Share This

Friday, July 12, 2024

Clamping down on mule accounts;' Onus is on banks to prove unauthorised transactions'

 Law and institutional reform minister Azalina Othman Said said losses from online fraud crimes over the past three years totalled more than RM2.65 billion.

PROPOSED amendments to the law were tabled in Dewan Rakyat with the aim of clamping down on the use of mule accounts for illegal activities. 

The move is seen as a measure to address the alarming rise in online financial fraud cases.

Those convicted under the new offences could face fines of up to RM150,000 and 10 years in jail.

The Penal Code (Amendment) Bill 2024 and Criminal Procedure Code (Amendment) Bill 2024, which were tabled for the first reading by Minister in the Prime Minister’s Department (Law and Institutional Reforms) Datuk Seri Azalina Othman Said, will also see stiff penalties being imposed against those involved in such activities.

Under the amendments, several new sections – 424A, 424B, 424C and 424D – were included under the Penal Code for offences related to payment instruments or accounts at financial institutions.

“The proposed new section 424A seeks to provide for the offence and penalty for possession or control of any payment instrument of another person or any account of another person at a financial institution without lawful authority or lawful purpose,” the Bill read.

Those found guilty could face a fine of between RM5,000 and RM50,000, imprisonment of between six months and five years, or both upon conviction.

The proposed new section 424B states the offence and penalty for allowing another person to control or possess payment instruments or an account at a financial institution without lawful authority or purpose.

This offences is punishable by a fine of between RM10,000 and RM100,000, a prison term of one to seven years, or both upon conviction.

Under subsection 424C(1), individuals who directly or indirectly engage in transactions using their payment instruments or accounts for unlawful purposes can be punished with a prison term of three to 10 years or a fine of between RM10,000 and RM150,000 or both.

As for unlawful transactions conducted using another person’s payment instruments or account, Section 424C(1) states that those guilty could be fined between RM10,000 and RM150,000 or face a prison term of between three and 10 years or both.

The financial institutions under the proposed laws refer to licensed banks under the Financial Services Act, licensed Islamic Banks under the Islamic Financial Services Act and the institutions prescribed under the Development Financial Institutions Act with payment instruments also designated by the respective Acts.

A new section, 116D, was also proposed under the Criminal Procedure Code, which would empower a police officer not below the rank of sergeant to seize or prohibit dealings involving money held or suspected to be held in any payment instrument or account at financial institutions.

The police officer can act if they have reasonable cause to suspect that an offence has been committed if the money has been used or is intended to be used to commit an offence or if the money constitutes evidence of an offence.

The second reading is scheduled for the current Dewan Rakyat meeting.

According to data from the Legal Affairs Division, there were a total of 266,230 reports on mule accounts while 146,772 bank accounts were identified as mule accounts.

Source link

'Onus is on banks to prove unauthorised transactions' 


The burden to conduct a detailed probe to prove any unauthorised banking transaction lies with the banks and not the victim of financial scams, say. The burden to conduct a detailed probe to prove any unauthorised banking transaction lies with the banks s Lim Hui Ying and not the victim of financial scams, says Lim Hui Ying.

Clamping down on mule accounts;' Onus is on banks to prove unauthorised transactions' said this in response to a question from Chong Chieng Jen (Pakatan Harapan-Stampin) during Question Time in the Dewan Rakyat on Tuesday (July 9).

“Scam victims do not need to prove that the transaction is real. That is for the bank to prove,” said the Deputy Finance Minister in response to a question from Chong Chieng Jen (PH-Stampin) during Question and Answer Time.Chong asked the Finance Ministry to state whether it had any intention to amend existing laws so that banks were held responsible for the full or partial losses suffered by victims of financial fraud or scams.

Lim said quantum of compensation by the banks would take into consideration the outcome of investigations of each case and the effectiveness of the security controls implemented by the banks to address financial fraud.

“If the financial loss is solely due to the negligence and weaknesses of the bank, then the bank must be fully responsible for the loss,” she added.

She said if the scam victim disagreed with the bank’s decision and compensation offer, the account holder had the right to take the matter up with the Ombudsman for Financial Services.Besides this, Lim said banks had implemented several measures since June 2023 to safeguard account holders, including ensuring that every banking transaction complies with security features such as confirmation of transactions with clients, providing transaction notifications to clients and strengthening fraud detection rules to identify suspicious transactions.


Related:

What is a Mule Account Scam? Your bank account is being used by others to either collect or transfer funds. These funds could be stolen or laundered from ...



