Home Minister Datuk Seri Saifuddin Nasution Ismail said the implementation of the first phase will allow the Home Ministry (KDN), Immigration Department (JIM), and the Border Control and Protection Agency (AKPS) to evaluate the effectiveness of the joint operation with the airlines involved before expanding it to all international airlines in March 2026.

“Through the APSS, passenger information will be checked before arrival at the country’s entry points. This approach allows authorities to identify potential safety risks earlier and take appropriate proactive action, thereby strengthening the prevention aspect.

“The implementation of the APSS reflects the KDN’s commitment to strengthening the country’s security via the use of data and technology. This system is part of the immigration control reforms that allow for the early detection of high-risk individuals before their arrival in Malaysia,” he said in a statement today.

He said the implementation schedule had been accelerated from December to October to ensure Malaysia’s compliance with United Nations Security Council (UNSC) Resolutions and Global Safety standards under the Universal Security Audit Programme — Continuous Monitoring Approach (USAP-CMA) by the International Civil Aviation Organisation (ICAO).

Saifuddin Nasution said the early implementation of the APSS demonstrates the MADANI government’s commitment to the safety of the people and the country’s preparedness to face regional and global security challenges.

He said the technology-based approach also strengthens the country’s resilience and reinforces Malaysia’s image as a safe and modern aviation and tourism hub.

“The APSS is an initiative under the National Integrated Immigration System (MyNIlSe) project. And the implementation of the first phase is specifically for international flights with the aim of screening and assessing traveller information earlier to strengthen national border security control.

“KDN is confident that the implementation of the APSS will be a driving force for reform in the effort to digitalise the country’s immigration control, in line with the MADANI government’s aspiration to provide more efficient, safe and people-friendly services,” he added.

THE future of bank­ing no longer sits behind glass coun­ters or within phys­ical branches. It now lives in code, and increas­ingly, in the palm of your hand.

Enter gen­er­at­ive arti­fi­cial intel­li­gence (AI).

“In the past, risk was assessed using rigid logic, simple if-this-then-that rules,” said Microlink’s chief tech­no­logy officer, Hong Wye Kean.

“But with gen­er­at­ive AI, we’re talk­ing about mod­els that can under­stand, reason and act with con­text. That’s a game-changer,” he said at the “Future­Bank 2025” event recently.

Microlink show­cased an AI-enabled digital on board­ing pro­cess, com­pleted in under five minutes. The sys­tem auto­mat­ic­ally scanned more than 90 data points while run­ning facial veri­fic­a­tion, doc­u­ment authen­tic­a­tion and device fin­ger­print­ing.

And if a flagged phone or laptop was used, say, one linked to pre­vi­ous fraud cases, the sys­tem blocked access even before the user could begin veri­fic­a­tion.

“It’s not just about whether the per­son looks right,” said Wye Kean. “The sys­tem checks whether the device itself has been com­prom­ised.”

Usage of mod­u­lar sys­tem archi­tec­ture, built on Java and .NET, allows for 24/7 uptime with 99.96 per cent avail­ab­il­ity.

Banks need not replace entire leg­acy sys­tems; they can adopt new fea­tures incre­ment­ally, allow- ing for a more seam­less mod- ern­isa­tion jour­ney.

“Pre­vi­ously, we’d need to hire domain experts, retrain them and scale slowly. Now, with AI, we train the model once and deploy it across hun­dreds of agents,” said Wye Kean.

“Effect­ively, your smart­phone becomes a fully oper­a­tional bank branch.”

PREVENTING THREATS

Microlink exec­ut­ive dir­ector Kwang Chwen Wong said the focus has now shif­ted from react­ing to fin­an­cial threats to pre­vent­ing them before they mater­i­al­ise.

“What mat­ters today is what hap­pens before and dur­ing a trans­ac­tion. Tra­di­tional anti-money laun­der­ing (AML) tools detect threats after the fact. With AI, we’re clos­ing that gap by embed­ding intel­li­gence into every layer,” he said.

This includes scan­ning dark web data­bases in real time to verify the legit­im­acy of trans­ac­tion sources, a move that strengthens fraud pre­ven­tion sig­ni­fic­antly.

