FAQs

Phishing is a tactic used to obtain sensitive information for malicious intent by impersonating a trustworthy source, such as a bank. This is usually also referred to as ‘baiting’ the victims.

Scammers will trick the victims into giving out their login/user IDs, account details, passwords, PINs and other sensitive information to gain access to the victim’s banking accounts or for identity theft.

The most common modes of phishing are via SMS, telephone calls and emails.

The information obtained by the scammer could be used to make unauthorised purchases using the victim’s credit card(s), withdrawal/transfer of money from the victim’s bank accounts, or may be used to apply for loans. This will result in potentially significant financial and reputational loss to the victim.

SMS

Immediately call the bank’s customer service number stated at the back of the credit card or on the bank’s website or here to check whether such a transaction has actually been charged.

Do not call the number provided in the SMS if you are uncertain or suspect dubious activity.

Immediately hang up and call the bank’s customer service number directly. The list of bank’s helpline can be found on the back of your credit card, on the bank’s website or here.

CALLS

Banks will never call to ask for sensitive information from customers. If in doubt, hang up and check with your bank by calling the customer service number stated on the back of your credit card, on the bank’s website or here or go to the nearest branch for verification.

Scammers have ways to modify the caller’s number that you see on your phone to make it look like it is from the bank by using Voice over Internet Protocol, also known as VoIP.

If you have any suspicions, hang up and call the bank directly at the number stated at the back of the credit card, on the bank’s website or here to verify the legitimacy of the call.

Do not disclose any information to the caller. Hang up immediately. If you are worried that your identity has been used to apply for a credit card at that bank, call the bank directly or visit the nearest branch to confirm that there is no credit card issued to your name. You should lodge a report with the bank concerned.

Do not panic. Hang up immediately. If you are worried that your identity has been used to apply for a loan at that bank, call the bank directly or visit the nearest branch to confirm that there is no loan facility in your name. You may wish to lodge a report with the bank concerned or the police.

EMAILS

Never click on links or icons in unsolicited e-mails and do not reply to such e-mails. Delete them immediately.

In a new browser, go to the bank’s legitimate site by typing the bank’s website/URL directly into the address bar. The online banking sites of all Malaysian banks are secure so please look for the closed padlock icon next to the website address. The site should also begin with https:// instead of http://.

Example

All banks’ online banking sites are secure. Look out for the closed padlock icon next to the address bar or in the bottom status bar. Also, the secure website address will begin with https:// instead of http://.

Note that all secured websites will have a Secure Sockets Layer (SSL) which is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. The icon of an SSL will appear as illustrated below. Note that this icon will appear whenever a secured connection is located by your web browser.

Example

Consider installing security software such as those offered by anti-virus specialists that can help detect virus, filter SPAM and/or ensure secure internet usage (firewalls).

Turn off your computer when not in use to avoid criminals gaining access and misusing it for fraudulent purposes, which includes launching phishing attacks.

It would be wise to change your passwords periodically as well and always use hard to guess passwords combining uppercase, lowercase and numbers. Whenever possible, also include a special character such as *, &, $ and !

What is phishing?

What are the possible risks/implications if I have given the scam caller my details?

SMS

What should I do when I get an SMS stating I have performed a credit card transaction that I am not aware of?

What should I do when I get an SMS stating I have performed a credit card transaction that I am not aware of?

CALLS

What should I do if I get a call from someone claiming to be an officer from my bank who asks me to give my details over the telephone for reasons of updating my banking records?

The number that appears on my mobile phone is the same as my bank’s official number. Can I trust that it really is a call from the bank?

I received a call from a bank to verify a charge to my credit card for a large purchase but I don’t even have a credit card from that bank. What should I do?

I received a call from a bank and a voice recorded message said that my loan payment is due but I don’t have any loans from that bank. What should I do?

EMAILS

I have been receiving emails from banks saying that my bank account has been suspended/about to receive a huge sum of money, etc. The email asked me to click on the link provided to verify my details. What should I do?

How do I know if the bank’s website is a secured website?

How do I protect myself from unsolicited fraudulent or scam mails?