Maybank Security Verification – A Phishing Attempt!


I was checking my inbox when I noticed an email from ‘Maybank’ entitled ‘Security Verification’.

Security verification? uhuh. weird.

so I opened the mail.

lets see what is it.


* maybank2u image hosted by flickr..? :suspicious:

this is the content of the message :


Dear Maybank customer,

We are hereby notifying you that we’ve recently suffered a DDos-Attack on one of our’s Online Banking server. For security reasons you must complete the next steps to verify the integrity of your Maybank account. If you fail to complete the verification in the next 24 hours your account will be suspended.

Here’s how to get started:

1. Log in to Maybank online account (click here).
2. You must request for TAC via Maybank online banking – your TAC will be sent via SMS to the mobile phone number you registered. ( you can find the “Request a TAC” button in the Utilities menu of your account )

3. Logout from your account and close the browser.
4. When you have received the TAC (Transaction Authorization Code) on your mobile phone, go to our secured verification server and submit the requested information (Username, password and TAC). (click here) to go on our secured server.
5. Please allow 48 hours for processing.

Please comply and thanks for understanding.

Ā© 2001-09 Maybank. All rights reserved.

***This is an automated message, please do not reply*** “


oh yeah.. what is DDos- Attack? i’m unfamiliar with that word..

full of curiosity, i skipped the step 1-3 and go to the ‘secured verification server’

huh? “Reported Web Forgery”!

ok.. so I clicked ‘Ignore this warning’ at the bottom corner of the site. hahah šŸ™„ :thumbsup:

oh yeah.. so this is the ‘secured verification site’.. let’s try it.. :drool:

ok.. so i put my ‘username’, ‘password’ and ‘TAC number’ šŸ™„ šŸ˜›

..submit. yeah! :mrgreen:

‘your security verification has been ended’.. yeah! :thumbsup:

and I had been redirected to

finished.. :notworthy: :notworthy: :notworthy:

if i followed step 1-3, i’m really finished :mrgreen:

i think most of us know about this – the phishing activity.

Phishing Method

I believe the method is :

1. victim received ‘notification’ through email

2. victim login to their online bank account and get the TAC code.

3. victim submit their username, password and TAC code to the phisher.

4. the TAC code is available for 2 hours, it’s more than enough for the phisher to transfer all your money to another account.

5. done. you’re finished šŸ™„


i know one person who lost almost RM20k through online banking. sheesh. i think maybe it’s the same with the method that i mentioned above. you can make a report to the police, but there’s a 99% chance you’ll never get your money back.

beware of this ‘secured verification’ or whatever the name is – or you’ll regret.

{ 0 comments… add one now }

Leave a Comment