Dear Valued Customers / Pelanggan Yang Dihormati,Update: 6 July 2023
Jika anda menerima mesej mencurigakan daripada syarikat penghantaran, ia adalah scam! Jangan sekali-kali:
Jika terkena scam, segera hubungi 03-5516 9800 atau Pusat Respons Scam Kebangsaan di 997 (8am - 8pm, setiap hari) dan buat laporan polis.
The banking industry, has launched the National Scam Awareness Campaign on 30 October 2022. This National Scam Awareness Campaign is a continuation of the banking industry's efforts to combat scams as well as to educate consumers regarding scams while sharing easy tips to stay safe online. The Campaign complements the 5 key measures to be implemented by the banks to combat financial scams as stated in ABM's press release dated 27 September 2022 (click here). As part of the campaign, the banking industry urges the public to remember 3 simple steps to keep safe and not fall victim to scams: STOP, THINK, BLOCK (or AWAS. FIKIR. BLOK in Bahasa Malaysia), when they receive any calls, messages or emails from unknown parties.
The tagline "Ingat 3 Saat OK" and the hashtag #JanganKenaScam will be carried by all member banks towards a cohesive and targeted nationwide campaign to ensure the public are continuously informed and equipped with the necessary information and awareness on the different types of modus operandi employed by scammers and best practices to keep themselves safe online, which will make it harder for scammers to succeed in luring victims.
SMSSpy campaign to steal Malaysian banking user credential
Large-scale Phishing Campaign Bypasses MFA
Scammers are posing as seller at various e-commerce sites (i.e. Shopee, Lazada) and social media sites (i.e. Facebook, Instagram) and are scamming buyer by:
Phishing is a tactic used to obtain sensitive information for malicious intent by impersonating a trustworthy source, such as a bank. This is usually also referred to as ‘baiting’ the victims.
Scammers will trick the victims into giving out their login/user IDs, account details, passwords, PINs and other sensitive information to gain access to the victim’s banking accounts or for identity theft.
The most common modes of phishing are via SMS, telephone calls and emails.
The information obtained by the scammer could be used to make unauthorised purchases using the victim’s credit card(s), withdrawal/transfer of money from the victim’s bank accounts, or may be used to apply for loans. This will result in potentially significant financial and reputational loss to the victim.
Immediately call the bank’s customer service number stated at the back of the credit card or on the bank’s website to check whether such a transaction has actually been charged.
Do not call the number provided in the SMS if you are uncertain or suspect dubious activity.
Immediately hang up and call the bank’s customer service number directly. The list of bank’s helpline can be found on the back of your credit card or on the bank’s website.
Banks will never call to ask for sensitive information from customers. If in doubt, hang up and check with your bank by calling the customer service number stated on the back of your credit cardv or on the bank’s website or go to the nearest branch for verification.
Scammers have ways to modify the caller’s number that you see on your phone to make it look like it is from the bank by using Voice over Internet Protocol, also known as VoIP.
If you have any suspicions, hang up and call the bank directly at the number stated at the back of the credit card or on the bank’s website to verify the legitimacy of the call.
Do not disclose any information to the caller. Hang up immediately. If you are worried that your identity has been used to apply for a credit card at that bank, call the bank directly or visit the nearest branch to confirm that there is no credit card issued to your name. You should lodge a report with the bank concerned.
Do not panic. Hang up immediately. If you are worried that your identity has been used to apply for a loan at that bank, call the bank directly or visit the nearest branch to confirm that there is no loan facility in your name. You may wish to lodge a report with the bank concerned or the police.
Never click on links or icons in unsolicited e-mails and do not reply to such e-mails. Delete them immediately.
In a new browser, go to the bank’s legitimate site by typing the bank’s website/URL directly into the address bar. The online banking sites of all Malaysian banks are secure so please look for the closed padlock icon next to the website address. The site should also begin with https:// instead of http://.
All banks’ online banking sites are secure. Look out for the closed padlock icon next to the address bar or in the bottom status bar. Also, the secure website address will begin with https:// instead of http://.
Note that all secured websites will have a Secure Sockets Layer (SSL) which is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. The icon of an SSL will appear as illustrated below. Note that this icon will appear whenever a secured connection is located by your web browser.
Consider installing security software such as those offered by anti-virus specialists that can help detect virus, filter SPAM and/or ensure secure internet usage (firewalls).
Turn off your computer when not in use to avoid criminals gaining access and misusing it for fraudulent purposes, which includes launching phishing attacks.
It would be wise to change your passwords periodically as well and always use hard to guess passwords combining uppercase, lowercase and numbers. Whenever possible, also include a special character such as *, &, $ and !