Fraud Alert: Phone Scam Targeting Public Bank Customers
Recently, the Bank received numerous enquiries from customers regarding telephone calls supposedly from the Bank on false pretext to obtain personal banking details to defraud customers.
The victim will receive a telephone call purportedly from the Bank. The caller will say that the Bank had detected large sums of money being transferred from the victim's account. The caller will then request the victim to disclose his / her banking details such as PBe User ID and Password, bank account number, ATM, Credit or Debit Card details to facilitate investigation.
The caller will convey a sense of urgency and pressure the customer to listen to their instructions or face dire financial consequences.
To make the scam even more convincing, the fraudster may use a technique known as Caller ID spoofing so that PBe Customer Support contact number, 03-2179 5000, is displayed as an incoming call on the victim's mobile phone shown below:
Always be sceptical of calls you received even it is from the Bank. If the caller asked for your personal banking information such as your Internet Banking User ID, Password, PAC code or your ATM Card Number and PIN, hang up the call immediately.
The Bank will NEVER request for personal banking details when contacting customers.
If in doubt, contact any PBB / PIBB branch or PBe Customer Support at 03-2179 5000 for assistance.
Fraud Alert: BNM Bogus E-Mail
Recently, Bank Negara Malaysia (BNM) has issued a warning on a bogus e-mail. According to the Central Bank, the e-mail using BNM's name requested the public to download an attachment.
Please be reminded that BNM and Public Bank will never request for your personal banking information be it via phone calls, SMS or e-mails.
The e-mail scam has extended to include LHDN.
Click here for more information.
Malware Targets Corporate Customers
Recently, incidents of financial malware (malicious software) targeting corporate customers have been reported by some banks in Malaysia.
How does the malware work?
PCs are infected with the malware disguised as file downloads through attachments and links sent from unknown e-mail sources or websites visited.
When the unsuspecting victim access the bank's genuine website, the malware is activated. A keylogger/spyware will capture the login credentials.
Pop-up windows seemingly from the bank requests for confidential banking information for bogus reasons e.g. security updates, system maintenance, profile updates, etc
Note: PBB will NEVER request for our customer’s confidential or banking information online for any reason.
Should it happen to PBB corporate customers, the scam is to trick the user into divulging the SecureSign token information.
Here is a possible fake scenario:
Upon clicking 'Next', the user is requested to enter the SecureSign code into the field provided.
At the same time, the fraudster had performed an unauthorised fund transfer through the genuine website with the compromised User ID and Password to an account number 2238679850 for the amount RM5,957.50 and is now awaiting the token code to complete the fraudulent transaction.
In PBB’s genuine website, the beneficiary's account, amount and SecureSign code is displayed together with the transaction details for customer's confirmation.
Phishing Through Search Engines
This is a variation of phishing e-mails. Instead of re-directing a user to a phishing website via a hyperlink embedded in an e-mail, cyber criminals are now targeting their victims through advertisement space that appears in search results based on keywords entered.
When a user unwittingly clicks on the malicious link, he or she is taken to a phishing website.
Important! The Bank’s official URL addresses are as follows:
Some samples are shown below:
The URL address in the address bar is wrong, the site is unverified. Hence, there is no green padlock and address bar.
The login fields are wrong. Currently, only the User ID login field is displayed on the first screen. The Personal Login Phrase (PLP) is only displayed for verification together with the Password field at the subsequent login page.
To learn more about phishing, click here
Beware, PAC (PBe Authentication Code) is NEVER required during the login process.
If your PBe account has been compromised, this is an attempt by cyber criminals to steal the PAC for a transaction performed by them.
Read each PAC SMS delivered to your mobile phone very carefully. If you did not perform a fund transfer, disregard the PAC and report the matter to us at 03-2177 3555 between 6 a.m. to 12 midnight, 7 days a week or email us at email@example.com.
To learn more about PAC, click here
It was recently reported in the mainstream media that a malware known as the ‘Zeus’ virus is targeting e-banking consumers’ mobile phones and tablets causing the devices to be more vulnerable to financial data theft.
The new scam works in the following manner:
While the customer is accessing the bank’s website from a PC infected with the malware (virus), a pop-up notice is displayed requesting for the customer’s mobile phone details for various reasons.
Subsequently, in an attempt to get access to the PAC SMS, a SMS is sent to the customer’s mobile phone with a download link provided.
The app shown below is fake. If it is found on your mobile phone, have it uninstalled immediately.
Please be reminded that Public Bank does not, and will never request for sensitive/confidential information from our customers online
or via e-mail, letters and telephone calls/sms. The Bank has your personal information and mobile phone number when an account was opened with us.
You are advised to exercise caution when performing your online transactions and ensure your PC and mobile devices are protected with an effective anti-virus software.
Should you encounter such prompts, please take the following actions:
Do not act on such notices. Exit the page immediately.
Set your PC to scan for the virus from the following links:
Alert us at 03-2177 3555 between 6 a.m. to 12 midnight, 7 days a week or email us at firstname.lastname@example.org for assistance.
For further information please visit