I found this information very useful from HSBC. Yet many people still fall into it because either they are very careless or ignorant.
How Scammers works?
Scammers are sending deceptive links disguised as messages from trusted parties like telcos, banks or courier companies. These notifications often urge you to click on a link to ‘Verify Your Account’, ‘Track Your Delivery’, or ‘Claim Your Reward Points’ – but they’re designed to steal your personal and financial details.
| Case scenario: |
| Mr T.an received a text message claiming to be from a courier company, informing that his parcel failed to be delivered due to address issue. The message asked him to make a small redelivery fee of RM1.50 via a link provided. Believing the message to be genuine, Mr. Tan tapped on the link, which led to a website that looked like a legitimate courier company website. He entered his credit card number, expiry date, and CVV to make the payment. Moments later, he received an SMS OTP from his bank to authorize the transaction. Without reading the full message, Mr. Tan copied and pasted the OTP into the website, thinking it was for the RM1.50 transaction. In reality, the scammer had used his credit card details to make large amount transaction, and the OTP that Mr. Tan entered into the website is to authorise this large amount transaction. What went wrong? • The link was phishing link created by scammer — a fake website mimicking a real one. • The credit card details were harvested in real-time and misused. • Mr. Tan did not read the full SMS OTP, which clearly stated a different transaction amount to a different merchant. |
Protect yourself: dos and don’ts
| DON’T: |
| • Click on links in unsolicited SMS or WhatsApp messages claiming to be from any trusted/authorised parties such as banks, telecommunication companies, courier companies, or even government agencies. • Enter your card number, expiry date, or CVV on the links/ websites provided in SMS or WhatsApp messages. • Copy and paste a one-time password (OTP) without carefully reading the full SMS message containing the OTP. |
| DO: |
| • Always read the entire SMS message containing the OTP before entering the OTP. Make sure the transaction amount and merchant name match your intended transaction. • Verify the website or contact the company directly using official channels if you’re unsure. • Enable transaction alerts and monitor your card activity regularly. |
