fbpx
Connect with us

Social Stories

BEWARE: M’sian Shares How a ‘Maid Service’ Nearly Stole RM4,860 from His Bank Account

Published

Ft Scam
Source: Smith Ang | Facebook & The Portugal News

Follow us on Facebook, Youtube, Twitter, and Instagram for the latest stories and updates daily.

The Covid-19 pandemic has unfortunately brought about a rise in online-based scams. Notable examples include the online ‘Tengku royalty’ scam and scams involving those in search of jobs.

Recently, Smith Ang, a Malaysian took to his Facebook to inform the public of a new and innovative ‘phishing’ technique. ‘Phishing’ is a scam used to steal user data including login credentials and bank account numbers and occurs when a scammer pretends to be a trusted entity to dupe a victim into doing so.

“This is the Most Sophisticated Phishing I’ve seen so far. And it happened to me minutes ago,” said Ang.
Screenshot 148
In his post, Ang detailed his recent activities and how he almost became a victim of the scam.
Scamming through good promos of cleaning services

He wrote, “I’ve been searching for cleaners, and Facebook prompted one of the ads that caught my attention. Promotion! Who doesn’t like a good 50% promo.”

Scam1

Part two: “The Hook – The power of ‘Call To Action’
After getting your attention, Ang explained how the ad brought him directly to the “vendor’s” WhatsApp.

“As you can see in the WhatsApp chat, I was asked to download an app, an APK file to be exact. Rarely do vendors ask their customers to download APK files directly.”

“Most will give you a link to the official app store. Don’t trust anyone who sends you an APK file. That doesn’t mean the official app store is safe either,” he added.

Scam2

Part 3: “The Trojan”
After having installed the app, it would request permission to read his SMS. This is scary!
“Huh? Why do you need that for a maid booking app? If an app requests permission for something more than it should, then it shouldn’t,” he said.
Scam3

 

Part 4: Intel Gathering

He added, “The app is well-built, even had its PDPA disclosure done correctly. The registration info required is name, email, password and mobile number. Upon finding the date and package I wanted, I had to key in my address.”

Scam4

Scam5

 

Part 5: The Bank

The next part involved the supposed payment process. Instead of it being the real bank, it’s actually a FAKE bank login.

“Conveniently, the credit card payment is greyed out (under maintenance) and the only option available is FPX. There are a few banks to prey on: Maybank, Affin, Public, CIMB, BSN and RHB.”

“After selecting the desired bank, a very familiar bank interface appears in front of you. If you see the Maybank UI, there is a note: ‘Note: you are in a secured site’ that replaces the usual catchphrase.”

“So when filling up the bank login details, no matter what you put in, it will always show ‘Invalid User ID or Password [Err Code: FE0067]’, now, this gibberish error code is the same for all the banks you select. Don’t tell me all the banks are using the same system developer?”

Scam6

Scam7

 

“I had a bad feeling, but I brushed it off as I was too tired,” said Ang.

 

Almost losing RM4,860

The very next day, Ang detailed how he had received a text message which said “RM0 PBe DO NOT share this code. DuitNow Transfer RM4,860.00 to NOORALIF SAFWA.”

“I immediately logged into my bank account, and I received the ‘Duplicate Login’ and that’s when I suspected it. Without hesitation, I sprung into quick finger mode. I was fighting for access with the intruder for the login rights.”

“Whenever I tried to change my password, it (my account) will be logged out. Years of playing speed typing games during my younger days boosted my typing speed. I won the login match and changed the password,” he said.

He then noted all the possible data of himself that the scammer would’ve gotten if it was successful.

This includes:

  • Name
  • Phone Number
  • Email Address
  • Mobile Phone
  • Address
  • Bank User ID
  • Bank Password

“This is a very sophisticated operation. Why? It preys on our weakness (got promotion ah?) and the fact that the entire scam ecosystem is well planned. From the curation of the marketing and advertisement to the almost flawless app,” he said.

“For those who are unaware, when you allow the app permission to read your SMS, this will include the incoming PAC/OTP code that your bank sends (SMS) to you for dual-factor authentication,” Ang added as a closing note.

So always beware of the possibility of falling victim to such scams. Always remember, if it feels suspicious, it probably is.

 

Have you ever fallen victim to an elaborate scam? Let us know in the comments.

 

Also read: Beware! New Scam Lures Victims With Promise Of Full-Time & Part-Time Jobs

Frustrated Man Looking At Laptop And Phone Using Whatsapp

Follow us on Facebook, Youtube, Twitter, and Instagram for the latest stories and updates daily.



Just In

Collage 89 Collage 89
News8 hours ago

Johor Government May Implement a 4.5-Day Workweek in the Near Future

A 4-day workweek sounds ideal, but a 4-and-a-half day workweek doesn’t sound bad either. Johoreans may be in luck next...

My Post 1 2024 11 21T160023.537 My Post 1 2024 11 21T160023.537
News9 hours ago

“UPSR get D, SPM can get A” – PMX Responds to BERSIH Giving Him a Grade D in ‘Report Card’

Prime Minister Datuk Seri Anwar Ibrahim has opened up about BERSIH’s ‘report card‘ on his administration’s performance in conjunction with...

My Post 1 2024 11 21T114442.032 1 My Post 1 2024 11 21T114442.032 1
News13 hours ago

PDRM is Offering 60% Off Selected Traffic Summons at Govt’s 2nd Anniversary Event This Weekend!

In conjunction with the MADANI government’s 2nd anniversary on 24 November (Sunday), the Ministry of Home Affairs of Malaysia (KDN)...

Collage 17 1 Collage 17 1
News1 day ago

MCPF Calls for Vape Ban, Warns Addiction to Substances Can Lead to Unhealthy Behaviours Like Theft

The Malaysian Crime Prevention Foundation (MCPF) is urging for the sale of e-cigarettes or vape devices to be banned or...

Feat Image Lesen Feat Image Lesen
News1 day ago

Anthony Loke: Road Users in M’sia May Have to Pay for Physical Driving License Cards Starting Next Year

Transport Minister Anthony Loke Siew Fook today iterated that the Government will continue with the implementation of digital driving licenses...

Collage 15 2 Collage 15 2
News1 day ago

Filipino Couple Caught Living & Working Illegally in Malaysia Using Fake MyKads That Cost RM250 Each

A Filipino husband and wife were arrested during a raid on November 19 at a house in Pandan Indah yesterday...

Feat Image Apple Ind Feat Image Apple Ind
News1 day ago

Apple Offers to Increase Investment in Indonesia Tenfold to RM446 Million to Lift Country’s iPhone 16 Series Ban

Previously, we shared how the Apple iPhone 16 Series is banned from being sold in Indonesia until the tech giant...

My Post 1 2024 11 20T144359.263 My Post 1 2024 11 20T144359.263
News1 day ago

BERSIH Names Ismail Sabri the Best PM Since 2009, Calls Out PMX for Lack of Urgency with Reforms

In conjunction with the upcoming 2nd anniversary (24 November) of Anwar Ibrahim’s administration, The Coalition for Clean and Fair Elections,...

Announcement

Latest Videos



TRENDING TODAY