For a broader per­spect­ive, RHB Bank­ing Group head of trans­form­a­tion

Archit Anand said the bank­ing sec­tor’s trans­form­a­tion has evolved well bey­ond cus­tomer exper­i­ence.

“First, it was about product mod­ern­isa­tion. Then we spoke of eco­sys­tem mod­ern­isa­tion. Today, it’s about infra­struc­ture trans­form­a­tion,” he said.

“Mod­u­lar, flex­ible archi­tec­ture is cru­cial. It’s not about tear­ing everything

down, it’s about build­ing on what you already have.”

But he said that the real chal­lenge lies in mind­set, not machines.

“The obstacle isn’t the tech­no­logy. It’s about rethink­ing trans­form­a­tion. Banks must stop think­ing like banks and start think­ing like tech­no­logy firms.”

With this announcement, Microlink is proud to join thousands of companies globally committed to taking responsible business actions to help create the world we all want. This membership underscores our dedication to sustainable business practices aligned with global goals.

The UN Global Compact is a call to companies everywhere to align their operations and strategies with Ten universally accepted principles in the areas of human rights, labour, environment, and anti-corruption, while also supporting the advancement of the Sustainable Development Goals (SDGs).

Launched in 2000, the UN Global Compact is the largest corporate sustainability initiative in the world, with over 20,000 companies from more than 160 countries participating, supported by 60+ Global Compact Networks.

“At Microlink, we are dedicated to driving sustainable growth through responsible innovation. Joining the UN Global Compact reflects our belief that businesses can be a force for good, helping build a better future for society while delivering long-term value,” said Wong Kwang Chwen, Executive Director, Microlink Solutions Berhad. As a participant of this initiative, we encourage you to visit our UN Global Compact profilehttps://unglobalcompact.org/what-is-gc/participants/166950 on the UN Global Compact website and learn more about our latest sustainability work.

Kuala Lumpur, Malaysia, September 2024, First Solution, a leading distributor of digital solutions in Malaysia, announced a partnership with Alibaba Cloud, digital technology and intelligence backbone of Alibaba Group, to accelerate the adoption of cloud technology across Malaysia. This collaboration will harness Alibaba Cloud’s advanced technology and innovative services to enhance First Solution’s offerings, supporting the growth of the Malaysian digital economy.

Through this partnership, First Solution is now well positioned to provide our partners and customers access to Alibaba Cloud’s comprehensive suite of cutting-edge cloud solutions, including high-performance infrastructure, enhanced data security, and cost-effective services tailored to meet evolving business needs.

This joint effort highlights First Solution and Alibaba Cloud’s long-term commitment to empowering Malaysia as a high-value economy. Recently, Alibaba Cloud identified Malaysia as a key market for the investment plan to establish its third data centre locally within the next three years. These investments will play a crucial role in advancing Malaysia’s digital transformation by delivering advanced cloud technologies and streamlined solutions to local businesses.

This partnership underscores our commitment to equipping our partners with the digital tools that their clients need to stay competitive and succeed in an increasingly dynamic marketplace. We are dedicated to providing seamless integration, expert guidance, and continuous technical support to ensure our partners and their clients can fully harness the power of cloud technology.

About First Solution

First Solution is a trusted IT distributor, dedicated to empowering its partners with cutting-edge technology and infrastructure to enable businesses achieve their goals and drive sustainable growth. Our offerings include advanced enterprise solutions such as cloud computing, cybersecurity, enterprise-grade servers, storage systems, and network infrastructure. These solutions enable First Solution’s partners to equip businesses with the tools they need to streamline operations, enhance technological capabilities, and thrive in a rapidly changing digital landscape.

However, traditional keyword-based search engines often fall short in delivering precise results. Enter Content Search Retrieval Augmented Generation (Content Search RAG), a comprehensive approach to content search that integrates retrieval and generation techniques, augmented by AI technologies. This methodology goes beyond conventional keyword-based search to incorporate advanced natural language processing (NLP), machine learning (ML), and information retrieval (IR) techniques, enhancing both the retrieval and generation aspects of content search.

