It has been a long time since I wrote Scam Site series. This post is the continuous post from Maybank Scam Site which I believe it would have gone by now. Never mind, as long as it could serve for educational purposes, I would rather to post it here.

In the first place, I was receiving an email requested that I should perform an activation of my new online payment system. Without any doubt, the link is available for me to click. The sender looks real and no one would ever think twice of this scam at all. ALL I DO is just a click!

If you’re using Maybank 2U Online all the while, then WHAT THE HELL www-e m p r e n d i n e t-com-ar came into this picture? Won’t you feel something fishy going on?

Even though this website LOOKS SO REAL but definitely is FAKE! Customer will fall into prey once they typed their username and password which will end up to the scammer database. They purposely setup this site to capture your online banking data.

Instead, you will NOT get into the real menu page, but a FAKE notification about your TAC being send to your mobile phone. In the background they were standby to use your username and password to login to real website and hence the real request of TAC coming in.

You will be re-directed to a page which request you to put your TAC number on it. Once you received the TAC, that’s mean scammer was IN the real session of Maybank2u. Only thing they left is your TAC number so that they can perform a VALID transaction of your money.

Session logged you off once you enter your TAC code. Your money will gone like that without your knowledge.

Please DO NOT trust almost anything send by bank for some fishy stuff like above. Bank never request you to login or show you the page to login via email. This threat has been around us all the time and some non-savvy user had lost their saving because of this. It’s hard to recover back the money because of the valid login and correct TAC being used to transfer out their money.

There are also various type of email scam outside there to share with you all.

Site 1: Requesting your internet banking details. Straight forward. To resolve your problem? What problem? Fail to update my profile is the problem to the bank?

Site 2: Request to unblock my account after my account getting block. If it’s really blocked, one have to know that simply provide correct login WILL NOT unlock your account. Instead, you have to call Customer Careline to resolve your issues with few verification on your identity.

Site 3: Request to update the security settings. First of all, the weak grammar has put it OFF their scam attempt. Second, the authentication word has been spelled wrongly. In fact, the real fake website is lies under the link once you click it.

The last funny part is Scammer was trying to ALERT user to not share their login details but in fact, this email is requested them for a login and share the world their login details. To user’s mind, sharing means telling other people in direct way, but this scam was asking in indirect way. So scammer won this scam attempt.

Site 4: Unauthorized attempt detected. Again, Scammer was acting like a police or security team. First of all they simply create a situation to confuse customer that their account has been kicked off. Due to the massive security scam awareness, Scammer try to take another way to capture the online banking details (login).

There’s NO WAY online banking can be verified by TAC code. TAC code is used to perform transaction and any changes to your banking needs. Not used for verification. Please take note. Also this entire unsuccessful login attempt story was FAKE, therefore, please call Customer Service line to confirm whether your account has been breached or not.

Remember, with this combination username, password and TAC given to the source asking for, and you’re DONE. Say goodbye to your money.

Bank had been hitting badly with phishing activity and continuously advise customer to seek awareness of those scam alert.