Security Threats & Protection

The bank understands your constant concerns about the security and safe keeping of your online account. With the rise in online fraud, we recognize our role in culling these incidents. Here are some of the steps and precautions that we take in order to combat these threats

Impersonation Scam

Impersonation scam is a fraud initiated by a scammer pretending to be the victim’s close contact to trick the victim into sending them money.

More Info

Impersonation scam is a fraud initiated by a scammer pretending to be the victim’s close contact to trick the victim into sending them money.

How does impersonation scams work?

  • The victim will receive a message from a ‘close contact’ requesting financial assistance often due to an urgent reason.
  • The scammer will create a fake story which requires the victim to make an urgent payment.
  • Victim will be pressured to perform the payment immediately.
  • Due to panic and without further investigating, victim will transfer the money immediately to the given account number.
  • Once the funds are credited, the scammer will block all contact with the victim.
  • The victim will realize it was scam after checking with their actual close contact person.

How to avoid being scams?

  • Never disclose your personal details or bank information to anyone.
  • Stay calm, if in doubt, ask someone you trust for a second opinion.
  • Always verify the caller by asking questions that only you and the caller knows the answer to.
  • Do not perform the payment if the account holder name is different with your close contact name.
Job Application Scam

The scammer post fake job advertisement on social media platforms and untrusted job portals offering high commissions and promising profit.

More Info

Job Application Scam

The scammer post fake job advertisement on social media platforms and untrusted job portals offering high commissions and promising profit.

Modus Operandi

  • The scammers will entice you with a part-time job opening which offers good pay for doing easy tasks.
  • When you accept the offer, you will be required to deposit a specific amount of money and complete assigned tasks.
  • Once your tasks are completed, you will receive back your original amount of money plus the commission of the tasks.
  • Initially, the scammers will only return your money with commission for the first few tasks you complete.
  • As time goes on, your tasks become extensive but you will not receive the promised commissions. The scammers will come up with various excuses on your missing commissions and continues to urge you to deposit more money.

如何避免?

  • Do your research when applying for jobs on social media platforms.
  • Be on alert when the promised return sounds too good to be true.
  • Verify the details when transferring to a new recipient account.
  • Do not provide internet banking credentials to unknown sources.
  • Do not login your internet banking at unverified or untrusted platforms.

When in doubt, always check with the bank.

Loan Scam

Scammer will claim to be from a licensed money lender, offering loans with low interest rates.

More Info

Loan Scam

Scammer will claim to be from a licensed money lender, offering loans with low interest rates. Once you are committed, you will be instructed to pay various fees to improve your credit score before the loan is distributed. After you have transferred the money, the scammer will block all contacts with you and disappear with your money.
Look for these red flags

Look for these red flags:

  • No income documentation is required when applying for the loan.
  • Fast approval.
  • Low monthly installments.
  • Blacklisted are allowed to apply.

How to stay safe?

  • Don’t entertain anyone pressuring you to act immediately in order to get a good loan deal.
  • Remember to only approach banks or licensed financial institutions for loan applications.
  • Avoid money lenders that asks for upfront fees.
  • Never divulge your banking credentials to anyone.
  • Always ignore loan offers made through the internet or an unknown source.
APK Scam

Android Package Kit (APK) is generally a mobile app that you can download and install on your Android devices.

More Info

APK Scam

Android Package Kit (APK) is generally a mobile app that you can download and install on your Android devices.

1/3 The scam starts with an advertisement on social media offering a product or service that seem too good to be true. In order to claim the offer, the victim is required to download and install an APK file on to their device.

2/3 Once installed, the app will be able to record and steal sensitive data from the victim’s device such as online banking User ID, Password, and PAC SMS.

3/3 The scammers will then use this stolen information to steal the victim’s money.

Investment Scam

Always be cautious when you come across advertisements on investment schemes offering high returns with minimal risk.

More Info

Always be cautious when you come across advertisements on investment schemes offering high returns with minimal risk.

Modus Operandi

  • The scammer can seem perfectly legitimate, appearing knowledgeable on investment trends, with good testimonials and convincing marketing materials.
  • The investment scheme promises high returns within a short span of time.
  • Scammer offers you an investment opportunity that is exclusive or based on “inside” or confidential information.
  • Customer is required to perform an upfront payment into a personal bank account for investment purposes.
  • Customer will be pressured into making an investment decision due to the limited time offer.

How to avoid?

  • Do not trust ‘investment schemes’ that promises high return with minimal risk.
  • Do some research on the person offering you the investment scheme and confirm that the person is currently registered or licensed. You can check the authenticity of the investment by using the Investment Checker.
  • Do not be pressured to act quickly. Take your time to research the investment thoroughly before perform any payments.
  • Avoid transferring if the scammer asks for upfront payments or fees.
Caller ID Spoofing

A technique used by phone scammers to imitate banks and other organisations.

