Posts tagged bank phishing site
I found that Maybank has been hit with fake/scam/phish email much more frequent than their counterparts. Maybank, in no doubt topping my list with fourth series with this post.
Sample phishing email
You may easily fall into trap to believe this was a genuine and absolutely NO WRONG with this email by Maybank directly, am I right? The ONE Malaysia logo has further convinced the customer to trust this email.
IN FACT, big LIAR is just behind this email. Remember to be aware of such NO SUCH REQUEST or ANY EMAIL UPDATE to customer via online ever been sent by bank on profile update, investigation, immediate response or etc.
As you should aware that, WHAT THE HELL with AOL.com in the Mail-By column?
It’s freaking easy to say that it wasn’t send by Maybank.com, right? Thanks to Gmail service who able to identify where real sender network from.
SCAM … SCAM ALERT! Please DO NOT trust or give a look at this kind of email. Bank never (and never) send such email to customer AT ALL.
Sample email from scammer
There’s NO WAY online banking identification can be verified using TAC code. TAC code is used to perform transaction and any update on your banking profile. Not used for verification. Please take note.
It has been long time since I wrote my scam mail that hitting our financial industry especially for those come from email. Again, I’m not a customer of Maybank but I would like to stress the important of awareness of such threat to us. It shouldn’t taken lightly because there were million of ringgit went to this syndicate yearly and most of the time the person who suffered from this is still customer.
It has been a long time since I wrote Scam Site series. This post is the continuous post from Maybank Scam Site which I believe it would have gone by now. Never mind, as long as it could serve for educational purposes, I would rather to post it here.
In the first place, I was receiving an email requested that I should perform an activation of my new online payment system. Without any doubt, the link is available for me to click. The sender looks real and no one would ever think twice of this scam at all. ALL I DO is just a click!
I love to write about scam site. It serves the purpose of educating people not fall into such prey especially related to internet banking. Again, I’m not a customer of Public Bank. This is my third writing on banking scam site after CIMB and Maybank.
First of all, to begin the phishing, one has to receive a fake email claiming from the bank. It looks genuine though. Good job.
Wait. It’s not a good job done eventually. We read through and found that the email address verification expert @ pbebank above is without ‘t‘. Can I call this stupid attempt? Rushing perhaps?
Try to click on the link given, you will be directing to the other site similar to the genuine. You will not able to differentiate if you’re not IT literate user or active customer.
The address (URL) is changing to:
http:// www.publicplann.1free.ws/ public_access/ Public_Bank_Berhad_Internet_Banking.html
Try to key-in any user ID and password to test it out.
Upon click LOGIN button, the following screen will be display for few seconds.
Looks convincing but is it too simple to have such interface? Even first year student know how to create HTML redirection page like this.
The next screen will ask you to key-in the PAC number (will sent to your mobile phone). But the PAC only needs to key-in after 8 mins. Why? It’s because they need time to verify and login into your account from the ID and password key-in in earlier screen.
Once your real PAC number entered, scammer will have full access on your banking account.
However, PAC number entered will never be validated, and the error shown below. It serves the purpose to delay or making you unaware that you’re being scammed all the way from first screen.
You will be ask to click REQUEST PAC button. Again, a flaw with PAC is in small letter? Rushing perhaps?
To continue making you unaware, you will be bringing to this static page below forever. In fact, it will never load at all due to static page used.
Once you realized this is a prey (suspect something wrong with PAC and loading thingy), it will be too late already. Money is gone from your account.
With all these phishing, please be aware that bank will never ask you for ID and password. This kind of threat is just want to get your ID and password to transfer your money out. NEVER, NEVER let any third party know your ID and password.
Bank has been the main targets and was hit so badly recently.
I’m not a customer of Maybank. However, I would like to share one of the many scam activity going on targeting every major banks.
Below are the ways how they get your ID and password.
I received an email saying that I need to update my personal details as part of their account maintenance. They even mention about me changing my personal information recently. HELL NO! I did not call the bank, maybe others want to imitate me. By thinking this way, I may give a shot to click the link provided.
After that, proceed to login at FAKE website as shown below.
Type your ID and password together with TAC number that received via SMS mobile.
If you are using Maybank 2U Online all the while, then WHAT THE HELL 2 database server dot com is doing in the email? How on earth maybank may use external database to store information? IT literate customer may know this immediately.
If you see the THANK YOU page. Congrat, you are damn already.
Phisher at this stage already success to get your ID and password. They demand you not the login at the specific time to prevent dual login in different IPs at the same time. Dual login is easy to be detected by the monitoring tools and ID will be block after that.
What so ever, they will perform a valid login on the real banking website and perform fund transfer out to their account before you ever realize it as a scam.
Please DO NOT trust anything that you see fishy. This kind of threat is targeting the non IT savvy and easy to fall into trap. Bank was hitting so badly with phishing activity recently.