PETALING JAYA: Expect more cold calls and random text messages if your data has been breached.
You will receive messages offering you property, “loans” and credit for online casinos, or phone calls claiming that you owe a bank RM5,000 or a stranger telling you that your relative was caught for a drug-related offence.
IT experts say they expect a spike in marketing and scam calls, as well as messages following the recent leak of personal data affecting 46.2 million mobile phone subscribers.
The databases, believed to have been breached in 2014, are now easily available online after someone tried to sell the information on the forums of local technology news site lowyat.net last month.
The experts called on Malaysians to be more vigilant and not fall for such calls or texts.
Cybersecurity expert C.F. Fong urged the public to ignore such communications and always check the information with the alleged source, such as banks or the police.
“If it is anything critical, the banks will send you a letter or the cops might even come knocking on your door,” he said.
“These things have already happened, which is why we have property agents or loan sharks contacting us.
“Data leaks are not a new thing, so always be vigilant, regardless of whether it happens to you or not.
“A lot of our information is online. If you have a social network profile, you are actually giving out your personal details voluntarily,” said Fong, the founder of Malaysian cybersecurity firm LGMS.
In a worst case scenario, he said the unscrupulous might impersonate someone else to apply for a credit card, especially when it involves aggressive agents who will proceed with the application without much verification.
Fong said many credit card operations were outsourced to third parties and the agents might not necessarily follow the issuing banks’ standard operating procedures.
“Bank loans, however, won’t be that easy because you will still need a thumbprint verification.
“All in all, we just need to practise some common sense, such as not giving out our personal information easily or exchanging passwords.
“Even when we visit certain offices, the security guards will sometimes ask for personal details. We do not need to disclose our full information to them, but a lot of people don’t know this.
“People need to know their rights. Question them about their Personal Data Protection Act (PDPA) compliance,” said Fong, adding that the same concept applied to events or games at shopping malls.
IBM Security’s Asia Pacific business development leader Nigel Tan said criminals who have access to the leaked data can use it to basically steal a person’s identity.
Other examples include taking over a person’s e-mail accounts and then gaining access to the smartphone app stores or banks, he added.
“Service providers should advise their customers on how to be more vigilant for possible phishing attempts. Identify and block the numbers sending spam and fraudulent calls.
“Consumers should also use stronger passwords or a password manager and two-factor authentication. And look out for alerts on fraudulent activities such as strange credit card charges or new accounts being set up.
“If users suspect their data is compromised, report it to the PDPA commission,” Tan said.
Macrokiosk chief executive officer and co-founder Datuk Kenny Goh urged the public not to panic.
“There might be some funny calls or messages. Regardless of whether there is a breach or not, when they are from weird numbers or people you don’t know, just reject the calls.
“At the most, for now, you will get more spam, marketing messages and cold calls promoting things. Just report them to the Malaysian Communications and Multimedia Commission,” he said.
Goh believes that the unscrupulous will not be able to apply for loans or credit cards because of the sophisticated verification system that banks and financial institutions have in place.
According to the breached documents which The Star has seen, the leaked data comprises the personal information of subscribers of telcos and Internet service providers, namely Altel, Celcom, Digi, Enabling Asia, Friendi Mobile, Maxis, Merchant Trade Asia, PLDT, REDtone, Tune Talk, U Mobile and XOX.
Other databases that were breached belong to JobStreet, Academy of Medicine Malaysia, Malaysian Medical Council, Malaysian Dental Association, Malaysian Medical Association, National Specialist Register of Malaysia and FxUnited.