1. Content retrieval

Content retrieval involves the process of identifying and retrieving relevant information from vast repositories of data. Traditional search engines rely on keyword matching algorithms, which often produce results that may lack precision or relevance. In contrast, Content Search RAG leverages AI-driven retrieval techniques to enhance the accuracy and effectiveness of search results.

1. Semantic understanding: Traditional search engines primarily rely on keyword matching, which may not capture the nuances of language and context. AI-driven search algorithms, however, go beyond keywords, employing natural language processing (NLP) techniques to understand the meaning and intent behind user queries. By analysing the semantics of words and phrases, AI can deliver more relevant results, even when the search terms don’t exactly match the content.

1. Context analysis: Understanding the context surrounding a search query is crucial for delivering accurate results. AI excels at contextual understanding, taking into account various factors such as location, time, device type, and user behaviour. For example, a search for “best restaurants” may yield different results based on whether the user is searching from their hometown or a foreign city. By contextualising search queries, AI ensures that the results are relevant and timely, catering to the specific needs of the user.

1. User behaviour prediction: One of the most powerful features of AI-driven content search is its ability to provide personalised recommendations based on user preferences, behaviour, and past interactions. By leveraging machine learning algorithms, search engines can analyse user data, including search history, clicks, and engagement metrics, to tailor results to individual preferences. This personalisation not only enhances the user experience but also increases the likelihood of discovering relevant content that aligns with users’ interests.

2. Augmented generation

Augmented generation refers to the process of generating content that complements retrieved information, providing additional context, insights, or summaries to aid user understanding. In traditional search engines, users often have to sift through extensive documents to extract relevant information. Augmented generation techniques streamline this process by automatically generating concise summaries, abstracts, or highlights, enhancing the accessibility and usability of search results.

1. Summarisation: Summarisation involves condensing large volumes of text into shorter, more manageable summaries while retaining the essential information and key insights. AI-powered summarisation techniques leverage advanced NLP models, such as transformer-based architectures and GPT (Generative Pre-trained Transformer), to generate coherent and informative summaries automatically.

• Extractive summarisation: In extractive summarisation, AI models identify and extract the most relevant sentences or passages from the original text to form the summary. This approach preserves the original wording and structure of the text, ensuring that the summary remains faithful to the source material.

• Abstractive summarisation: Abstractive summarisation takes a more creative approach by generating summaries that may contain rephrased or paraphrased content not present in the original text. AI models generate new sentences that capture the essence of the original text while potentially offering a more concise or coherent summary.

• Multi-document summarisation: When dealing with multiple documents or sources of information, AI-powered summarisation techniques can aggregate and distil key insights from disparate sources into a unified summary. This enables users to gain a comprehensive understanding of a topic by synthesising information from multiple perspectives.

1. Abstraction: Abstraction involves the process of extracting high-level concepts, relationships, and insights from retrieved content, enabling users to grasp the underlying meaning and significance more easily. AI-driven abstraction techniques analyse the semantic structure of text to identify important entities, events, and themes, providing users with a distilled representation of the information.

• Entity extraction: AI models can identify and extract entities such as people, organisations, locations, dates, and other relevant entities mentioned in the text. By highlighting these entities, abstraction techniques enable users to quickly identify key actors, events, and locations associated with the topic.

• Topic modelling: Topic modelling algorithms identify latent topics or themes present in a corpus of text documents. By clustering related documents based on their topical similarity, abstraction techniques provide users with an organised overview of the content landscape, allowing them to navigate and explore relevant topics more effectively.

• Relationship extraction: AI models can analyse the syntactic and semantic structure of sentences to identify relationships between entities mentioned in the text. Abstraction techniques highlight these relationships, enabling users to understand the connections and interactions between different entities and concepts.

1. Personalisation: Personalisation tailors the augmented generation process to align with the individual preferences, interests, and requirements of users, ensuring that the generated content meets their specific needs and expectations. AI-powered personalisation techniques leverage user data, feedback, and interaction history to adapt the generation process dynamically, optimising the relevance and utility of the generated content.

