I was checking my inbox when I noticed an email from ‘Maybank’ entitled ‘Security Verification’.
Security verification? uhuh. weird.
so I opened the mail.
lets see what is it.
hm..
* maybank2u image hosted by flickr..? :suspicious:
this is the content of the message :
———————————————
Dear Maybank customer,
We are hereby notifying you that we’ve recently suffered a DDos-Attack on one of our’s Online Banking server. For security reasons you must complete the next steps to verify the integrity of your Maybank account. If you fail to complete the verification in the next 24 hours your account will be suspended.
Here’s how to get started:
1. Log in to Maybank online account (click here).
2. You must request for TAC via Maybank online banking – your TAC will be sent via SMS to the mobile phone number you registered. ( you can find the “Request a TAC” button in the Utilities menu of your account )
3. Logout from your account and close the browser.
4. When you have received the TAC (Transaction Authorization Code) on your mobile phone, go to our secured verification server and submit the requested information (Username, password and TAC). (click here) to go on our secured server.
5. Please allow 48 hours for processing.
Please comply and thanks for understanding.
© 2001-09 Maybank. All rights reserved.
***This is an automated message, please do not reply*** “
————————————————
oh yeah.. what is DDos- Attack? i’m unfamiliar with that word..
full of curiosity, i skipped the step 1-3 and go to the ‘secured verification server’
huh? “Reported Web Forgery”!
ok.. so I clicked ‘Ignore this warning’ at the bottom corner of the site. hahah 
:thumbsup:
oh yeah.. so this is the ‘secured verification site’.. let’s try it.. :drool:
ok.. so i put my ‘username’, ‘password’ and ‘TAC number’ 
..submit. yeah! 
‘your security verification has been ended’.. yeah! :thumbsup:
and I had been redirected to Maybank2u.com..
finished.. :notworthy: :notworthy: :notworthy:
if i followed step 1-3, i’m really finished
i think most of us know about this – the phishing activity.
Phishing Method
I believe the method is :
1. victim received ‘notification’ through email
2. victim login to their online bank account and get the TAC code.
3. victim submit their username, password and TAC code to the phisher.
4. the TAC code is available for 2 hours, it’s more than enough for the phisher to transfer all your money to another account.
5. done. you’re finished
*******************************
i know one person who lost almost RM20k through online banking. sheesh. i think maybe it’s the same with the method that i mentioned above. you can make a report to the police, but there’s a 99% chance you’ll never get your money back.
beware of this ‘secured verification’ or whatever the name is – or you’ll regret.
{ 28 comments… read them below or add one }
so what should we do? ignore the mail kannns..
i will offensively make some jokes with the phisher such as this…
login : ihavef**cked
password : yourmama
yeah. but some people take it seriously.
1 from 100 person will believe this trick, i believe.
hahah.
the phisher deserved it!
memang penjahat manusia zaman skang..
kita kena lebih bijak dan baca blog2 yang bg informasi mcm ni..
cthnya blog alone..
betul.. memang banyak trick skrg ni..
hehe.. yup
serious awak tryyy????
wah. if i get those kinds of email from the cimbclicks i would rather ignore it. even if it is the real email from cimbclicks. haha.
aTiQah’s last blog post..Tag Sana Sini: Versi 25 yang Rawak tentang Diri
skg nie banyak betoi org menipu. Pandai tapi x dak iman. Inilah jadinya…
Umar Abdul Rashid’s last blog post..Hello world!
huhu mmg jahat mmg jahat… wex tak suka dorang yg buat phishing mail nie…
wexeeda’s last blog post..Wizda with Wish List
takut woooo hilang dueewwwweetttt hehe
KNizam’s last blog post..Alexa Ranking KNizam.com Terkini !
haha, ak dapat jugak..tp directly masuk spam box..huhu..
izzat’s last blog post..Proton Exora is The New Proton MPV’s Name
sangat merbahaya
lydiarayyan’s last blog post..Happy Birthday
yeah phishing sites are so true that you wont be imagine that it is fake.. so be careful guys :thumbsup:
infiltrator’s last blog post..Google AdSense for domains
ish ish ish…. bahaya ni… kang tak pasal pasal… habis duit kiter… kuang ajar tol…
Adry’s last blog post..A visit to a friend shop…
seriouss..
yah. unless you’re so curious about
baik xpandai dari xdak iman.
tapi mesti la nak pandai dan ada iman
betul.. betul.. alone pun tak suka
huhu.. ya. klu ada seringgit dua xpela. hahah
yang masuk inbox tu yang bernasib baik la
selalunya phisher ni akan spam guna software yang boleh terjah inbox. dasat2x.
sangat sangat sangat. terutamanya jika anda ada duit yang banyak di dalamnya
yeah. u r right.
sometimes we check inbox in the morning and huh.. we do everything that we shouldn’t do
haha.. betul..
beringat selalu!
Aku ada dapat email ni..
Tapi mcm mana nak tahu dia tak copy username dengan password kita time kita log on tu?
Aku dh try log on, tapi tak leh.. password tak betul?? Hampeh.. aku catit tau x username dengan password aku.. takkan tak betul.. 10 kali aku cuba..
khairuddin’s last blog post..Dada
tahap security maybank2u adalah advanced. susahla nak dapat maklumat login hanya bila kita login di maybank2u yg sebenar.
apa yg phisher2 ni mahu ialah:
1 – username kita
2 – password kita
3 – no. TAC (valid dlm masa 2 jam)
langkah2 dlm post di atas, kita akan login kat akaun sendiri, dapatkan no. TAC dan kemudian bagi pula 3 maklumat yang amat penting ni ke website yang diorang bagi dlm emel tadi.
verify security la kononnya
sebenarnya maklumat yang kita masukkan tadi akan dihantar ke email phisher. dan maklumat2 tersebut akan digunakan untuk transfer duit2 dlm akaun mangsa ke akaun mereka
setel. you’re dead :down:
ala juz fill the requirement..let urself be no worry..per susah… :exclaim:
moonie’s last blog post..my froggy n baggy
haha. yep. and after fill all the requirements.. there’s no worry.
because u’ll never get ur money back..