I found that Maybank has been hit with fake/scam/phish email much more frequent than their counterparts. Maybank, in no doubt topping my list with fourth series with this post.

Sample phishing email

You may easily fall into trap to believe this was a genuine and absolutely NO WRONG with this email by Maybank directly, am I right? The ONE Malaysia logo has further convinced the customer to trust this email.

IN FACT, big LIAR is just behind this email. Remember to be aware of such NO SUCH REQUEST or ANY EMAIL UPDATE to customer via online ever been sent by bank on profile update, investigation, immediate response or etc.

As you should aware that, WHAT THE HELL with AOL.com in the Mail-By column?

It’s freaking easy to say that it wasn’t send by Maybank.com, right? Thanks to Gmail service who able to identify where real sender network from.

First of all, the link given will re-direct you to the unknown site. This site was build on somewhere else out from banking network and imitate exactly the real website (except those functionality and you may test clicking all the links available). Most are not working.

Warning givendepends on browser setting and security

By simply ignoring it, you are asking for DISASTER! So continuous be aware of this warning.

If you ignore the warning or NO SHOW warning from your browser … below will be the screen shots during the ENTIRE PROCESS of scamming/phishing.

  • Asking for basic information such as ID and password for key-in. Once key-in and Submit, the details will be on phished database.

Asking to enter information neededID and password exposed to phisher

  • Asking for most secure info available. By using ID and password available with them, the only thing they’ll ask for is TAC number. This number will be only sending to your mobile phone. Look like they’ll auto submit your ID and password to get TAC number to deliver to you phone. Once you received, you will key-in and VOILA.
  • You’re giving entire authority to phisher to gain access to your banking account. With worst case, ALL money shall disappear in just a matter of second without your realization even you call customer service an hour later.

Asking for TACtrick to get you enter the most confidential info

  • Request a TAC will directly asking phishing system to make a direct valid request with REAL Maybank system. This will send you a REAL TAC code to your mobile phone. Phisher expected you to complete the final step to key-in TAC at their website.

TAC request successfulwill trigger the real TAC system to send you valid TAC code

  • At such situation, they politely thanks you for co-operation in submitting all valuable information. They made you to wait 24 hours (more than enough for them to transfer out all your money out there).

After TAC key-in to their system they THANK you for such a great fool

  • Redirection made the process valid and unsuspecting. So you won’t suspect anything wrong until 24 hours later when you feel something wrong OR your sense told you something has gone wrong, shouldn’t be this way in conducting such vulnerable deal online.

Directing to the real websiteasking you to clear ALL evidence of their activities in your computer

If you’re wise enough or sensitive to their abnormal way conducting this compare to your norm banking practices, you should be able to see few things.

  1. Anonymous sender claimed to be REAL banking email
  2. Interface of usual real one and fake one … with many broken links
  3. Broken English grammar used in their website
  4. Button/key-in box looks different and badly designed

So, please learn from this email written on their attempt to FOOL you. Be aware of such scams around and read as many as security issues from technology section. It might at least help you to know what’s going on.

REMEMBER to LOGIN via their website by TYPING their address instead of CLICKING ON EMAIL if you’re so worry about your banking relationship might be ruined if no action taken from the email request.

Please remember that BANK NEVER SENDS EMAIL REQUESTING such info and you HAVE TO IGNORE or call bank customer service line to verify and checking your account status. NEVER check your account status ONLINE. CALL the banking line to verify your doubt.

That’s all for now. Thank you!