More Info

Caller ID Spoofing

A technique used by phone scammers to imitate banks and other organisations.

1/1 A technique used by phone scammers to imitate banks and other organisations.

Phishing Email

Victims usually receive an email disguised as a very important alert implying a sense of urgency or serious consequences should the user not respond.

More Info

Phishing Email

Victims usually receive an email disguised as a very important alert implying a sense of urgency or serious consequences should the user do not respond.

The email will come with a link that the user can click on which will then direct the user to a fake website to steal the user ID, password and PAC.

Example 1

Example 2

Example 3

Example 4

Example 5

Example 6

Example 7

Example 8

Example 9

Example 10

Example 11

Example 12

Phishing SMS

These fraudulent SMS are usually sent to unsuspecting victims informing them that they have won a prize or a contest.

More Info

Phishing SMS

These fraudulent SMS are usually sent to unsuspecting victims informing them that they have won a prize or a contest.

Introduction

Example 1

Example 2

Example 3

Example 4

Example 5

Search Engine Phishing

These scams target their victims through advertisements that appears on search results based on keywords entered.

More Info

Search Engine Phishing

These scams target their victims through advertisements that appears on search results based on keywords entered.

Introduction

Example 1

Example 2

Phone Scam

Victims will get a phone call purportedly from banks and government organisations.

View More

Phone Scam

Victims will get a phone call purportedly from banks and government organisations.

1/1 The purpose of a phone scam is to basically trick victims into revealing their banking credentials.

Malware

Malicious Software (Malware) are usually disguised as file downloads through attachments and links sent from an unknown email source or website visited.

More Info

Malware

Malicious Software (Malware) are usually disguised as file downloads through attachments and links sent from an unknown email source or website visited.

Example 1

Example 2

Example 3

Example 4

Example 5

Example 6

Example 7

Example 8

Example 9

Example 10

Example 11

Example 12

Example 12

Example 12

Example 12

Rogue App

A rogue app is a malicious app disguised as a legitimate app to include a Trojan malware.

More Info

Rogue App

A rogue app is a malicious app disguised as a legitimate app to include a Trojan malware.

Details

Online Purchase Scam

Scammers will pretend to be legitimate online sellers to lure in victims to purchase their items.

More Info

Have you come upon an amazing deal that seems too good to be true? Don’t act to hasty as there might be a scam waiting for unwary victims like you. Be a wise shopper!

 

 

Warning Signs!

  1. The product page has no reviews and no testimonials.

  2. The product price or discount offer sound too good to be true.
  3. Limited information is available for the product.
  4. The website has poor spelling or grammar.

How to avoid?

  • Do not perform any payments via unknown third party apps or websites.
  • Always look out for a website with their URL starting with ‘https’ and a closed padlock symbol.
  • Only shop on trusted and reputable websites.
  • Check the testimonials and reviews on the seller’s profile before purchase.
  • Always ensure that the online shopping platform has a refund or returns policy.
Do not obey scammer instructions

Scammers are now instructing scam victims on how to provide a fake reason that sound genuine to the Bank.

More Info

Do not obey scammer instructions.

Transaction cooling-off is a precautionary measure designed to minimise the risk of unauthorised transactions and potential fraudulent activities, ensuring your funds are safe.

However, scammers are now instructing scam victims on how to provide a fake reason that sound genuine to the Bank in order to release the on hold transaction to the scammers.

How it works

  1. The victim has already authorised a transaction to an unknown scammer account but the Bank’s security system placed the transaction on hold.
  2. In order to release the transaction, the scammer will instruct the victim to provide a fake reason to the Bank such as urgent renovation, medication, education, family support, buying goods and etc.
  3. The Bank will then process the customer’s on hold transaction as the reason given by customer sounds genuine.
  4. Unfortunately, the customer will only realize that they have been scammed after experiencing financial loss.

What to do?

  1. Stay vigilant and do not follow any instructions given by scammer/ stranger from any form of communication.
  2. Monitor your banking transactions for any discrepancies.
  3. Do not agree on performing transactions to anyone without any legitimate reason.
  4. Always verify the details when transferring to a new recipient account.

Be vigilant, Make the right decisions!

Your Protection

How we protect you online?

The bank understands your constant concerns about the security and safe keeping of your online account. With the rise in online fraud, we recognize our role in culling these incidents. Here are some of the steps and precautions that we take in order to combat these threats.

Transaction Cooling-Off Period
PB SecureSign
User ID and Password

The most basic security feature used as profile identification.
Be sure to select a strong password consisting upper and lower case letters, numerals and characters to keep your profile even more secure.

Personal Login Phrase (PLP)

PLP functions just like a secret code that would be displayed for you just before you enter your password to login.