• Content filtering: Personalisation techniques filter search results and generated content based on user preferences, demographics, and past interactions. By prioritising content that aligns with the user’s interests and preferences, personalised search experiences enhance user satisfaction and engagement.

• Content customisation: Personalisation allows users to customise the level of detail, granularity, and formatting of generated content according to their preferences. Whether it’s adjusting the length of summaries, selecting preferred topics, or specifying the format of generated content (e.g., text, audio, visual), personalised search experiences empower users to tailor the content to their individual needs.

Challenges and ethical considerations

While AI has significantly enhanced content search capabilities, it also presents challenges and ethical considerations. Issues such as algorithmic bias, privacy concerns, and data security must be addressed to ensure fair and responsible use of AI in content search. Additionally, as AI becomes increasingly sophisticated, there’s a need for transparency and accountability in how search algorithms operate and make decisions.

In our digitally connected age, the prevalence of online financial transactions has seamlessly integrated convenience into our daily lives. However, this accessibility also exposes individuals to an escalating threat—financial phishing scams. This sophisticated form of cybercrime deploys deceptive tactics, targeting sensitive financial information such as credit card details, login credentials, and personal identification details.

Financial phishing takes on various guises, with fraudsters employing intricate strategies to manipulate individuals into revealing confidential information. These scams appear as deceptive emails, text messages, or meticulously crafted websites designed to mimic legitimate financial institutions, government agencies, or reputable organisations. The ultimate objective is to entice recipients into clicking on malicious links or entering sensitive details on counterfeit websites.

Common types of financial phishing

1. Email phishing:

Phishing emails are fraudulent emails, skilfully designed to mimic official communications from banks, credit card companies, or government entities. Employing psychological tactics, these emails generate a deceptive sense of urgency by claiming issues with accounts that require immediate attention, such as updating personal information or resetting passwords.

Example: You receive an email supposedly from your bank, informing you of a security breach in your account. The email contains urgent language, stating that your account is at risk unless you take immediate action. It prompts you to click on a link provided in the email to verify your account details and secure your account.

Red flags to spot an phishing email:

• Urgent language: The email creates a sense of urgency to prompt immediate action.
• Suspicious link: Hovering over the link reveals a URL that does not match the official website of your bank.
• Requests for personal information: The email asks you to provide sensitive information such as your username, password, and credit card details, claiming it’s necessary for account verification.

2. Phishing websites:

A phishing website is designed to replicate the look of an legitimate financial website, tricking users into entering their login credentials or personal information unwittingly.

Example: After clicking on the link in the phishing email, you are directed to a website that closely resembles your bank’s official website. The fake website may display the bank’s logo, branding, and layout to appear legitimate. It prompts you to enter your login credentials, claiming it’s necessary to secure your account and resolve the purported security breach.

Red flags to spot a phishing website:

• Suspicious URL: Although the website looks legitimate, the URL in the address bar may have slight variations or misspellings compared to the genuine bank’s website.
• Lack of HTTPS: Legitimate financial institutions use HTTPS encryption to secure data transmission. The absence of HTTPS in the URL indicates that the website may not be secure.
• Requests for personal information: The website prompts you to enter sensitive information such as your username, password, and credit card details, claiming it’s necessary for account verification.

3. Smishing (SMS phishing):

Smishing involves scammers utilising text messages to simulate official correspondence, urging recipients to click on a link or call a provided number in order to address an urgent issue.

Example: You receive a text message on your mobile phone, appearing to be from a reputable financial institution. The message claims that your credit card has been temporarily suspended due to suspicious activity. To resolve the issue, you are instructed to click on a link provided in the message or call a specified number immediately.

Red flags to spot a smishing:

• Urgent tone: The message creates a sense of urgency, pressuring you to take immediate action to avoid potential consequences, such as a suspended account.
• Unsolicited message: You did not initiate any contact with the institution, and the message comes out of the blue, raising suspicion about its legitimacy.
• Generic greetings: The message may use generic greetings like “Dear customer” instead of addressing you by your name, indicating a lack of personalised information.
• Misspellings and grammatical errors: Phishing messages often contain spelling mistakes or grammatical errors. Legitimate communications from financial institutions are typically well-written and professional.

