Online scams have been a recurring problem since the introduction of the Internet. There are all kinds of scammers, targeting common areas such as relationships, identities, or finance. The methods used are also evolving with incredible ingenuity. As the Chinese proverb goes, “While the priest climbs a post, the devil climbs ten”.
Recently, one “devil” came up with a new method to trick a person named Azizul Osman, who shared his story of being scammed of his money on his Facebook status.
On Saturday (Jan 30), he went to check the balance in his Maybank account out of the blue. While searching for “Maybank” on Google, he clicked the link that first appeared on his screen, not realizing that the link is fake. As you can see from the pictures, it looks quite similar and it would take a very sharp eye to spot the difference.
Thus, he logged in with his password and username as usual. Then, he received a text message with a TAC number, which he keyed in without hesitation. Minutes later, he suddenly remembered that along with the TAC number, his consent would also be needed to approve transactions to other parties. Fearing the worst, Azizul quickly checked his account balance and transaction history through the Maybank2u mobile app.
His worst fears were confirmed when he saw a considerable amount of money was transferred to a Lazada account. Before he could take a screenshot as proof, his mobile account malfunctioned, forcing him to contact the Maybank call centre, where they advised him to freeze his bank account and card immediately. He then lodged a police report and waited for further updates from Maybank’s investigation. A few days later, Azizul was told that he could not get his money back as the scammer has used the money for online gaming.
He provided the fake link in his post to raise public awareness and warn others of this new tactic. Here is the link:
(((https://campaignmay2u.com/home/m2u/common/login.do)))
(DO NOT CLICK! JUST SEE, REMEMBER and AVOID IT)
The original link for the official site should look like this >> https://www.maybank2u.com.my/
He also shared the layouts of the real and fake site to help the public differentiate between the two.
The trickiest part in identifying this tactic is that the fake link appears to have a higher SEO than its real counterpart.
Azizul is not the sole victim of this tactic. Last November, another person named Hong Zhen took to Facebook to share his story. Like Azizul, he was also scammed through a fake banking link too.
He received a text message by the number, 68833 – one that is used by CIMB all the time. The message said that his username would be terminated, so he has to log in via a link for verification purposes. Needless to say, after keying in all his details and clicking the ‘Approve TAC’ button, his money vanished into thin air.
For his case, the fake link looks pretty authentic as well.
Fake: (AGAIN, DO NOT CLICK!)
Real: https://www.cimbclicks.com.my/
In conclusion, no matter what bank it is, their official website links will always end with .com.my. If you are unsure, the best way to verify it is to call the bank’s hotline before taking any action. Also, NEVER approve the TAC number unless you are making a transaction.
Be careful people! Share this out to help prevent such cases! #KitaJagaKita
WeirdKaya is on Instagram!
Source: Facebook/Azizul Osman, Hong Zhen
Editor: Raymond Chen
Proofreader: Sarah Yeoh
