According to local newswire reports, the five-strong gang behind the fraud used `conventional' phishing techniques to obtain the 12 victims' online banking credentials, but then waited to use that information whilst they approached the victims' cellular companies.
After posing as the victim and claiming to have lost their mobile phone, the fraudsters were issued with a replacement SIM card, which allowed them to generate the one-time transaction numbers – sent via text message to the user's mobile phone – to authenticate new bank transfer instructions.
The Star newspaper quotes Federal Commercial Crime Investigations Department director Datuk Syed Ismail Syed Azizan as saying that the fraud syndicate - which had been active since early this year - would first go to an internet banking kiosk and upload software that recorded the user names and passwords of those using it.
They would then come back a few hours later and download the data onto a USB drive, he told the paper, adding that the syndicate members, armed with this information, would then approach the cellular companies and, by posing as the victims’ friends, family members – or the victims themselves - claimed to need a replacement SIM card.
Commissioner Syed Ismail said that syndicate members would even produce forged documents to support their claims, such as fake police reports, identity cards and authorisation letters.
“With the SIM card, the syndicate would then be able to get the transaction authorisation code which allows them to transfer funds into their own accounts”, he explained.