Connect with us

Social Stories

BEWARE: M’sian Shares How a ‘Maid Service’ Nearly Stole RM4,860 from His Bank Account


Ft Scam
Source: Smith Ang | Facebook & The Portugal News

Follow us on Facebook, Youtube, Twitter, and Instagram for the latest stories and updates daily.

The Covid-19 pandemic has unfortunately brought about a rise in online-based scams. Notable examples include the online ‘Tengku royalty’ scam and scams involving those in search of jobs.

Recently, Smith Ang, a Malaysian took to his Facebook to inform the public of a new and innovative ‘phishing’ technique. ‘Phishing’ is a scam used to steal user data including login credentials and bank account numbers and occurs when a scammer pretends to be a trusted entity to dupe a victim into doing so.

“This is the Most Sophisticated Phishing I’ve seen so far. And it happened to me minutes ago,” said Ang.
Screenshot 148
In his post, Ang detailed his recent activities and how he almost became a victim of the scam.
Scamming through good promos of cleaning services

He wrote, “I’ve been searching for cleaners, and Facebook prompted one of the ads that caught my attention. Promotion! Who doesn’t like a good 50% promo.”


Part two: “The Hook – The power of ‘Call To Action’
After getting your attention, Ang explained how the ad brought him directly to the “vendor’s” WhatsApp.

“As you can see in the WhatsApp chat, I was asked to download an app, an APK file to be exact. Rarely do vendors ask their customers to download APK files directly.”

“Most will give you a link to the official app store. Don’t trust anyone who sends you an APK file. That doesn’t mean the official app store is safe either,” he added.


Part 3: “The Trojan”
After having installed the app, it would request permission to read his SMS. This is scary!
“Huh? Why do you need that for a maid booking app? If an app requests permission for something more than it should, then it shouldn’t,” he said.


Part 4: Intel Gathering

He added, “The app is well-built, even had its PDPA disclosure done correctly. The registration info required is name, email, password and mobile number. Upon finding the date and package I wanted, I had to key in my address.”




Part 5: The Bank

The next part involved the supposed payment process. Instead of it being the real bank, it’s actually a FAKE bank login.

“Conveniently, the credit card payment is greyed out (under maintenance) and the only option available is FPX. There are a few banks to prey on: Maybank, Affin, Public, CIMB, BSN and RHB.”

“After selecting the desired bank, a very familiar bank interface appears in front of you. If you see the Maybank UI, there is a note: ‘Note: you are in a secured site’ that replaces the usual catchphrase.”

“So when filling up the bank login details, no matter what you put in, it will always show ‘Invalid User ID or Password [Err Code: FE0067]’, now, this gibberish error code is the same for all the banks you select. Don’t tell me all the banks are using the same system developer?”




“I had a bad feeling, but I brushed it off as I was too tired,” said Ang.


Almost losing RM4,860

The very next day, Ang detailed how he had received a text message which said “RM0 PBe DO NOT share this code. DuitNow Transfer RM4,860.00 to NOORALIF SAFWA.”

“I immediately logged into my bank account, and I received the ‘Duplicate Login’ and that’s when I suspected it. Without hesitation, I sprung into quick finger mode. I was fighting for access with the intruder for the login rights.”

“Whenever I tried to change my password, it (my account) will be logged out. Years of playing speed typing games during my younger days boosted my typing speed. I won the login match and changed the password,” he said.

He then noted all the possible data of himself that the scammer would’ve gotten if it was successful.

This includes:

  • Name
  • Phone Number
  • Email Address
  • Mobile Phone
  • Address
  • Bank User ID
  • Bank Password

“This is a very sophisticated operation. Why? It preys on our weakness (got promotion ah?) and the fact that the entire scam ecosystem is well planned. From the curation of the marketing and advertisement to the almost flawless app,” he said.

“For those who are unaware, when you allow the app permission to read your SMS, this will include the incoming PAC/OTP code that your bank sends (SMS) to you for dual-factor authentication,” Ang added as a closing note.

So always beware of the possibility of falling victim to such scams. Always remember, if it feels suspicious, it probably is.


Have you ever fallen victim to an elaborate scam? Let us know in the comments.


Also read: Beware! New Scam Lures Victims With Promise Of Full-Time & Part-Time Jobs

Frustrated Man Looking At Laptop And Phone Using Whatsapp

Follow us on Facebook, Youtube, Twitter, and Instagram for the latest stories and updates daily.

Just In

Collage 35 30 Collage 35 30
News30 mins ago

“As early as 5AM” – Residents of KL Condo Line Up to Use Public Restroom After 9 Days Without Water

One day without the water supply is tough enough, let alone one week. However, residents of a condominium in KL had...

Raub Durian Thief Raub Durian Thief
News1 hour ago

Man Steals 3 Durians From Orchard, His Father Pays RM10,000 to Peacefully Settle Case

It is now durian season, and almost all Malaysians know some of the best durians, which can be found in...

Fan Made Poster Mugshot Fan Made Poster Mugshot
News2 hours ago

Ministry of Youth & Sports Clarifies That Poster With “Mugshots” of Olympic Athletes is Fan-Made

The Olympics will be held soon in Paris, and many people look forward to it. With the anticipation high, many...

Collage 35 27 Collage 35 27
News4 hours ago

PDRM: Farah Kartini Was Brought to Multiple Locations in Tanjung Malim Before Her Murder

The late Farah Kartini was brought to multiple places before she was murdered, according to PDRM. In a report by...

Crowdstrike Risk Of Phishing Crowdstrike Risk Of Phishing
News24 hours ago

“Some are exploiting the issue” – National Security Agency Warns M’sians on Crowdstrike Issue

On 19 July, many airports and offices experienced an IT outage. Later, it was revealed that the source of the...

Collage 35 26 Collage 35 26
News1 day ago

MoF: Najib Razak Has Yet to Clear His RM1.7 Billion of Income Tax Debt

Former Prime Minister Najib Razak is behind bars, but his trial is far from over, and he still has massive...

Helicopter Crash In Bali Due To Kite String Helicopter Crash In Bali Due To Kite String
News1 day ago

Helicopter in Bali Crashes After Getting Entangled in Kite Strings

On July 19, a helicopter in Bali, Indonesia, was flying when it suddenly came crashing down. According to The Jakarta...

Feat Image Ktmb Feat Image Ktmb
News2 days ago

KTMB Affected by ‘Crowdstrike’ Issue, Ticketing System & All Customer Service Channels are Down

Following the Microsoft Windows ‘Crowdstrike’ issue that has caused major service outages globally, including flight cancellations in KLIA and airports...


Latest Videos