KUALA LUMPUR, Aug 11 — The public is again urged to activate two-factor authentication (‘two-factor authentication’ — 2FA) for social media accounts and messaging applications to avoid falling victim to an account takeover by fraudsters.

The Malaysian Communications and Multimedia Commission (MCMC) in a statement also advised the public to not share any verification code and not to click on any suspicious uniform resource locator (URL) or link.

According to MCMC, the takeover of messaging application accounts occurs through camouflage tactics and persuading the victim to submit a four-digit, five-digit or six-digit verification code or security code sent by a messaging application provider either through the service short messages (SMS), email or other settings.

“Among the tricks and modus operandi often used include fraudsters impersonating an authority using fake messaging accounts and using intimidation or extortion to obtain verification codes. Masquerading as a friend or family member by using a messaging account that has been taken over, they plead to the victim to submit a verification code claiming it was theirs and that the messaging provider had mistakenly sent the code to the victim,” said MCMC in the statement here tonight.


The MCMC added that the perpetrator may also disguise as an authority and inform that the victim has been chosen to be part of a secret group created by the government. The victim is then directed to share the verification code sent via messaging or SMS to gain access to the secret group.

Perpetrators will fish for data (phishing) by informing “...that the purported victim has committed a privacy or copyright violation before being told to click on the bogus link provided for correction,” said MCMC.

Victims can make a complaint directly to the platform operator or at https://aduan.skmm.gov.my/. — Bernama