The Malaysian Communications and Multimedia Commission (MCMC) has issued a statement stating that there has been an increase in incidents involving account takeovers for messaging applications.
The takeover of messaging app accounts occurs through impersonation and extortion tactics. This tactic is to trick the victim into submitting a 4-digit, 5-digit, or 6-digit verification code or security code sent by the provider of the messaging application platform involved either through SMS, email, or other settings that have been selected by the user.
Some of the tricks and modus operandi often used by perpetrators are as follows:
i. Perpetrators impersonate authorities using fake messaging accounts and use elements of intimidation or extortion to obtain verification codes.
i. The perpetrator impersonates a friend or family member by using a messaging account (belonging to a friend or family member) that has been successfully taken over before and further solicits the victim’s help to submit a verification code with the claim that the code belongs to them (a friend or family member), and the relevant messaging application platform provider has mistakenly sent the code to the victim.
iii. The perpetrator pretends to be an authority and informs the victim that the victim has been selected to be a member of a secret group created by the Government. The victim is then instructed to share the verification code that has been sent through messaging application or SMS to gain access to the secret group.
iv. Data fishing (phishing) – The perpetrator will contact the victim either through a messaging application or in the message section (direct message) of social media by impersonating a representative of the messaging application platform provider, and informing them that the victim has committed a privacy or copyright violation and the user is directed to click on the given link for correction purposes.
In that regard, the MCMC has called on the public to activate two-factor authentication (‘two-factor authentication’-2FA) for every social media account and messaging application and not to share any authentication code to avoid the risk of access being taken over by unauthorized parties.
