MCMC sees sharp drop in phishing attacks, claims some credit
Despite rising online activities, e-commerce and online banking, attacks have slowed
ALL the action was going on in cyberspace yesterday (July 1) with hackers purportedly from Bangladesh warning us about treating their countrymen with more respect.
No websites were actually hacked. Rather, this was a more complicated attack related to DNS poisoning or DNS spoofing, where, according to CyberSecurity Malaysia chief executive officer Dr Amirudin Abdul Wahab, the attacker redirects a victim to a different site, in this case to a defacement page.
You can read more about this in Gabey Goh’s excellent original story here, plus our follow-up here.
But while cyberspace may have been abuzz, a big group of journalists including yours truly and even video crews, was blissfully unaware.
We were instead listening to the chairman of the Malaysian Communications and Multimedia Commission (MCMC), Mohamed Sharil Tarmizi, praising Malaysian consumers for becoming smarter surfers, especially around their online banking and e-commerce activities.
Proof of this came during the Q&A session when no one saw fit to ask about the DNS poisoning attacks, with questions focused on phishing and the good news about it.
This good news came in the form of data from the first five months of the year where, according to Malaysian police, only 39 phishing cases were reported, with a total loss of RM178,700 (US$56,156).
Compare this to the same period in 2012 when 264 cases in Malaysia involving losses of RM1.2 million (US$377,090) were reported (see chart below).
The MCMC has also taken down many sites – 2,611 in Malaysia alone, in 2011.
The figures are impressive against a backdrop of more Malaysians going online to shop, work and play.
The press conference was called by the MCMC to highlight the role it had played with its education efforts to reduce phishing, including its Click Wisely or Klik Dengan Bijak campaign (which is also running on digitalnewsasia.com) and its cooperation with Bank Negara Malaysia, the central bank, and the Malaysian police.
The MCMC is also drawing a connection between this reduction in phishing and the rise in public confidence in e-commerce and online banking. This is because, when online fraudsters impersonate a business (banks and e-commerce sites being a key target) to trick you into giving out your personal (username and password) or financial information, it’s frequently to run up large bills on your tab.
Users are advised not to reply to email, text, or pop-up messages that ask for your personal or financial information.
There was however no data presented by MCMC to back this up, but at least one leading industry player seemed to agree with Sharil.
Lim Kok Hing, executive director of regional online payment gateway iPay88, says that the MCMC coming down hard on phishing players and even sites that send out email blasts has had a “positive impact on e-commerce and online banking in Malaysia.”
Nonetheless, I did find it a ‘soft’ event and was expecting more from it, with both Bank Negara and the police in attendance too.
Certainly much more than to just hear about how phishing is always a people issue and not related to technology; or how Malaysians should be congratulated for being smart surfers.
In fact, this was about the only useful contribution from Shariffuddin Khalid, director of strategic communications, Bank Negara Malaysia, who noted that there were no technical breaches among the banks but that their customers have been hit by phishing attacks.
Meanwhile, SAC (Senior Assistant Commissioner) Wong Wai Loong, the deputy director of the Royal Malaysian Police’s cyber and multimedia unit, told DNA that his unit has grown from seven people when it first launched around 2003, to 77 today.
“We take cyber-crimes seriously,” he said, however admitting that prosecuting someone in these types of cases is “complicated.”
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.