KUALA LUMPUR, Aug 21 — Scams are on the rise and cybercriminals are using various tactics to gain access to online banking and eWallet accounts of Malaysians. Yesterday, Dr Rafidah Abdullah, a nephrologist based in Malaysia complained about CIMB Bank’s security measures after RM13,000 was taken out from her account in the early hours in the morning.
Amat kecewa dengan CIMB. Takkan transaksi tiga kali pada pukul 2 pagi tidak ada trigger? Mestilah scammer, Masuk ke akaun yg sama pulak tu. Tak pasal2 lesap RM13 ribu.Takkan tidak ada safety mechanism langsung? Ada sesiapa pernah mengalami masalah yg sama?
— Rafidah Abdullah (@rafidah72) August 19, 2022
According to her social posts, there were three CIMB Clicks transactions performed on her account between 2.00 and 2.30am which were completed without any TAC verification. She said the situation was ridiculous and has lost faith in the bank. A formal report was made with the police and CIMB.
In a newer update posted yesterday morning, she revealed that she’s using an iPhone which rules out the possibility of malware apps which are often associated with downloading dodgy APK files on Android. The doctor also deleted all apps and performed a device reset as an added security measure. She also revealed that her funds were transferred to a Hong Leong Bank account.
Subsequently, she shared another update after receiving a call from CIMB. According to her post, CIMB alleged that she clicked on a link several days ago which allowed another iPhone 6 to be registered to her account, which she has denied. She also questioned why there was no TAC required for registration of a new device and to authorise the transfer of RM13,000 worth of funds. Dr Rafidah demanded CIMB to step up its security and contact customers if there’s a new device registration or a change of number.
Just before noon today, CIMB posted a public service announcement reminding all customers to be vigilant and to do their part to protect themselves from cybercrime. It urged all users not to share their OTP, card number, username, PIN, TAC or passwords with anyone or to enter them on any website other than CIMB Clicks or their mobile apps. They have also provided a link to their security and fraud awareness page which highlights what you can do to protect yourself online.
Unsatisfied with the response, Dr Rafidah emphasised that security is also the bank’s responsibility and urged CIMB not to shift the blame to customers alone. She also called upon others to “make noise” until CIMB tightens their security. Dr Rafidah said innocent customers shouldn’t be blamed by the bank. She demanded Bank Negara Malaysia to take appropriate action against banks that don’t have SOP or have security issues as soon as possible to protect consumers.
Rise of phishing messages and SMS
As of late, there has been a notable rise in scam messages pretending to be from government departments, agencies and financial institutions. Just a few weeks ago, there were scam SMS claiming to be from MySejahtera and TNB offering cash aid or compensation through Touch ‘n Go Wallet. The links redirect to a fake Touch ‘n Go eWallet login page designed to trick victims into providing their phone number, 6-digit PIN and OTP.
Just a few days ago, there were also reports of fake SMS sent to users claiming that their CIMB account will be locked due to abnormal activities. In order to restore their CIMB account, they would have to click a link to “verify the abnormality”. These messages are obviously a phishing attempt and CIMB warns users to ignore the message and not to click on the link. — SoyaCincau