She was behaving strangely, adding all her friends on a new Facebook account and even asking them for money.
Claiming that she had lost her phone, she asked for their numbers and mobile service provider, too.
The reason for this unusual behaviour: it simply wasn’t her.
Kam, a company executive in her 30s, had fallen victim to an identity thief who created a duplicate Facebook account with her name and profile photo.
Kam added that her friends sensed something amiss because she “sounded different”.
“They stopped communicating when the impersonator asked them for money.
“They contacted me after realising something was not right,” she said, adding that she immediately changed her password.
Kam’s case is one example of identity theft, which is on the rise.
Such incidents, where criminals steal personal details and exploit the information, shot up by 16% from 220 in 2015 to 255 last year.
From January to September this year, 262 cases have already been reported to CyberSecurity Malaysia (CSM).
Full names, MyKad numbers, birth dates, bank account numbers, e-mail addresses, phone numbers, home and work addresses are among the types of data stolen.
The identity thieves use this data, sometimes impersonating their victims, to apply for loans and credit cards, buy expensive items, make counterfeit credit cards, commit online fraud and even transfer money out of the targets’ accounts.
“Some also use (stolen details) for activities on the dark web to hide their real identity,” CSM chief executive officer Datuk Dr Amirudin Abdul Wahab told The Star.
“Others also sell such personal data on the black market.”
These days, he said, most scammers extract personal information from their victims by spoofing calls and other social engineering methods.
“They pretend to be from law enforcement agencies, telcos or banks, claiming that the victims have issues to settle.”
The perpetrators then blackmail or intimidate their targets to get their hands on personal details.
Dr Amirudin said the websites most vulnerable to identity thieves are those without the latest security patches, or where the administrators use weak passwords.
He advises minimal sharing of personal information on social media.
Describing personal data as “treasure” to cybercriminals, Dr Amirudin said users should also control who can view their activities on social media.
“Make your account private and only add people you know,” he said.
The escalation in cases appears to follow an alleged data breach of mobile number data in Malaysia.
The incident was reported in October on online portal lowyat.net, which claimed the leak originated from a data breach in 2014.
It was reported that the Malaysian Communications and Multimedia Commission (MCMC) has met with telecommunications companies over the incident, involving 46.2 million mobile numbers.
The case is currently being investigated by the police and MCMC.
To avoid data breaches in general, users are advised to have different passwords for every account.
They should also refrain from revealing their identity card number unnecessarily, and enable features that add an extra layer of security to protect online accounts.However, it is not just the “constantly connected” who are at risk of identity theft.
In June, it was reported that a mute retiree found himself owing RM1,800 for a postpaid line even though he has never owned a mobile phone.
The 73-year-old was among 15 people from low-cost flats in Batu Caves who lodged reports with the MCMC. The case has since been resolved.
One victim, single mother Renukah Doraisamy, 40, said she has become very cautious when divulging her personal details.
“Even if there is a free giveaway of 100kg of rice today, I wouldn’t dare register for it,” she said.
Renukah, who runs a flower stall, said “creditors” pressed her to settle postpaid bills even though she was using a prepaid line.
“These syndicates should stop taking advantage of low-income earners like us.
“Most are not highly educated and don’t know who they can trust.”