 

Your PLP should be unique and only you would know what it is. Never divulge your PLP to anyone under any circumstances.

 

If your PLP does not match, do not key in your password and instead contact the bank immediately.

 

personal login phrase

 

PLP Registration

Step 1 - Key in your User ID and click 'Next'.

 

personal login phrase

 

Step 2 - Enter your password and click 'Login'.

personal login phrase

 

Step 3 - A pop up will then prompt you to select a PLP. Click 'Yes'.

personal login phrase

 

Step 4 - Enter your chosen personal login phrase and click 'Confirm'.

 

Tips

  • Phishing website will never be able to replicate your PLP.
  • Try to pick catchy or memorable phrases which are meaningful to you.
  • Do not use your User ID and Password for your PLP.

 

Examples of good PLPs

  • VIOSAJ2328
  • No1AsamLaksa@Penang
  • 0ldMcDonaldHad1Farm!
  • BondJamesBond007
Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) are security protocols for establishing an encrypted links between a server (website) and a client (web browser) on the internet.

SSL/TLS allows sensitive information such as your login credentials and credit card numbers to be transmitted securely. This prevents any hackers to eavesdrop or tamper your data for malicious intentions.

 

How to check if the website is secured by SSL/TLS protocols?

  1. Check the URL on the browser. Ensure it is displaying the words “HTTPS” and has green padlock icon.
    Secure Sockets Layer (SSL) / Transport Layer Security (TLS)
  2. Click on the padlock icon. This will bring up the security information of the website.
  3. Click on “Certificate/More Information” to view the SSL/TLS version, issued website, and the validity of the certificate.
    Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

 

IMPORTANT:

When you’re banking with PBe, Make sure the SSL/TLS certificated is issued to as follows:

If they are not displayed as above, close the website immediately and report to the Bank accordingly.

 

例子 (PBe 登入页面)

 

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

Real time transaction monitoring with step-up authentication (Challenge Questions)

Your online activity is constantly being monitored for abnormal or suspicious behaviour. Whenever a discrepancy is detected, a notification will be sent out to inform about the inconsistency and then further action can be taken to secure your account.

 

Challenge questions are presented to provide an extra layer of security to further authenticate your identity when you login and transact with us.

 

These three questions that you set up with your own personal answers help us verify your identity. When setting up your Challenge Questions, please ensure that you pick your questions which are personal to you so that you can remember the answers easily.

 

Steps to set up the challenge questions:

  1. After login to your account, select Profile Maintenance. challenge question
  2. In the profile maintenance page, select Manage Profile.challenge question
  3. Finally, select Change Challenge Question. challenge question

 

 These three questions that you set up with your own personal answers help us verify your identity.

 

When setting up your Challenge Questions, please ensure that you pick your questions which are personal to you so that you can remember the answers easily.

 

challenge question

PAC

PBe Authentication code or PAC is a six digit authentication code generated by the system and delivered via SMS to your registered mobile phone when performing online transactions.

 

How does PAC works?

  1. When making a transaction, ensure that the transaction details are correct. Then request for PAC.pac
  2. The PAC SMS will be sent to your registered mobile phone. The PAC SMS carries within important details regarding the transaction performed.pac
  3. Enter the PAC number sent via SMS to your mobile phone into the PAC field at the transaction screen.
    Ensure that the “Serial Number” for the PAC shown on your mobile phone correspond with the “Serial Number” shown at the PBe transaction screen before you click on the “Confirm” button.

 

Important!

  • If you receive a PAC SMS that you did not perform or where the transaction details differ, there is a strong probability that your PBe account may have been compromised. Disregard the PAC. Immediately contact us at 03-2177 3555 between 6 a.m. to 12 midnight, 7 days a week or email us at pbesecure@publicbank.com.my.
  • PAC is not required for PBe login.
SecureSign (Hard Token)

SecureSign is a digital signing service for customers to perform and approve financial transactions performed via PBe in a safe and secure manner. It offers another layer of security over your online banking account.Hard token

 

SecureSign uses a digital signing process whereby a transaction performed through PBe is approved by the authorizer(s) based on a SecureSign Code generated by the SecureSign token.

 

SecureSign uses Two Factor Authentication to verify and secure online banking transactions. The token is secured with PIN and uses advance encryption standards.

 

Post Transaction Alert

The bank will send a SMS alert whenever a transaction is made to your bank account or credit/debit card.

 

The alert will contain details of your transaction for you to review and as a notification that your transaction has been confirmed.

 

This also functions as a security feature as when you receive an alert but did not make any transaction, you will immediately know your card/account is compromised.

 

From here, you can contact the bank for further action.

post transaction alert

Account Activity Management

Automatic Time-Out

 

If you are logged in to your account and the page hasn’t received any activity after a certain period of time, your account will be automatically logged off.

