internet banking scam

Have you ever gotten an e-mail from your bank asking you to verify or update your information? The e-mail would ask you to click on a link that brings you to a website where you have to key-in your username and password. You do as instructed and logoff. A few days later you wanted to pay your utility bills online. You try to login but you can't, your password has been changed. You call the bank to reset your password. After several hours activation period, you are able to access your account. You try to pay your bill, the transaction can't be completed, the system alert says "Insufficient Balance". You're confused, you just got your pay a week ago, how can your balance be insufficient? You check your balance, it shows "RM 10", the minimum amount. You look at your transaction history. For the past few days several fund transfers have been done without you noticing. You've been robbed!

The above scenario depicts what can or will happen when online banking identity gets stolen. Whoever does this evil act of crime has a simple intention - to trick unassuming public like you and me into disclosing our username and password and steal our money. Lately I have been receiving a lot of these mails, some from banks I don’t even have an account with. I bet many of you have too. And I’m sure we are all smart enough NOT to entertain such e-mails.

To make the fake e-mail convincing, it often has the usual things we would expect from a legitimate e-mail:
- The bank's logo
- The bank's name as sender
- A link with the bank's name in it for you to click on

But what we usually fail to consider is that:
- Putting a bank is a logo in an e-mail is a simple cut-and-paste job
- Sender's name can always be changed
- The link in the e-mail may not match the URL of the page it leads to

Now let's see these two e-mails I received yesterday.


So-called e-mail from Public Bank





(1) Why on earth would the bank use Yahoo mail?!
(2) The link looks exactly like the bank’s real link, but let’s see what happens when I click on it…
(3) It goes here! This is NOT Public Bank’s website!



So-called e-mail from Maybank





(1) Sender's name and address look valid, but don't be fooled.
(2) The English is haywire! Grammar, punctuations and use of capitals - all sorts of childish mistakes everywhere! A reputable organization like Maybank doesn’t make these mistakes. Ever.
(3) Once again, the link looks valid, let’s try clicking on it…
(4) Well, no surprise this time, it’s NOT the bank’s website. The so-called Maybank URL at the end of the address is just there to fool you.


All in all, I would say the fake job on Maybank looks a bit more professionally executed (technical-wise, minus the English mistakes) than the one on Public Bank. Nevertheless, they are both FAKE, so BEWARE.

Just remember one thing, never ever go to your bank's website via a link from any e-mail. Always open a new window and TYPE THE ADDRESS yourself.

It may take you a minute longer, but it saves you from losing your entire life saving!

6 comments:

Siti Roffini said...

Very informative. I am one of those who would be easily taken for a ride with my limited computer knowledge. It's a wonder I've not been conned yet so far.... I think! I really don't know. I'll be extra cautious from now on.

dieya said...

glad to know you find the entry useful :-)
criminals are getting smarter nowadays *shaking head* hmmpphhh..

naf said...

macam2 cara deorg ni nak menipu.

tq for the info!

Liza said...

the more canggih the system is, the more canggin this con artish get!

Aida Rezuan said...

Dieya,

TQ for the info! I always get those emails from Maybank but fortunately have never clicked or opened any *yikes!*

dieya said...

naf,
no prob! penipu2 ni mmg tak boleh dibiarkan begitu sahaja!

k liza,
agreed! i wonder if our police force is canggih enough to tackle them..?

aida,
de nada! thank goodness u didn't, just delete them, that's what i did (after opening some and realise they are all scams!).