4. Vishing (Voice phishing):

Vishing involves scammers impersonating bank representatives to coerce individuals into providing sensitive information or verifying account details over the phone.

Top of Form

Bottom of Form

Example: You receive a phone call from a person claiming to be a representative from your bank’s fraud department. The caller informs you that there have been unauthorised transactions on your account and to resolve the issue, they need you to provide certain personal information for verification purposes.

Red flags to spot a vishing:

• Caller ID spoofing: The caller may use technology to manipulate the caller ID, making it appear as if the call is coming from the official phone number of your bank. Verify the authenticity of the call through independent means.
• Threats or intimidation: The caller may use threats or intimidation tactics, such as claiming that your account will be frozen if you do not provide the requested information immediately.
• Unprofessional communication: Phishing calls may exhibit unprofessional language, tone, or background noise. Legitimate institutions maintain a professional standard in their communication.
• Pressure to stay on the line: The caller may insist that you stay on the line and not hang up, discouraging you from verifying the call’s legitimacy independently.
• Refusal to provide call-back information: Legitimate institutions allow you to call back using officially published contact numbers. If the caller refuses to provide a call-back number or discourages you from verifying the call independently, it’s a red flag.

Stay informed, stay secure

As technology advances, so do the methods employed by cybercriminals. Recognising and avoiding financial phishing scams require a comprehensive understanding of these deceptive practices. By remaining vigilant, staying informed, and adopting robust security measures, individuals can fortify their defences against financial phishing and ensure the security of their financial information in an increasingly interconnected digital world.

To combat this growing threat, a holistic approach to safeguarding financial institutions is essential. In this article, we will explore the multifaceted nature of financial fraud and discuss strategies to effectively fraud-proof finance.

Understanding the landscape of financial fraud

Financial fraud encompasses a wide range of activities, from identity theft and credit card fraud to more complex schemes like money laundering. Fraudsters continuously adapt to new technologies and tactics, making fraud a persistent challenge for financial institutions. The following factors highlight the dynamic nature of financial fraud:

• Technological advancements: The digital age has brought about a multitude of technological innovations, but it has also created new avenues for fraudsters.

• Globalisation: Financial institutions operate across borders, making it easier for criminal organisations to exploit jurisdictional loopholes to launder money and evade detection.

• Insider vulnerabilities: Employees working within financial institutions may inadvertently become involved in fraudulent activities. This can happen when they unknowingly expose vulnerabilities or fail to detect signs of wrongdoing. For example, an employee might unintentionally share sensitive information or neglect security protocols, which could be exploited by individuals engaged in fraudulent activities.

A holistic approach to fraud-proofing finance

Incorporating advanced technological solutions is integral to a comprehensive fraud prevention strategy in the financial industry. Here, we will delve deeper into three key technological components that can significantly enhance an institution’s ability to detect and prevent fraudulent activities: device fingerprinting, user behaviour analytics, and mobile software development kits (SDKs).

1. Device fingerprinting

Device fingerprinting is a technique used to identify and track devices based on their unique characteristics, such as device type, operating system, IP address, and browser configuration. This technology plays a pivotal role in bolstering the security of financial institutions.

• Detecting anomalies: Device fingerprinting is highly effective in anomaly detection. It helps to monitor distinct device attributes and behaviour patterns that are unique to individual devices. It can swiftly detect and flag suspicious changes, including abrupt shifts in location or attempts to access accounts from previously unknown devices.

• Enhancing identity verification: Seamlessly integrating with identity verification procedures, device fingerprinting adds an extra layer of security. In cases where the device’s fingerprint does not align with the user’s historical fingerprint, it can prompt additional authentication measures to confirm the user’s identity.

• Preventing fraudulent account creation: During the account creation phase, device fingerprinting serves as a robust deterrent against fraudulent activities, especially in thwarting tactics that involve multiple account creations using the same device—a common strategy employed by fraudsters.

