Malaysian Police Arrest Four SMS Blaster Smishers

By Eric Priezkalns
Risk, Fraud & Security
Scammers sent messages that impersonated Malaysian mobile operator Maxis.

A press conference and Facebook post from Jabatan Siasatan Jenayah Komersil (JSJK), the commercial crime investigative division of the Royal Malaysia Police, revealed on Tuesday the details of an SMS blaster smishing gang that was arrested on 19 November. Four men were taken into custody, accused of being supervisors, operators and drivers of two cars that carried SMS blasters around the Klang Valley conurbation. This region is home to 8.8 million Malaysians and includes Kuala Lumpur, Putrajaya and adjoining towns. Police estimated that the range of the SMS blasters they seized is between 500m and 1km, and that around 32,000 victims could have been messaged each day that the scam was live. Investigations so far indicate that this scam may be responsible for around MYR117,000 (USD26,300) stolen from victim’s accounts.

Like the Thai case revealed last week, victims of the Klang Valley gang received SMS messages stating they had earned ‘points’ from their comms provider, and were presented with a hyperlink to redeem them. The link took them to a phishing website which asked victims to enter their banking details and the one-time password (OTP) which the criminals would have used to transact on the victim’s account. However, the reported range of the radio devices used in this scam is less than that of the SMS blaster that was confiscated in Thailand. The device seized in Thailand was said to have sent almost a million SMS messages in just three days, presumably aided by its having a superior range of 3km.

Police stated that the men who drove and operated the SMS blasters received a daily salary of MYR300 (USD67.50) from their criminal bosses. Seizures included two sports utility vehicles that were used to transport the SMS blasters around Klang Valley, nine mobile phones and various other equipment. Look below for embedded video footage of some of the seized equipment, as recorded by Peng Kaixin of China Press.

Video Player

Maxis was named as a mobile operator which had been impersonated by the fraudsters. The national comms regulator, the Malaysian Communications and Multimedia Commission, was also credited with assisting with the operation, although their role was not clarified. The regulator emphasized that they had already prohibited the inclusion of any URLs in SMS messages. Industry insiders have suggested to me that the ban on hyperlinks is opposed by some Malaysian business interests, but this latest scam highlights the resources that criminals are willing to dedicate to luring victims to phishing websites.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, a widely-travelled consultant, a Chief Marketing Officer for a software business, the Chief Executive of the Risk & Assurance Group, and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. He is a public speaker, a ghostwriter, a qualified chartered accountant and a subject matter expert in scam prevention, consumer protection, enterprise risk management, data integrity and billing accuracy. Eric was also the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. Eric can be reached through the contact form on this website.

Related Articles

PreviousNext

The Commsrisk Global Fraud Dashboard

Commsrisk's Global Fraud Dashboard uses AI to collate, update and visualize data about network abuses from around the world. 11 maps and graphs are included at launch; more are in the pipeline. See the Global Fraud Dashboard here.

Get Our Weekly Newsletter by Email

Articles copyright © the author, all else copyright © Revenue Protect Limited