Wednesday, July 10, 2024

Hackers grow more sinister and brazen in hunt for bigger ransoms

 

Cybercrime crews are increasingly turning to more sinister techniques to try to bend major companies to their will, abetted by new technology. — Image by freepik

A hack on a London hospital has left hundreds of millions of health records exposed and forced doctors to reschedule life-altering cancer treatments. In North America, a gang tried auctioning off data about LendingTree Inc customers after finding credentials in another breach. And in the recent compromise of car-dealership software provider CDK Global, hackers took the brazen approach of attacking not just once, but twice.

These recent high-profile incidents show how cybercrime crews are increasingly turning to more sinister techniques to try to bend major companies to their will, abetted by new technology.

"They’re becoming more aggressive in the ways they try to make money,” said Kevin Mandia, co-founder of Ballistic Ventures and the former chief executive officer of Google’s threat intelligence firm Mandiant. "It’s trying to create more pain so they get paid more, or they cause more disruption.”

The one-two punch approach used in the CDK incident indeed delivered a blow to its customers: Auto dealerships throughout the US were slowed for days. If a ransomware victim isn’t quick to pay an extortion fee, the logic goes, a second hit could be crippling enough to blackmail them into paying up.

Tactics like leaking sensitive records and double-hacks aren’t completely new, but have become more common and represent an evolution from traditional ransomware attacks, when scammers simply would encrypt data, demand a payment and then move to the next victim.

These days, when hackers ask for money, they’re sometimes refusing to negotiate ransom demands, according to one expert not authorised to speak about the matter, and they are insisting on extraordinary sums. The Russian-speaking hackers in the London hospital attack demanded US$50mil (RM235.92mil). UnitedHealth Group Inc made a US$22mil (RM103.80mil) payment to a cybercrime group after a February hack on the insurance giant’s subsidiary Change Healthcare.

Those kinds of demands point to hackers putting significantly more pressure on victims. The average ransom payment was US$381,980 (RM1.80mil) in the first quarter of this year, according to the incident response firm Coveware. 

Another reason hackers are growing more demanding: They’re getting smarter about picking their targets, homing in more often on victims whose systems are critical to entire supply chains. The so-called ransomware-as-a-service model has made this strategy easier. A core hacking group will develop and lend its malware to other scammers, known as affiliates, in exchange for a cut of their ransom proceeds.

This is a favourite technique of the group known as BlackCat, according to the blockchain analysis firm Chainalysis Inc. That’s one reason known ransomware payments exceeded US$1bil (RM4.71bil) in 2023, a new record, Chainalysis determined.

Harassing researchers

Hackers have also started to harass the researchers who investigate them.

One especially ruthless group is generating fake nude photos of them with artificial intelligence, said Austin Larsen, a senior threat analyst at Mandiant, a unit of Google Cloud. Similar groups have been alerting police to false emergencies at researchers’ addresses and publishing private information about them online, he added.

Recently, Larsen said his colleagues have taken what was for them an unprecedented step of removing their names from research reports they have written about some of the nastiest gangs.

Some extortionists make phone calls to executives who work at victimised organisations to try coaxing them into paying a fee. In other cases, attackers have called executives by spoofing the numbers of their children – a new tack that Charles Carmakal, chief technology officer at Google’s Mandiant.

"As these tactics get bigger and more aggressive, they’re going to be more disruptive to people’s ordinary lives,” said Allan Liska, an analyst at Recorded Future Inc, who compared the extortion methods to real-world violence like the kind in mafia movies.

"If you send somebody a finger, they’re more likely to pay a ransom,” he said. "This is the equivalent of that.”

Health-sector attacks

The attacks in the health sector show that some of hackers’ increased brazenness is apparent in the types of targets they’ve put in their sights.

Hospitals in London for weeks have struggled to overcome a hack that forced doctors to turn away patients. Seeking to further maximise their leverage, the gang behind the breach threatened to publish data stolen in the incident, ultimately making good on that promise.

In the Change Healthcare hack, thieves from the BlackCat cybercrime group caused outages and delayed payments at pharmacies and health-care organisations for weeks. Even after UnitedHealth made a payment to BlackCat, it had little visibility into whether patient data was safe.

A 2022 attack on Medibank, one of the largest health insurers in Australia, represented a transformative moment in digital crime tactics, said Carmakal of Mandiant. In that case, scammers demanded roughly US$15mil (RM70.78mil) in exchange for not going public with patients’ most sensitive health records. When Medibank declined to pay, extortionists leaked information about Australians who had undergone abortion procedures, and hackers called patients in hospitals in a coordinated harassment campaign.

