fbpx
Connect with us

Social Stories

BEWARE: M’sian Shares How a ‘Maid Service’ Nearly Stole RM4,860 from His Bank Account

Published

Ft Scam
Source: Smith Ang | Facebook & The Portugal News

Follow us on Facebook, Youtube, Twitter, and Instagram for the latest stories and updates daily.

The Covid-19 pandemic has unfortunately brought about a rise in online-based scams. Notable examples include the online ‘Tengku royalty’ scam and scams involving those in search of jobs.

Recently, Smith Ang, a Malaysian took to his Facebook to inform the public of a new and innovative ‘phishing’ technique. ‘Phishing’ is a scam used to steal user data including login credentials and bank account numbers and occurs when a scammer pretends to be a trusted entity to dupe a victim into doing so.

“This is the Most Sophisticated Phishing I’ve seen so far. And it happened to me minutes ago,” said Ang.
Screenshot 148
In his post, Ang detailed his recent activities and how he almost became a victim of the scam.
Scamming through good promos of cleaning services

He wrote, “I’ve been searching for cleaners, and Facebook prompted one of the ads that caught my attention. Promotion! Who doesn’t like a good 50% promo.”

Scam1

Part two: “The Hook – The power of ‘Call To Action’
After getting your attention, Ang explained how the ad brought him directly to the “vendor’s” WhatsApp.

“As you can see in the WhatsApp chat, I was asked to download an app, an APK file to be exact. Rarely do vendors ask their customers to download APK files directly.”

“Most will give you a link to the official app store. Don’t trust anyone who sends you an APK file. That doesn’t mean the official app store is safe either,” he added.

Scam2

Part 3: “The Trojan”
After having installed the app, it would request permission to read his SMS. This is scary!
“Huh? Why do you need that for a maid booking app? If an app requests permission for something more than it should, then it shouldn’t,” he said.
Scam3

 

Part 4: Intel Gathering

He added, “The app is well-built, even had its PDPA disclosure done correctly. The registration info required is name, email, password and mobile number. Upon finding the date and package I wanted, I had to key in my address.”

Scam4

Scam5

 

Part 5: The Bank

The next part involved the supposed payment process. Instead of it being the real bank, it’s actually a FAKE bank login.

“Conveniently, the credit card payment is greyed out (under maintenance) and the only option available is FPX. There are a few banks to prey on: Maybank, Affin, Public, CIMB, BSN and RHB.”

“After selecting the desired bank, a very familiar bank interface appears in front of you. If you see the Maybank UI, there is a note: ‘Note: you are in a secured site’ that replaces the usual catchphrase.”

“So when filling up the bank login details, no matter what you put in, it will always show ‘Invalid User ID or Password [Err Code: FE0067]’, now, this gibberish error code is the same for all the banks you select. Don’t tell me all the banks are using the same system developer?”

Scam6

Scam7

 

“I had a bad feeling, but I brushed it off as I was too tired,” said Ang.

 

Almost losing RM4,860

The very next day, Ang detailed how he had received a text message which said “RM0 PBe DO NOT share this code. DuitNow Transfer RM4,860.00 to NOORALIF SAFWA.”

“I immediately logged into my bank account, and I received the ‘Duplicate Login’ and that’s when I suspected it. Without hesitation, I sprung into quick finger mode. I was fighting for access with the intruder for the login rights.”

“Whenever I tried to change my password, it (my account) will be logged out. Years of playing speed typing games during my younger days boosted my typing speed. I won the login match and changed the password,” he said.

He then noted all the possible data of himself that the scammer would’ve gotten if it was successful.

This includes:

  • Name
  • Phone Number
  • Email Address
  • Mobile Phone
  • Address
  • Bank User ID
  • Bank Password

“This is a very sophisticated operation. Why? It preys on our weakness (got promotion ah?) and the fact that the entire scam ecosystem is well planned. From the curation of the marketing and advertisement to the almost flawless app,” he said.

“For those who are unaware, when you allow the app permission to read your SMS, this will include the incoming PAC/OTP code that your bank sends (SMS) to you for dual-factor authentication,” Ang added as a closing note.

So always beware of the possibility of falling victim to such scams. Always remember, if it feels suspicious, it probably is.

 

Have you ever fallen victim to an elaborate scam? Let us know in the comments.

 

Also read: Beware! New Scam Lures Victims With Promise Of Full-Time & Part-Time Jobs

Frustrated Man Looking At Laptop And Phone Using Whatsapp

Follow us on Facebook, Youtube, Twitter, and Instagram for the latest stories and updates daily.



Just In

Feat Image Death Feat Image Death
News3 hours ago

18yo Teen in Penang Dies from Electrocution While Charging His Smartphone Using Socket on Express Bus

A teenager has tragically died in Butterworth, Penang, after he was electrocuted while charging his smartphone using a socket onboard...

Feat Image Twin Tower Feat Image Twin Tower
News6 hours ago

M’sian Activist Urges KLCC Twin Towers be Renamed “Sabah & Sarawak” in Honour of The Borneo States

Malaysian activist and founder of Saya Anak Sarawak (SAS) Peter John Jaban has urged for the KLCC Twin Towers to...

Collage 13 Collage 13
News7 hours ago

“They’ve been here over 3 months” – Foreign Beggars at Johor Pasar Malam Make up to RM12,000 a Month

Foreign beggars are making up to RM12,000 a month at a night market in Johor. In an official statement by...

Feat Image Parking Fine Feat Image Parking Fine
News8 hours ago

M’sian Vehicle Owners with Unpaid Parking Fines Face CTOS Blacklist as They’re Now Added to The System

The Miri City Council (MCC) has introduced a new measure to ensure that vehicle owners in Sarawak’s second-largest city adhere...

Feat Image Arrest Feat Image Arrest
News9 hours ago

Thai Police Arrests Famous Kelantanese Female Celebrity at Golok Hotel for Possession of 6,000 Meth Pills

A popular Kelantanese female singer was arrested by the Thai Police at a hotel in Golok, Narathiwat, north of the...

Collage 12 Collage 12
News11 hours ago

Kelantan Govt Says Cinemas in the State Must Play Movies With Lights On to Prevent ‘Unhealthy’ Activities

After a few decades, Kelantan remains one of the states in Malaysia that don’t have cinemas. The state government, however,...

Feat Image Indo Ban Pixel Feat Image Indo Ban Pixel
News1 day ago

“Who’s next?” – After Apple iPhone 16 Series, Indonesia is Now Banning Google Pixel Smartphones in The Country

Previously, we shared how Apple’s latest flagship smartphone series, the iPhone 16 Series, is currently banned from being sold in...

Feat Image Bnm New Rule Feat Image Bnm New Rule
News1 day ago

Bank Negara Now Requires All Money Changers in Malaysia to Record Full Name & IC Number of Customers

If you’re planning on visiting your local authorised money changer before that overseas trip to change Malaysian Ringgit banknotes to...

Announcement

Latest Videos



TRENDING TODAY