do these:
1. Search for similar apps or alternatives in the official store. Maybe there is an app with functions that suit your needs.
2. Scan the file before installing with a mobile antivirus solution like Kaspersky Security & VPN.
3. Check permissions. If the app demands too much, try to find something similar with more modest requests.
4. Disable installation of unknown apps. Remember to change your settings back after installation. Do not leave your phone open to malware.
5. Update your apps regularly because security updates are usually given by batches.
Sniffing out fraud
There are also ways to sniff out fraud before it is too late.
1. Scammers often play on greed or fear, they are trying to short-circuit their victims' ability to respond rationally.
2. Scammers also exploit hurrying the victims by setting tight deadlines.
3. Amateurish design – obvious errors in the messages should be a red flag. Pay close attention to misspelling, substitution of letters with similar looking numbers of optical counterparts from other alphabets
4. Scammers could get the victim to invest a bit of time and effort through a series of simple tasks, like taking short survey, or to read the fake reviews or comments about the apps or services
5. Often the victim is requested to make a small fee, a transfer for card verification purposes or payment for registration in some database. The asked amount is usually quite small and insignificant but with the likelihood of losing more after sharing bank details, OTP, credit cards etc.