PETALING JAYA: Illegal pre-registered SIM cards and phone number spoofing continue to expose gaps in Malaysia’s mobile registration and network security, with foreigners and locals describing how the system can be bypassed with ease.

A source said he initially tried to buy a SIM card through authorised outlets but was repeatedly turned away without a passport, in line with existing regulations.

“Every official shop I went to asked for my passport. Without it, they said they could not activate the SIM,” the source told The Star.

However, he was later told by acquaintances that he could bypass the process by paying a fee to have the SIM registered under another person’s name.

“They told me I could ask someone else to register it for me. I only had to pay around RM20 or RM30 for it.

“Once activated, the SIM works like any normal line and doesn’t require my passport at all,” the source said.

ALSO READ: Experts: SIM card misuse fuelled by weak regulation

According to him, the SIM was immediately usable for calls, messaging, one-time passwords (OTPs) and banking apps, with no visible restrictions.

“There’s no difference when using it. You can receive OTPs and access online services like any normal number,” he said, adding that the practice was commonly suggested to foreigners who needed quick connectivity for work or deliveries.

He acknowledged, however, that accountability becomes murky.

“If something goes wrong, the problem falls on the person whose name the SIM is registered under, not the actual user,” the source said.

Meanwhile, in a social media forum, a man admitted he knowingly spoofed phone numbers for money after being approached by a middleman.

“I was paid to let my number be used. They said it was for marketing calls, nothing serious,” he said, adding that he later realised the number was being used to trigger missed calls and lure people into returning calls or clicking links.

“I knew it was wrong, but the money was easy, and no one checked,” he added.