Doctor loses RM13,000 from CIMB bank account, claims no OTP required
A Malaysian-based nephrologist complained about CIMB Bank’s security measures yesterday after RM13,000 was withdrawn from her account in the early hours of the morning. — Stock Photo SoyaCincau
Sunday August 21, 2022 09:27 GMT
KUALA LUMPUR, August 21 — Scams are on the rise and cybercriminals are using various tactics to gain access to online bank accounts and e-wallet accounts of Malaysians. Yesterday Dr. Rafidah Abdullah, Malaysia-based nephrologist complained on CIMB Bank’s security measures after RM13,000 was withdrawn from his account in the early hours of the morning.
Amat kecewa dengan CIMB. Takkan transaksi tiga kali pada pukul 2 pagi tidak ada trigger? Crook Mestilah, Masuk ke akaun yg sama pulak tu. Tak pasal2 lesap RM13 ribu.
Takkan tidak safety mechanism ada langsung? Ada sesiapa pernah mengalami masalah yg sama?
— Rafidah Abdullah (@rafidah72) August 19, 2022
According to her social posts, there were three CIMB Clicks transactions made on his account between 2:00 and 2:30 a.m. which were done without any TAC verification. She said the situation was ridiculous and lost faith in the bank. A formal report was made with the police and the CIMB.
In a new update posted yesterday morningshe revealed that she used an iPhone, which rules out the possibility of malicious apps often associated with download dubious APK files on Android. The doctor also deleted all apps and performed a device reset as an added safety measure. She also revealed that her funds had been transferred to a Hong Leong Bank account.
Afterwards, she shared another update after receiving a call from CIMB. According to her post, CIMB alleged that she clicked on a link several days ago that allowed another iPhone 6 to be registered to her account, which she denied. She also asked why there was no TAC required for registering a new device and for authorizing the transfer of RM13,000 funds. Dr. Rafidah asked CIMB to strengthen its security and contact customers in case of registering a new device or changing the number.
Just before noon today, CIMB posted a public service announcement reminding all customers to be vigilant and do their part to protect themselves from cybercrime. He urged all users not to share their OTP, card number, username, PIN, TAC or passwords with anyone or enter them on any website other than CIMB Clicks or their apps mobiles. They also provided a link to their security and fraud awareness page which highlights what you can do to protect yourself online.
Unsatisfied with the response, Dr. Rafidah emphasized that security is also the responsibility of the bank and urged CIMB not to put the blame solely on customers. She also called on others to “make noise” until the CIMB reinforces their security. Dr Rafidah said innocent customers should not be blamed by the bank. She asked Bank Negara Malaysia to take appropriate action against banks that do not have SOPs or have security issues as soon as possible to protect consumers.
Rise of phishing messages and SMS
Lately, there has been a noticeable increase in fraudulent messages claiming to be from government departments, agencies and financial institutions. Just a few weeks ago there was sms scam claiming to be from My Sejahtera and TNB offering cash assistance or compensation through Touch ‘n Go Wallet. The links redirect to a fake Touch ‘n Go eWallet login page designed to trick victims into providing their phone number, 6-digit PIN and OTP.
Just a few days ago, fake text messages were also reported from users claiming that their CIMB account would be locked due to abnormal activities. In order to restore their CIMB account, they would have to click on a link to “verify the anomaly”. These messages are obviously a phishing attempt and CIMB warns users to ignore the message and not click on the link. — SoyCincau