2. User behaviour analytics:

User behaviour analytics (UBA) analyses how users interact with a financial institution’s systems and services. It serves as a crucial tool in protecting against fraud.

• Pattern recognition: UBA systems are used to spot patterns. They do this by first learning what normal user behaviour looks like, and then they can quickly notice when things are different such as unusual login times, unexpected changes in transaction amounts, or sudden shifts in spending habits.

• Real-time vigilance: UBA operates in real-time, ensuring financial institutions can respond promptly to any suspicious activities. For instance, if a user who typically engages in modest transactions suddenly initiates a substantial withdrawal, the UBA system can immediately flag this behaviour for review.

• Continuous learning: UBA systems employ machine learning algorithms that adapt and learn from new data, making them increasingly effective at identifying evolving fraud tactics.

3. Mobile SDK (Software Development Kit):

Mobile SDKs are like toolkits for mobile app creators. They include things like tools, libraries, and special codes that help make mobile apps safer. Financial institutions can leverage mobile SDKs for:

• Robust authentication: Mobile SDKs facilitate the seamless integration of advanced biometric authentication methods, including fingerprint or facial recognition, ensuring that access to mobile banking apps remains impenetrable to unauthorised access.

• Secure data transmission: SDKs ensures private information stays safe when it is sent between mobile devices and the backend servers, using strong security and special communication rules.
• In-app security: Mobile SDKs incorporate in-app monitoring and security features, empowering real-time observation of user interactions within the app. This helps identify and prevent fraudulent activities such as click fraud or data injection attacks.

Where security meets user trust

As the financial landscape continues to evolve, an ongoing commitment to fraud prevention and detection is crucial to maintaining the integrity of the industry. Integrating elements such as device fingerprinting, user behaviour analytics, and mobile SDKs into the fraud prevention strategies is not solely a security concern; it is also about providing a seamless and secure user experience, all while fostering and nurturing trust among customers.

The awards are presented in three categories, across various industry sectors, these categories are:

• Highest Growth in Profit After Tax over three years
• Highest Returns on Equity over three years, and
• Highest Returns to Shareholders over three years

This year, Microlink secured the Award for Highest Return on Equity Over Three Years in the Technology Sector, last year Microlink won Highest Returns to Shareholders Over Three Years. Other sectors include Construction, Consumer Products & Services, Energy, Financial Services, Healthcare, Industrial Products & Services, Plantation, Property, REIT, Telecommunications, Media & Utilities, and Transportation & Logistics.   

Microlink Group Chief Operating Officer, Wong Kwang Chwen and Group Chief Financial Officer, Eddie Thoo, were on hand to receive the Award at a celebration event held at The Four Seasons Hotel, Kuala Lumpur. “We are deeply honoured to once again be chosen as a recipient of a prestigious award within this distinguished realm of business excellence. This award signifies an affirmation of Microlink’s unwavering commitment to enhancing our services and products by fostering innovation, and delivering optimal results to our esteemed clients.,” said Kwang Chwen. 

Microlink has experienced solid growth over the last few years and is now one of the leading enterprise solutions delivery and systems integration partners in the ICT sector. This strong financial performance has also enabled Microlink to successfully transfer its share listing from the ACE Market of Bursa Malaysia Securities Berhad (Bursa Malaysia) to the Main Market, earlier this year.

Recent successes for Microlink have included a national project valued at some RM28.97 million awarded by the National Audit Department. This project to design, develop, and deliver a data warehouse, audit analytics application, audit dashboard, as well as hardware and other supporting infrastructure, aims to generate high-impact results by leveraging big data analytics and integrated data management. Under its Trading & Distribution business pillar, Microlink also represents some of the world’s leading hardware/software principals, including Oracle, IBM, and Lenovo, as well as HP Enterprise, Group-IB,  TMax Tibero DB and Stratus. The Distribution business has been recognised with multiple awards from several of the principals including IBM, Lenovo and HP Enterprise.

In this article, we will explore the common types of fraud that cybercriminals employ against users, as well as effective preventive methods that individuals can practice to protect themselves from these threats.