 

This will significantly reduce the risk of your idle account exposed to data breach.

 

Account Activity Management

 

 

Date/Time Stamp

 

Upon logging out, an activity summary listing will be displayed.

 

The activity summary will display your login and logout time/date stamp and any transactional activity during your session.

 

You can review the summary to check if the information displayed is accurate and check for any discrepancies.

 

Account Activity Management

 

How you can protect yourself online

Online security begins and ends with you. Therefore it is crucial for you to know of the safety measures that you can make by yourself to avoid being scammed.

Here are some tips on how you can perform security checks on your end.

  • Activate and approve transactions with PB SecureSign
  • Reduce your daily transfer limits
  • Don't download any APK files
  • Don't login from downloaded APK files
Create a strong password

Using a strong password is the first security measure you can setup for your online accounts. A strong password consists of upper & lower case letters, numerals, and characters.

 

Try not to use the same password for different online accounts. This will only make it easier for hackers to compromise all your accounts.

Verify Post Transaction Notification

After the transfer is done, verify your post transaction notification to further check the details of your transaction.

 

The notification will tell you the amount of funds transferred and to whom.

 

If you receive this notification but you did not make any transaction, immediately call the bank for further action.

 

Educate Yourself

Equip yourself with all the tools to combat scams.

 

Try out our online quiz to test your knowledge or visit the Online Security page frequently to identify new threats.

 

Sign up for our newsletter and follow us on WeChat to receive constant updates. Keeping up with the latest threats enables you to identify the signs and symptoms of fraudulent attempts on your online account.

Verify PLP before entering password

Before you key in your password, always look out for your Personal Login Phrase (PLP) and ensure it is displayed correctly.

 

Do not proceed with the login procedure if the PLP does not match the one that you’ve set.

Verify PLP before entering password

 

Ensure your device is secured

Ensure all your devices are secured from threats. Install anti-virus software for your PC and browser.

 

Do not do your banking session while connected to a public Wi-Fi connection.

 

This will severely expose your device to hackers. Besides that, avoid rooting or jailbreaking your mobile device, doing so will put your device at risk.

How to identify the genuine PBe website
Verify SMS message

After the transfer is done, verify your post transaction notification to further check the details of your transaction.

 

The notification will tell you the amount of funds transferred and to whom.

 

If you receive this notification but you did not make any transaction, immediately call the bank for further action.

When in doubt report to the bank.

Have you encountered any problems regarding the security of your account such as your password or your account being compromised by hackers?

 

Or did you come across any suspicious activities such as receiving a suspicious looking email claiming to be from the bank or an SMS reporting a transaction that you didn’t perform?

 

If you are unsure on how to proceed in these situations, do not hesitate to contact the bank for help.

 

You can alert us at 03-2177 3555 between 6 a.m to 12 a.m, 7 days a week or email us at pbesecure@publicbank.com

SECURITY ALERT

Safety Banking Tips

Stay vigilant at all times

Improve your online banking protection by reading our online banking tips.

Kill Switch

If your PB account has been compromised, you may activate the "Kill Switch" function.

This extra security measure allows you to disable all features, including Online Banking , ATM Card and Credit/Debit Card instantly in order to safeguard your PB account.

Watch out for Loan Scam

Scammers will claim to be from a licensed money lender, offering loans with low interest rates. Once you are committed, you will be instructed to pay various fees to improve your credit score before the loan is disbursed. After you have transferred the money, the scammer will block all contact with you and disappear with your money.

FB Ad Scam

Public Bank is notifying all users and viewers that this is a FAKE posting on Facebook created by scammers. The Whatsapp contact number is also FAKE and does not belong to Public Bank or any of our officers. Public Bank has immediately informed and requested Facebook to remove this FAKE posting impersonating Public Bank and our officers. We advise everyone to stay vigilant to avoid being a victim to such scam. Please DO NOT call any suspicious contact number or click on any links of these fake social media postings. If you’ve been scammed, immediately call 03-2177 3555 or the National Scam Response Centre at 997 (8am-8pm daily) and make a police report. #JanganKenaScam

Public Bank Designated SMS Short Code

Effective 13 March 2024, all SMS communications from Public Bank will be delivered from the following Designated SMS Short Code: 68333 / 63232. For more information, please click view more.

Mule Account

What is Mule Account? Mule accounts are defined as intermediary accounts used to transfer funds illegally. These funds could be stolen or laundered from illegal activities.

Stay Alert on Swapping of ATM Card

To stay alert on suspicious person approaching, swapping your ATM, Debit / Credit Card & observing your PIN.

How you can protect yourself online

How you can protect yourself online

Online security begins and ends with you. Therefore it is crucial for you to know of the safety measures that you can make by yourself to avoid being scammed.