I love to write about scam site. It serves the purpose of educating people not fall into such prey especially related to internet banking. Again, I’m not a customer of Public Bank. This is my third writing on banking scam site after CIMB and Maybank.

First of all, to begin the phishing, one has to receive a fake email claiming from the bank. It looks genuine though. Good job.

Wait. It’s not a good job done eventually. We read through and found that the email address verification expert @ pbebank above is without ‘t‘. Can I call this stupid attempt? Rushing perhaps?

Try to click on the link given, you will be directing to the other site similar to the genuine. You will not able to differentiate if you’re not IT literate user or active customer.

The address (URL) is changing to:

http:// www.publicplann.1free.ws/ public_access/ Public_Bank_Berhad_Internet_Banking.html

Try to key-in any user ID and password to test it out.

Upon click LOGIN button, the following screen will be display for few seconds.

Looks convincing but is it too simple to have such interface? Even first year student know how to create HTML redirection page like this.

The next screen will ask you to key-in the PAC number (will sent to your mobile phone). But the PAC only needs to key-in after 8 mins. Why? It’s because they need time to verify and login into your account from the ID and password key-in in earlier screen.

Once your real PAC number entered, scammer will have full access on your banking account.

However, PAC number entered will never be validated, and the error shown below. It serves the purpose to delay or making you unaware that you’re being scammed all the way from first screen.

You will be ask to click REQUEST PAC button. Again, a flaw with PAC is in small letter? Rushing perhaps?

To continue making you unaware, you will be bringing to this static page below forever. In fact, it will never load at all due to static page used.

Once you realized this is a prey (suspect something wrong with PAC and loading thingy), it will be too late already. Money is gone from your account.

With all these phishing, please be aware that bank will never ask you for ID and password. This kind of threat is just want to get your ID and password to transfer your money out. NEVER, NEVER let any third party know your ID and password.

Bank has been the main targets and was hit so badly recently.