Types of financial threats

1. Account takeover attacks

Account takeover attacks involve unauthorised access to a user’s financial accounts. Cybercriminals use various methods, such as phishing emails, credential stuffing, and brute force attacks to compromise accounts.

• Phishing emails: These are fake emails that look real, often pretending to be from banks or companies. They contain links to fake websites where people enter their login info, which is then stolen by cybercriminals to access their financial accounts.
• Credential stuffing: Cybercriminals use stolen usernames and passwords from previous data breaches to try logging into various websites. Since many people reuse passwords, if someone uses the same password on multiple sites, attackers will be able to access their financial accounts.
• Brute force attacks: Cybercriminals try every possible combination of usernames and passwords until they find the right one. This can be slow, but it works if passwords are weak or easy to guess.

Once unauthorised access is gained, they can manipulate transactions, steal funds, or access sensitive information.

Preventive measures:

• Enable multi-factor authentication (MFA): MFA adds an extra layer of security beyond the password, combining your password with a code on your phone. This ensures that even if cybercriminals acquire your password, they will not be able to access your account without the additional verification.
• Strong passwords: Regularly update your passwords and utilise complex passwords, including a mix of uppercase and lowercase letters, numbers, and symbols. Avoid easily guessable choices like birthdays or common words.
• Awareness: Learn to recognise suspicious emails or websites that may trick you into revealing sensitive information. Remember to always:
• Verify the legitimacy of the domain (the part of the email address after the “@” symbol) before trusting the email
• Do not open attachments from unknown sources
• Check for bad spelling and grammar in the email
• Be suspicious if they ask for personal or financial info

2. Banking malware

Banking malware infects a user’s device to gain access to sensitive banking information and credentials. These malware strains often go undetected by traditional antivirus software, making them dangerous tools for cybercriminals.

Preventive measures:

• Anti-malware software: Install reputable anti-malware and antivirus software to regularly scan and protect devices from potential threats.
• Software updates: Keep operating system, applications, and security software updated to ensure the latest security patches are applied.
• Download caution: Refrain from downloading files or clicking on links from unknown sources, as these can often be carriers of malware.

3. Web injections

Web injections involve attackers injecting malicious code into legitimate websites, altering their appearance or functionality to collect sensitive information from users. This type of fraud can lead to stolen login credentials, personal details, and financial data.

Preventive measures:

• HTTPS sites: Use websites with HTTPS encryption only, especially for financial transactions, as this helps in ensuring secure data transmission.
• Stay updated: Regularly update browser and plugins to stay protected against known vulnerabilities.
• Ad-blockers: Use ad-blockers or script blockers to minimise the chances of encountering malicious code injected through advertisements.

4. Fraud on the 3D Secure (3DS) platform

The 3D Secure platform is used for online credit and debit card transactions. However, cybercriminals have exploited vulnerabilities in this system, leading to unauthorised transactions and financial losses for both consumers and merchants.

Preventive measures:

• Transaction vigilance: Keep a watchful eye on your transactions and report any unusual or unauthorised activity immediately.
• Review transactions: Before confirming during the 3D Secure process, carefully review transaction details for accuracy and legitimacy.
• Verification tools: Utilise fraud detection tools provided during the 3DS process to assess transaction authenticity.

5. Scam calls

Scam calls, also known as “vishing” (voice phishing), involve fraudsters impersonating legitimate entities over the phone to extract sensitive information or initiate unauthorised transactions. These calls often use social engineering techniques to manipulate victims into providing personal and financial details.

Preventive measures:

• Caller verification: Always verify the caller’s identity before sharing any personal or financial information over the phone.
• Independent confirmation: Verify the caller’s identity by independently contacting the institution using official contact information.
• Education: Educate yourself about common vishing tactics and red flags.

Stay vigilant, stay secure

As the financial services industry continues to evolve, so do the tactics used by cybercriminals to commit fraud. Protecting against these threats requires a multi-faceted approach that includes technological solutions, education, and vigilance. Maintaining awareness and taking proactive measures remains pivotal in navigating the dynamic realm of financial services and fraud prevention.