Doctor loses RM13,000 from CIMB bank account at 2am, claims no OTP required

Scams are on the rise and cybercriminals are using various tactics to gain access to online bank accounts and e-wallet accounts of Malaysians. Yesterday Dr. Rafidah Abdullah, Malaysia-based nephrologist complained on CIMB Bank’s security measures after RM13,000 was withdrawn from his account in the early hours of the morning.

According to his social media posts, three CIMB Clicks transactions were made on his account between 2:00 a.m. and 2:30 a.m., without any TAC verification. She said the situation was ridiculous and lost faith in the bank. A formal report was made with the police and the CIMB.

In a new update released this morning, she revealed that she uses an iPhone, ruling out the possibility of rogue apps often associated with downloading dubious APK files on Android. The doctor also deleted all apps and performed a device reset as an added safety measure. She also revealed that her funds had been transferred to a Hong Leong Bank account.

Afterward, she shared another update after receiving a call from CIMB. According to her post, CIMB alleged that she clicked on a link several days ago that allowed another iPhone 6 to be registered to her account, which she denied. She also asked why there was no TAC required for registering a new device and for authorizing the transfer of RM13,000 funds. Dr. Rafidah asked CIMB to strengthen its security and contact customers in case of registering a new device or changing the number.

Just before noon today, CIMB released a public service announcement reminding all customers to be vigilant and do their part to protect themselves from cybercrime. He urged all users not to share their OTP, card number, username, PIN, TAC or passwords with anyone or enter them on any website other than CIMB Clicks or their apps mobiles. They have also provided a link to their security and fraud awareness page which highlights what you can do to protect yourself online.

Unsatisfied with the response, Dr. Rafidah emphasized that security is also the responsibility of the bank and urged CIMB not to put the blame solely on customers. She also called on others to “make noise” until the CIMB reinforces their security. Dr Rafidah said innocent customers should not be blamed by the bank. She asked Bank Negara Malaysia to take appropriate action against banks that do not have SOPs or have security issues as soon as possible to protect consumers.

Rise of phishing messages and SMS

Lately, there has been a noticeable increase in fraudulent messages claiming to be from government departments, agencies and financial institutions. Just a few weeks ago, scam text messages claimed to be from MySejahtera and TNB offering cash assistance or compensation via Touch ‘n Go Wallet. The links redirect to a fake Touch ‘n Go eWallet login page designed to trick victims into providing their phone number, 6-digit PIN and OTP.

Just a few days ago, fake text messages were also reported from users claiming that their CIMB account would be locked due to abnormal activities. In order to restore their CIMB account, they would have to click on a link to “verify the anomaly”. These messages are obviously a phishing attempt and CIMB warns users to ignore the message and not click on the link.

Related Reading

Comments are closed.