KUALA LUMPUR: Police arrested four men who drove around in sports utility vehicles packed with telecommunication tools used to gather confidential information on banking transactions. The suspects were believed to be working in cahoots with a syndicate.
They used fake base transceiver station (BTS) devices to send fraudulent messages to mobile phone users within a 1km radius to gather crucial information, including one-time passwords used in bank transactions.
Federal Commercial Crime Investigation Department director Datuk Seri Ramli Mohamed Yoosuf said police began a joint probe with the Malaysian Communication and Multimedia Commission following a report lodged by a 30-year-old man.
"The complainant claimed that he received a message from a telecommunications service provider over points accumulated which could be used to redeem certain items.
"The complainant proceeded to click on the link in the message and filled out his details including his banking one-time password," he told reporters today.
He said the victim realised that RM1,500 was missing from his bank account after he completed the form.
"Following an investigation and intelligence gathered, we conducted a joint operation with the MCMC and Maxis within the Klang Valley area which led to the arrest of four men between the ages of 39 and 46.
"We also seized a variety of equipment, including three batteries, two power inverters, two Global System for Mobile communication (GSM) modules, two wifi modems, three transceiver antenna, two fans, nine mobile phones, six wire connectors and a screwdriver.
"Police also seized two sports utility vehicles," he said, adding that investigations revealed that the suspects were paid RM300 daily to operate the devices while on the move.
Ramli said the syndicate has been linked to 12 cases so far which resulted in RM116,271 in losses. He said the syndicate would operate the BTS devices in populated areas to send out Short Message Service (SMS) Messages which were made to look like authentic SMS messages sent by the telecommunications provider.
"They do this to gather personal information including one-time passwords which can be used in online bank transactions."
Meanwhile, MCMC deputy managing director Datuk Zulkarnain Mohd Yasin said investigations revealed that the syndicate used script templates which were found on mobile phones.
"We believe they used specifically designed mobile applications in their operations. They did not require special knowledge to operate the devices," he said, adding that telecommunications providers have also been instructed to never place links within their official SMS messages.
Ramli did not rule out the possibility that the group was part of a larger syndicate which operates abroad.
"We are investigating how and where the syndicate acquired the devices. We will continue our cooperation with MCMC to ensure such illegal activities do not become rampant," he said.