Cybercrime campaigns have continued despite more action from international law enforcement. The problem is that hackers often work from countries that protect them from extradition to the West, Liska said. "They don’t fear retaliation,” he said.

US President Joe Biden has vowed to take on ransomware, and the Department of Justice has created its own ransomware task force to tackle such aggressive attackers. That effort has led to more arrests, Liska said, but not enough to keep pace with the proliferation of new groups.

That’s in part because it has become easier to conduct such campaigns. Hackers can find pre-made ransomware kits on the Internet, paying as little as US$10,000 (RM47,190) to attack US companies, according to Liska.

"Go mow the lawn for the summer and you'll make enough money to start your first attack,” Liska said. – Bloomberg

Related stories:

US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth

Hackers roil entire industries with attacks on IT supply chain

Tuesday, July 9, 2024

Working hard is not overworking

 Corporate leader: Malaysia on cusp of becoming globally competitive 

Both sides of the coin: Wong (left) and Dr Prem Kumar.

GEORGE TOWN: Working hard does not necessarily mean one is overworked or that one’s work-life balance is out of whack, say corporate leaders here.

Being highly skilled at what you do as an occupation and then being driven to accomplish your goals can be rewarding in their own right, said Malaysian Semiconductor Industry Association president Datuk Seri Wong Siew Hai.

Stressing that Malaysia is on the cusp of becoming a productive and globally competitive nation, he said hard work in itself does not equate to being overworked.

In the semiconductor industry, Wong said employers strictly follow labour laws and allow workers the freedom of choosing to work long hours or even to work from home for those whose jobs allow them to do so.

“Multinational companies employ tens of thousands of workers and must strictly follow international working standards under the Responsible Business Alliance (RBA), prohibiting any infringement on workers’ rights,” he said.

Wong was responding to the recent survey on work-life balance conducted by Remote, a global human resource services company, which ranked Malaysia at 59 out of 60, with a meagre score of 27.51 out of 100, just a notch above Nigeria, which scored 17.03.

The study, done in March last year, found that workers in Malaysian were averaging a 40.8-hour work-week, with only an average of 16 days’ annual leave, and a minimum wage of RM5.05 per hour, leaving them with little time to rest and recover.

RBA is a non-profit organisation devoted to protecting the rights and well-being of workers and communities worldwide in the global electronics supply chain, with companies that are part of RBA running the risk of being blacklisted or censured if they are found to have broken the group’s rules.

Wong said Malaysia enjoys one of the highest number of public holidays in the world, so it does not make sense to say workers here do not have adequate time off.

“We absolutely should not have been put in the same category as some developed countries, which have different measurements of work-life balance that are not applicable here,” he said.

SME Association Malaysia northern chairman Calvin Kwan said even SMEs (small and medium enterprises) in Malaysia adopted the United Nations’ principles on Environmental, Social and Corporate Governance.

“Many companies actually want to create a happy working environment simply because it will increase productivity and loyalty.

“We aim to create a bond among workers so that during times of a production ramp-up, we get good teamwork,” said Kwan, who stressed that workers now are more sophisticated and know their rights.

On the flip side, there are those who have to seek therapy due to work-related issues.

Consultant psychiatrist Dr Prem Kumar Chandrasekaran from the Penang Adventist Hospital said people who sought treatment for anxiety and hypertension usually did so as a result of work.

“We are talking about people between the ages of 20 and 40, some with weak immune systems. Early intervention is necessary due to a number of them having suicidal thoughts,” he said.

“Putting in more than 55 hours of work per week is associated with 1.3 times more incidences of depression and anxiety – sleep deprivation can lead to problems too.

“Add fatigue into this and the result is diminished productivity and the risk of burnout,” said Dr Prem Kumar, adding that work hours should be capped at between 38 and 45 hours a week.

However, he clarified that those facing work-related stress may not necessarily be workaholics but may instead be grappling with a shift in the nature of work or workplace expectations, especially in the post-pandemic period.“Many of my patients are not aware of this connection between poor work-life balance and their stress symptoms.

“The best way to handle this is to pause and evaluate your situation, assess your priorities, enhance your time management, establish boundaries with management, reflect on the changes made, refine them and repeat the flow that works.

“Balance efficiency at work by rewarding that accomplishment with ‘me-time’, moments with family, and doing things that you love,” he added.

Source link

Related posts:

LETHAL LURE OF JOBS ABROAD, Baited and trapped

Malaysians fail for offers of lucrative jobs overseas only to end up scrammed