By Fadhal A. Ghani

KUALA LUMPUR, MALAYSIA - The next time you visit your bank's website, make sure you have the right web address, or uniform resource locator (URL).

At least four people have had their bank accounts cleaned out because they went to the wrong website, one that was identical to the real bank website.

The URL of the fake website was similar to the real bank website, so similar in fact that the victims did not realise they were in a different website.

In what is called a phishing scam, the victim is prompted to key in their password and PIN numbers, ostensibly to upgrade security features.

City Commercial Crime Investigation Department chief Assistant Commissioner Mohd Aris Ramli told the New Straits Times the four victims, all professionals between the ages of 25 and 30, had lost more than RM100,000.

He said they only realised they had been cheated when all the money in their accounts was transferred to another account holder of the same bank.

Mohd Aris said the modus operandi of the syndicate involved in the scam was simple.

In some of the cases, the victims were not familiar with the URL of the bank's website and so used a search engine to find it.

When the search results are given, several URLs are listed, including the real bank website and the phishing site.

Clicking on the wrong URL brought the victims to the phishing website, where they were prompted to give their password and PIN numbers.

"Once this is done, the rest is an easy job for the syndicate," said Mohd Aris.

What happens next, he said, is that a syndicate middleman, who is an account holder at the same bank, will use the password to transfer funds from the victim's account into his or her own account.

The middleman will then transfer 90 per cent of the money into the syndicate's account in another country, keeping the remainder as commission.

Another method used is for the syndicate to send out emails or text messages urging their intended victims to upgrade the security on their accounts by going to the bank's website.

Of course, the URL given is the address for the phishing website.

Mohd Aris said investigations into the four cases so far showed the syndicate was based in Nigeria and had a bank account there, while the middleman is a local.

He said a 28-year-old woman was arrested on June 13 at her rented house in Pandan Indah here. An IT consultant of a private company in the city, she is believed to be one of the middlemen for the syndicate.

Police are now tracking down several people who are also believed to be middlemen in the scam. And, they believe many more have fallen victim to the syndicate, with losses which could run into millions of ringgit.

Mohd Aris urged victims to contact the police so investigations could be made.

He said efforts had been made to block the phishing websites, but each time the URL is blocked, another would appear only a few days later.

"The syndicate has been operating since mid-May. We believe several of the syndicate members are remnants of the black money gang.

"They could have come out with the new scam after people began to be familiar with the modus operandi of the black money scam."