PETALING JAYA: Cybercriminals are getting into your head.
Realising that victims are no longer falling for the 'I'm a Prince who wants to deposit US$50mil (S$69 million) into your account' e-mail, these syndicates have enlisted psychologists and behavioural experts to launch targetted attacks on companies, groups and individuals.
By going through their victims' social media accounts, they learn more about their targets and are able to craft attractive e-mail, prompting them to respond.
Clicking on the link in the e-mail will download malware that encrypts your device. Computers, smartphones, smartwatches and any other network-connected device, can be locked by cybercriminals who will only release it for a fee, or "ransom".
Such ransomware has reached our shores, with a total of 5,069 attacks in Malaysia last year, according to cybersecurity company Symantec Corporation.
"The new modus operandi uses social engineering, with the e-mail being crafted by Malaysians who know the local scenario and how to trigger emotional reactions," Symantec (Asia Pacific and Japan) cyber security services senior director Peter Sparkes told Sunday Star.
For example, if they find out from Facebook that you went shopping, you could get an official-looking e-mail from a trusted source like a government body or postal department saying: 'You've received a free gift from shopping at our KL outlet. Click this link to trace your parcel'.
"Or if they see you at a cycling event, the e-mail could say: 'Thank you for participating. Click on the link for photos and videos of the ride'," he said.
"To decrypt your device, they'll ask for about US$200 (RM782) in virtual currency like Bitcoin, to bypass the banks," Sparkes added.
Acknowledging this new threat, Malaysian Communications and Multimedia Commission (MCMC) strategic communication head Sheikh Raffie Abd Rahman urged the public to be more alert.
He said one of the most commonly used social engineering techniques was phishing attacks targetting online banking customers.
Such cases would be investigated by the police under the Computer Crimes Act 1997 or the Penal Code.
A total of 1,311 phishing websites have been blocked by the MCMC between last year and March 8.
This includes fake pages created to acquire personal information such as usernames, passwords, banking information and credit card details by masquerading as a trusted entity in an electronic communication.
CyberSecurity Malaysia (CSM) chief executive officer Dr Amirudin Abdul Wahab said the number of incidents reported to the CSM indicates the growing threat of ransomware here.
Revealing that local businesses are also targeted, he said the CSM will work together with international communities to share current information on ransomware threats and disseminate them to the public.
Malaysian Mental Health Association deputy president Datuk Dr Andrew Mohanraj said cybercriminals have become more sophisticated in their approach by enlisting psychologists.
"But whichever methods they use, there is an underlying modus operandi of appealing to human emotions of fear, greed, curiosity, loneliness, compassion or even spirituality," he said.