KUALA LUMPUR: An international syndicate headed by a Malaysian software developer has led to its victims incurring more than RM1.2 million in losses.
Inspector General of Police Tan Sri Razarudin Husain said eight people, including the mastermind aged 29 to 56 were detained in various locations in Sabah, Selangor, Perak and here on Nov 6.
A special operation dubbed 'BulletProftLink' was launched with assistance from the Australian Federal Police (AFP) and United States Federal Bureau of Investigation (FBI) after receiving a tipoff two weeks ago regarding the syndicate's operation which was based here.
He said the syndicate will develop phishing templates and scripts similar to government websites in various countries including Malaysia, Australia and the United States to obtain credentials of the users.
He said a total of 1,038 details including that civil servants such as Customs personnel were also compromised.
A total of 37 reports were lodged to the police so far. Razarudin said the police have launched investigations under Section 41 of Computer Crimes Act 1997 and Section 420 of the Penal Code.
"The syndicate creates phishing templates that is similar to the '.gov' domain where when users click on the popups, they are able to access their information.
"They started the operation back in 2015 but became active around the year 2020," he told a press conference at Bukit Aman here today.
Also present was Bukit Aman Commercial Crime Investigation Department director Datuk Seri Ramli Mohamed Yoosuf.
Razarudin said the syndicate head, who is in his 40s, has no educational background related to information technology, but he acquired skills to develop the phishing sites and launched the spam attacks.
He is assisted by the other syndicate members who have knowledge on phishing attacks.
The mastermind has no other legitimate income sources other than the illicit activities, he said.
"We seized around RM960,000 put inside an e-wallet, apart from other valuables during the simultaneous raid we conducted earlier this week.
"I do not think this is all they earned. He must have sold the credentials for money including on the dark web," he added.
Razarudin said the syndicates might have also been selling the phishing scripts and templates to other scammer groups.
The police is in the midst of identifying the customers to the syndicate, he said.
When asked if the police can list out the list of web pages used by the syndicate, he said it would cause unnecessary distress amongst the affected victims.