Protect your prosperity: Watch out for scams offering too-good-to-be-true deals for CNY


Authorities and cybersecurity experts advise caution when searching for online deals during the festive season. — AZHAR MAHFOF/The Star

With the Chinese New Year around the corner, purchasing new items such as clothes or hiring a cleaning service for extra help to spruce up the home is a priority to many.

However, both authorities and cybersecurity experts advise caution when searching for online deals during the festive season.

Bukit Aman Commercial Crime Investigation Department (CCID) director Comm Datuk Seri Ramli Mohamed Yoosuf emphasised in a report on Jan 21 that the festive season provides a “golden opportunity” for scammers on the prowl for victims.

“Scammers would take advantage of the festive season by offering goods such as ang pow packets, cookies and other festive items at low prices. If the prices are too low, don’t let your guard down,” he advised.

Tenable senior staff research engineer Satnam Narang warned that scammers might establish fraudulent online shops offering popular festive items such as bakwa or pineapple tarts with no intention of delivering the items.

Beyond targeting individuals through their online shopping habits, Satnam said scammers may adopt a more personal approach and impersonate relatives or loved ones, leveraging the cherished Chinese New Year tradition of ang pao or red packets. — TenableBeyond targeting individuals through their online shopping habits, Satnam said scammers may adopt a more personal approach and impersonate relatives or loved ones, leveraging the cherished Chinese New Year tradition of ang pao or red packets. — Tenable

“These fake establishments provide shoppers with forms to input personal details, including mobile numbers and social media account information. This method efficiently collects a large amount of information, which scammers can exploit for fraudulent activities,” Satnam said in a statement.

Falling for fake offers online can lead to significant financial losses. In 2022, the police reported four cases from Jan 9 to 12 involving scammers selling Chinese New Year snacks online, resulting in losses totalling RM51,000.

The victims had booked snacks online and communicated with a “seller” via WhatsApp, according to Kuala Lumpur Commercial Crime Investigation Department (CCID) chief Asst Comm Mohd Mahidisham Ishak.

“The suspect gave the victims a web link to be used to pay the deposits. The victims registered and filled in their banking details,” he said in a report.

The victims realised that they had been duped only after noticing multiple transactions funnelling funds from their bank accounts into the perpetrator’s account.

“We advise the public to be careful when making purchases online to avoid being victims of such scammers. Never reveal your banking details or your security codes to any third party,” said ACP Mohd Mahidisham.

Users should also be aware of fake cleaning services typically offered on social media by scammers.

Last year, a Sarawak housewife lost RM44,074 to scammers after responding to a house-cleaning ad on Facebook.

Sarawak DAP chairman Chong Chieng Jen said in a statement that the victim, who had booked a cleaning service for Chinese New Year spring cleaning, encountered problems when making payments. The next day, she found out that her account had been blocked due to eight consecutive fund transfers to an unknown account.

“Had the bank’s Internet banking security system been more vigilant and secure, such consecutive transfers would definitely have raised red flags in the system, thereby stopping the transfers,” Chong said.

Last year, Bank Negara Malaysia also issued a warning about scammers on social media offering fraudulent cleaning services during the festive season.

It reminded the public to contact their respective banks or the National Scams Response Centre at 997 if they fall victim to financial scams.

Comm Ramli urged the public to verify the authenticity of sellers before proceeding with any transaction. He cautioned that victims lost money because they entered their bank details on a fake app – which scammers provide as an APK installation file – or website.

Lee recommended that users not save their card details on any ecommerce sites. — SophosLee recommended that users not save their card details on any ecommerce sites. — Sophos

Sandra Lee, Sophos managing director for Greater China, South-East Asia and Korea, said in a statement that generative AI can be used to “create an entire fake online store” to entice individuals into divulging their personal information and data.

“Don’t click deals in emails that look too good to be true or are from businesses you don’t have accounts from – these could be phishing emails hoping to bait you into clicking links to bogus, malicious websites,” she said.

She also advised users not to save their card details on ecommerce sites.

“They can’t lose what they don’t have, so tell them not to store your credit card unless it is absolutely necessary,” she said.

She added that users should use credit cards instead of debit cards.

“Credit cards offer significantly more protection against online fraud, and you are in the power position in a dispute.

“You can simply not pay your bill while disputing the charge, rather than having criminals directly drain your bank account of your hard-earned cash,” she said.

Spot the deepfakes

Even age-old customs are not spared from the evolving landscape of online scams. Beyond targeting individuals through their online shopping habits, Satnam said scammers may adopt a more personal approach by impersonating relatives or loved ones.

“Scammers may impersonate relatives and ask for red packets or monetary gifts, preying on tradition during Chinese New Year,” he said.

Beware of scammers pretending to be a relative asking for ang pow. — Image by pressfoto on FreepikBeware of scammers pretending to be a relative asking for ang pow. — Image by pressfoto on Freepik

In May 2023, Reuters reported that a man in Northern China transferred 4.3mil yuan (RM2.8mil) to a friend who contacted him via video call, asking for money to make a deposit for a bidding process.

However, the man realised he had been duped after the friend claimed to have no knowledge about the transfer request.

According to the police, the perpetrator used “AI-powered face-swapping technology” for impersonation.

Identity verification platform Sumsub’s Identify Fraud Report 2023 found a significant 10-fold increase in the number of detected deepfakes worldwide from 2022 to 2023, accounting for over two million fraud attempts during this period.

In the Asia-Pacific region, deepfake fraud has surged by 1,530%, with Vietnam and Japan leading in recorded cases, according to the report.

Cases involving the unauthorised use of personal data or fake identities for malicious activity in Malaysia experienced an increase from 0.70% in 2022 to 1.65% in 2023.

In a separate Bernama report, Comm Ramli said his department anticipates a surge in police reports linked to AI, expressing concerns about its use in scams.

“For example, AI is capable of imitating my natural voice (and) communicating in different languages, such as Tamil, Mandarin, and English, to commit various types of scams.

“Therefore, it poses a great challenge to CCID. Our investigative technology must be enhanced to keep up with the development of AI,” he said in the Jan 25 report.

Kaspersky, a cybersecurity company, advised users to identify deepfakes by recognising signs such as jerky movements, lighting inconsistencies between frames, and unusual blinking.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Tech News

Ambani's Reliance lobbies India on satellite spectrum in new face-off with Musk
Study: Recycling old cables may provide copper needed for green tech
Japan's Rapidus and Denso to share advanced chip design methods, says Nikkei
Yes, I'm in a forest: WhatsApp finally gets video chat backgrounds
Zoom to get realistic digital avatars that can replace you in videos
Opinion: Is your login data safe with password managers?
India's Star Health says it received $68k ransom demand after data leak
Portuguese school sets world record for largest programming lesson
Google wants US judge's app store ruling put on hold
Analysis-Tesla's sporty, two-seater robotaxi design puzzles experts

Others Also Read