Security Alert: Don't be a victim of email or SMS fraud! (Maybank Fraud hotline: +603-58914744)

#1

Maybank Online Banking Fraud Scam Alert

Online Fraud involves customers getting duped into giving away their internet banking login credentials and other confidential information via a phishing scam, or by their PC being infected with malware that is designed to retrieve information illegally.

Fraudsters will then use this information to siphon money from a customer’s account to a fraudulent beneficiary account or ‘mule account’.

What Is Phone Scam?
Phone scam happens when a customer receives phone call from a “bank” to confirm a credit card transaction, such as a transaction at XXX Jewellery purportedly charged to the customer’s credit card.

What is Malware?
Malware is also known as "malicious software."Malware is any kind of unwanted software that is installed without your adequate consent. Viruses, worms, and Trojan horses are examples of malicious software that are often grouped together and referred to as malware.

How does a Malware scam works?

  1. Victim receives an SMS with a link to Maybank2u website from 66628
  2. Victim opens the link provided.
    iOS device: A phishing notification appears
    http://www.maybank2u.com.my/WebBank/malware-img2.jpg
    Android device: A fake Maybank2u website (phishing site) appears
    http://www.maybank2u.com.my/WebBank/malware-img3.jpg
  3. Victim follows the installation instructions provided.
    Once the download completed, the malware is installed in the device. Victims may receive an SMS from an unknown number saying “Hi” and followed by a few other messages from the same number. This text message is sent to test the malware in the device with the info provided.

Steps on how to identify and protect from malware

  • Open your anti-virus software and check for the latest updates. It is strongly recommended for you to have anti-virus software installed in your computer/devices.
  • Run a full system scan using your anti-virus software.
  • If the scan finds the virus or malware and successfully removes it, you must reset your password and memorable information. Then only you can login to your Internet Banking as usual.

Basic Signs your smartphones is infected

  • Unexplainable draining of battery
  • Pop up dialogs to install other applications/ unwanted Ads
  • Your antivirus not running (some malware disables antivirus)
  • Your monthly data / phone usage increased (check your bill for unknown transactions)
  • Overall performance of the smartphone reduced
  • Apps crash unexpectedly
  • SMS doesn’t get delivered/Calls disrupted

How to protect your device from malware?

  • The best protection from malware:
  • Use anti-virus software. Install and maintain an updated, quality antivirus program.
  • Be choosy. Think before you download any files or programs. Ask yourself if you can trust the source and whether the site is genuine.
  • Install updates regularly. Things are always changing, so it’s important to keep your operating system (e.g. Windows), Internet browser, applications (e.g. Adobe Acrobat, Java) and firewalls up to date.
  • Stay safe online. Always use websites and programs that you can trust. Be sure of what you’re agreeing to before clicking ‘OK’.
  • Be careful. Do not open spam email messages containing attachments or click links on suspicious websites.
  • Keep yourself updated. Regularly check security alerts and advisories to obtain the necessary information to protect your device. This helps to prevent you from becoming a victim of common security threats such as banking fraud and identity theft.

Don’t Fall for Maybank Phishing Scam

What is Phishing

  • Phishing is a word stemmed from password + fishing.
  • Phishing scams are a form of identity theft, where spam emails are sent out to entice the victims to update their banking credentials.
  • The victims are tricked to click on a bogus hyperlink provided by the fraudster as long as they maintain an email account.
  • The victims will then be redirected to a fake login site that is identical to the Maybank2u website.

Latest Phishing Emails In Circulation

How To Spot A Phishing Email
Phishing websites and emails often look like the real website. Because of that, unsuspecting victims may reply to them and provide confidential personal information that can result in financial losses and identity theft.

Never respond to emails that:

  • Requires you to submit your personal information directly into the e-mail or online.
  • Requires you to reregister your security image, caption and challenge questions.
  • Threatens to close or suspend your accounts if you do not respond.
  • Claims there are unauthorized transactions on your account and requires your account information.
  • Claims that your account has been compromised and requests you to enter, validate or verify your account information.
  • Requires you to enter your card number, password, user ID or account numbers into an email, pop-up window or non-secure webpage.
  • Requires you to confirm, validate, verify and/or update your account or credit card information.
  • Requires you to confirm your IP address.

Report A Phishing Email

  • If you receive a suspicious email asking you to confirm the details of your Maybank account, please forward it to cybersecurity.echannels@maybank.com.my
  • If you have entered your personal information after clicking on a suspected link, please call us immediately at 03-58914744.

What Is An SMS Scam

  • An SMS Scam happens when a customer receives an SMS claiming they have won “cash rewards”.
  • They are then lured to respond by following the fraudster/syndicate’s instructions to apply for internet banking.
  • These SMS Scams have been sent out by fraudsters pretending to be from well known organisations.

Protect Yourself

  1. Manually Key-in URL
    Always type Maybank2u’s URL address www.maybank2u.com.my into your browser to ensure you enter the official Maybank2u.com website
  2. Image Verification
    Only log in if you see your chosen security image and phrase.
    If you see any other Image, Phrase, or any of the samples shown below, DO NOT PROCEED.
    http://www.maybank2u.com.my/WebBank/img_cysec02a_21112.jpg
  • DO NOT key in your password if the image is not available.
  • DO NOT key in your password if the image is “Loading”.
  • DO NOT key in your password if customers are required to RE-register their security image and Challenge Question.
  1. Protect your password
  • Do not share your password with others.
  • Make your password unique, containing a mix of different character types: letters(upper and lower case), numbers, punctuation marks, etc.
  • Have a different password for each online account.
  • Change your password several times a year.
  1. Read carefully before you proceed
    Kindly ensure you read the service requested for TAC before you key in the TAC number.
  2. Site Authentication
    Before entering your username and password,
  • Observe the lock iconlocated next to the browser’s address bar.
  • The certificate should only be for www.maybank2u.com.my and no other websites.
  • DO NOT click on any lock icons on the webpage itself.
  • If you do not see any lock icon as shown in the url address bar, DO NOT PROCEED.
  1. Update Your Browser
  • The latest version of several browsers can detect and warn you of many phishing sites. If you see a phishing warning message on your browser, DO NOT PROCEED.
  • For a safer internet banking experience, always download the latest version of your internet browser.
  • The bare minimum for better browser security is:
    • Internet Explorer 8/9
    • Mozilla Firefox 5.0.1
    • Google Chrome 13
    • Apple Safari 5.1
  1. Phone/Credit Card Scam
  • If you receive calls regarding credit cards or loans claiming to be from any financial institutions, please DO NOT share your username, password and Transaction Authorisation Code (TAC) number. DO NOT respond to requests to update 3rd party TAC mobile number.
  • We encourage you to take precaution when giving out any confidential information (including your credit card number) over the Internet/phone or any other channels.
  1. SMS Scam
  • Do not follow instruction from other party to apply internet banking.
  • Register your mobile number for your TAC
  • Do not register 3rd party mobile number as your TAC mobile number.
Beware of Concurrent Online Backing Account Hack & Mobile Phone Service Hack - Real RM10,000 Online Theft Incident in Malaysia