TWO friends were chatting on Facebook, remarking how long it had been since they last met.
Happy to hear from an old friend, James (not his real name), 39, gave Carol his phone number.
Unbeknown to him though, “Carol”, or rather the person pretending to be her, was a scam artist.
The person’s motive was unique; to manipulate James into buying online game credits for him.
Asking James to help her redeem a free gift, “Carol” told him to send an SMS to a number.
Upon receiving a four-digit code, James was to report the numbers back to her.
But when he received a notification that he had bought RM100 worth of credit for games, Carol merely told James not to worry as it was free.
Trusting her, James followed her instructions again but became suspicious when she asked him to repeat the steps for a third time.
“I called her up to ask why was it so troublesome just to redeem a free gift.
James immediately tried to screenshot the conversation as evidence but the scammer already deleted Carol’s portion of the chat.
Upon calling his mobile phone service provider, he was told that he had unknowingly purchased RM244 worth of game credits through his actions.
“The telco said many had complained to them of similar incidents,” revealed James.
While he was able to stop the credits from being transferred to the scammer, he couldn’t get a refund as the purchase was final.
“So I am now stuck with these game credits. I don’t even play online games,” James lamented.
Taking this as a lesson, he urged the public to be on their guard as even chatting with a friend online may not be what it seems these days.
Major mobile phone service providers have also noted the emergence of such cases of late.
When contacted, Digi Telecommunications Sdn Bhd says it has informed subscribers on its website about such cases on social networking sites.
“Recently, there has been an increase in cases regarding fake Facebook profiles.
“These scammers are taking on your friends’ identity on the social network.
“Their newly created Facebook profiles will add you as their friend, pretending to have lost their previous account,” reads the post dated May 15.
DiGi says the scammers will then ask for the victim’s mobile number.
Once the victim has given their mobile number, the con artists will then try to phish a TAC or a One Time PIN (OTP) sent to the victim’s mobile.
“Do not give your phone number without verifying with the actual person who is asking for it.
“Most importantly, do not give away any TAC or OTP sent to your mobile by any DiGi short codes like 20000 or any 6xxxx numbers,” DiGi stresses.
As for Celcom Axiata Bhd, the telco is aware that there have been reports of fraudulent activity of unauthorised online gaming credit purchases using subscribers’ accounts.
“However, to date, we have not received any complaint or report from Celcom subscribers of such incidents.
“Celcom, as an ethical digital enabler in supporting the mobile gaming industry, encourages its subscribers to be extra cautious of SMS, WhatsApp, Facebook messages and calls from unknown parties,” it says.
The telco also urges its subscribers to never disclose authentication or verification codes to third parties or unofficial websites.
“Social scammers may pretend to be a known friend or via other means of obtaining various monetary authentication codes,” Celcom adds.
Maxis Bhd advises customers to remain vigilant and not share any personal information with any unidentified individuals.
“In the event customers are contacted by a suspicious caller, they are advised to check the authenticity of the call by referring to the company, organisation or institution involved for further clarification,” it says.
There are consequences for the perpetrators and those who commit online fraud will face the full brunt of the law.
Bar Council information technology and cyberlaw committee deputy chairman Foong Cheng Leong said somebody who impersonates another person online could be breaking the law if the actions fall within criminal activity.
“For example, impersonation to gain monetary benefit could amounting to cheating.
“Impersonation, as a prank, is not a criminal act,” he explains.
Hence, it is considered a crime in cases where the online impersonator asks for money from unsuspecting victims – or as in the case of this latest twist, tricking them into buying game credits for them.
Such an offence comes under Section 420 of the Penal Code for cheating and dishonestly inducing delivery of property.
It is a crime punishable with a jail term of between one and 10 years, with whipping and a fine.
However, even the act of hacking into a person’s social media account alone, whether it is a prank or not, crosses into the criminal realm.
Under the Computer Crimes Act, a person who gains unauthorized access to computer material is guilty of an offence.
Those convicted could be liable to a maximum fine of RM50,000, five years in jail or both.
Hacking with intent to commit further offences, including fraud, also amounts to a crime.
If found guilty, the court can sentence a person to a maximum fine of RM150,000, a 10 year jail term or both.
CyberSecurity Malaysia chief executive officer Datuk Dr Amirudin Abdul Wahab says different scammers use different tactics but all share the same goal to obtain private information for fraudulent use.
“It’s not always easy to identify online fraud. But understanding how it takes place helps keep users safe,” he says.