Fraud Alert: BNM Bogus E-Mail
Recently, Bank Negara Malaysia (BNM) has issued a warning on a bogus e-mail. According to the Central Bank, the e-mail using BNM's name requested the public to download an attachment.
Please be reminded that BNM and Public Bank will never request for your personal banking information be it via phone calls, SMS or e-mails.
The e-mail scam has extended to include LHDN.
Click here for more information.
Malware Targets Corporate Customers
Recently, incidents of financial malware (malicious software) targeting corporate customers have been reported by some banks in Malaysia.
How does the malware work?
PCs are infected with the malware disguised as file downloads through attachments and links sent from unknown e-mail sources or websites visited.
When the unsuspecting victim access the bank's genuine website, the malware is activated. A keylogger/spyware will capture the login credentials.
Pop-up windows seemingly from the bank requests for confidential banking information for bogus reasons e.g. security updates, system maintenance, profile updates, etc
Note: PBB will NEVER request for our customer’s confidential or banking information online for any reason.
Should it happen to PBB corporate customers, the scam is to trick the user into divulging the SecureSign token information.
Here is a possible fake scenario:
Upon clicking 'Next', the user is requested to enter the SecureSign code into the field provided.
At the same time, the fraudster had performed an unauthorised fund transfer through the genuine website with the compromised User ID and Password to an account number 2238679850 for the amount RM5,957.50 and is now awaiting the token code to complete the fraudulent transaction.
In PBB’s genuine website, the beneficiary's account, amount and SecureSign code is displayed together with the transaction details for customer's confirmation.
Phishing Through Search Engines
This is a variation of phishing e-mails. Instead of re-directing a user to a phishing website via a hyperlink embedded in an e-mail, cyber criminals are now targeting their victims through advertisement space that appears in search results based on keywords entered.
When a user unwittingly clicks on the malicious link, he or she is taken to a phishing website.
Important! The Bank’s official URL addresses are as follows:
Some samples are shown below:
The URL address in the address bar is wrong, the site is unverified. Hence, there is no green padlock and address bar.
The login fields are wrong. Currently, only the User ID login field is displayed on the first screen. The Personal Login Phrase (PLP) is only displayed for verification together with the Password field at the subsequent login page.
To learn more about phishing, click here
Beware, PAC (PBe Authentication Code) is NEVER required during the login process.
If your PBe account has been compromised, this is an attempt by cyber criminals to steal the PAC for a transaction performed by them.
Read each PAC SMS delivered to your mobile phone very carefully. If you did not perform a fund transfer, disregard the PAC and report the matter to PBe Customer Support at 03-21795000 immediately.
To learn more about PAC, click here
It was recently reported in the mainstream media that a malware known as the ‘Zeus’ virus is targeting e-banking consumers’ mobile phones and tablets causing the devices to be more vulnerable to financial data theft.
The new scam works in the following manner:
While the customer is accessing the bank’s website from a PC infected with the malware (virus), a pop-up notice is displayed requesting for the customer’s mobile phone details for various reasons.
Subsequently, in an attempt to get access to the PAC SMS, a SMS is sent to the customer’s mobile phone with a download link provided.
The app shown below is fake. If it is found on your mobile phone, have it uninstalled immediately.
Please be reminded that Public Bank does not, and will never request for sensitive/confidential information from our customers online
or via e-mail, letters and telephone calls/sms. The Bank has your personal information and mobile phone number when an account was opened with us.
You are advised to exercise caution when performing your online transactions and ensure your PC and mobile devices are protected with an effective anti-virus software.
Should you encounter such prompts, please take the following actions:
Do not act on such notices. Exit the page immediately.
Set your PC to scan for the virus from the following links:
Alert PBe Customer Support at 03-21795000.
For further information please visit