Security Awareness

Last updated: 11 Oct 2022


Easy Pay Transfers Sdn Bhd (1207100-T) (“Easy Pay”, “us”, “we”) values your trust in us and strive to maintain the security and confidentiality of information that you provide to us, whether or not you are an Easy Pay customer (“Customer”), a customer who has signed up for our website or a visitor onto our website (“Visitor”). Easy Pay is committed to protect every individual’s privacy and security. Easy Pay sharing the security tips and steps for you to stay safe. While Easy Pay is always there to protect you with industry-leading security, there are additional security tips and preventive steps you can learn more to protect yourself and stay safe online.

About Fraud

Fraud is an intentional act of deception involving financial transactions for purpose of personal gain. Fraud is a crime, and is also a civil law violation.

About Scam

A scam is where you’re tricked into making a payment to a criminal’s account. Scammers impersonate bank, retailer, business partner and official organisations using emails, phone calls and texts that look and sound genuine.

1.What is a Phishing Scam

Email phishing uses the same method as SMS where the fraudsters send links to the victims while impersonating legitimate entities. However, these links are sent via emails and will be sent out to as many email addresses as possible.

By clicking on the link given through the email, you are led to a malicious website to fill in your private information, and/or your phone/computer will be exposed to malware and viruses that the fraudster can use to gain your personal banking credential.

1.1 Emails that encourage you to click on the website links contain poor English and grammatical errors.
1.2 Emails that include instructions to reply, or verify your account – like completing a form attached.
1.3 Emails that rush you to take urgent actions with threats to close down your account.
1.4 Emails that ask you to provide your personal banking credential.

• Do not click
Do not click on links or open any attachments received from unknown parties.
• Study the email
Always read the email to identify grammatical or spelling errors and if suspicious, call your bank to verify if the email originates from them.

2.What is a Vishing Scam

Phone call phishing, also known as vishing, happens when the fraudsters call the victims and trick the victims into divulging their personal information by impersonating as authorities or experts, and claiming they are trying to help the victims.

2.1 You are told to press a number on your keypad to speak to a customer service representative who is actually another fraudster.
2.2 They rush you into taking actions (so that you will panic) by claiming you are in a tight position.
2.3 They will persuade you to transfer your money into a “safe account” with an unknown beneficiary to “assist” with the ongoing investigation and to safeguard your money.
2.4 They ask you to give your personal and financial information.

• Be wary
Be aware that no authorities or banks will ever ask you to provide your full debit/credit card details, online banking credentials or ID number etc.
• Check authenticity
When in doubt, contact your bank or the organisation to verify the call.
• Take correct actions
Decline call from unknown numbers at all times and inform your bank if you have divulged your information.

3.What is a Smishing Scam

SMS phishing, also known as smishing, is when you receive a text message claiming to be from a legitimate company or bank insisting you click on the link in the text that will lead you to a malicious website for you to provide your personal credentials or call the number given. Through this, the fraudsters will be able to obtain all of your personal information.

Even if you do not divulge your details after you click on the link provided, there are high chances you have been exposed to a malware or malicious software, which will install itself into your phone and trick you into entering your personal information and sending this data to the fraudsters.

3.1 SMS are often sent from unknown mobile numbers with embedded links.
3.2 SMS requesting to verify a transaction.
3.3 SMS trying to look genuine by copying the message format sent from a bank with the addition of an embedded link.

• SMS are often sent from unknown mobile numbers with embedded links.
• SMS requesting to verify a transaction.
• SMS trying to look genuine by copying the message format sent from a bank with the addition of an embedded link.

4.What is Impersonation Scam

Beware of scammers who impersonate as Easy Pay Transfers’s (EPT) officers to solicit for deposits, or offer investment opportunities with exceptionally high returns via phone call, text messaging or social media platforms.

Always stay on the alert and ignore such scam attempts. We would like to reassure you that EPT’s employees will never request you to disclose your account details or personal identification (PIN) numbers over phone calls, text messages, social media platforms or emails.

• Always ask the sender or the caller to identify themselves (for example, request for their names, employee identification number) and call EPT general line for verification.
• Do not call phone numbers, click on URL links, or scan QR codes in unsolicited emails, SMSes, or messages via other messaging applications
• Never disclose your personal or internet banking details to anyone

5.What is TAC Scams

Scammers would usually call the victim and say that they registered the wrong mobile number and that their TAC (Transaction Authorisation Code), also known as OTP (One Time Password) was accidentally sent to the victim instead.

TAC (Transaction Authorisation Code), also known as OTP (One Time Password) is an online/mobile banking security feature to protect your account from unauthorised use. A TAC will be sent to you via SMS to your registered mobile phone number to verify that you are the rightful person performing the transaction.

5.1 Scammers will first try to get hold of the account holder's online banking username, password and contact details.
5.2 Once they have the above information, they will still require the TAC generated from the account holder's mobile phone to perform online transfer.
5.3 To get the TAC, the scammers would contact the genuine account holder and dupe him or her into revealing the TAC via phone call by convincing him or her that they have wrongly registered the genuine account holder’s mobile number as theirs.
5.4 The unsuspecting account holders would reveal the TAC to the scammers, who would then use it to start transferring money from the account.

• Never reveal your personal online banking details such as username, password or bank account information including your TAC to anyone anyone even if the party requesting for such information claims to be from financial institution, Bank Negara Malaysia or other authorities.

6.What is Mule Account

A mule account is when an individual or company allows their bank account to be controlled and used by criminals by handing over an automatic teller machine (ATM) card (PIN number) or provide an online banking password to criminals to receive money from fraudulent activities.

6.1 Fraudsters contact potential victims via emails, chat rooms, job websites or blogs, and persuade them to receive money into their bank accounts, in exchange of attractive commissions.
6.2 The fraudsters then transfer the illegal money into the money mule’s account.
6.3 When such frauds are reported, the money mule becomes the target of police investigations.
6.4 The money mule is then instructed to transfers the money to another money mule’s account.

• Do not share your personal banking details or allow anyone access to your bank account.
• Do not help anyone to receive funds from and/or transfer funds to third parties using your bank account.
• Do not accept lucrative job offers that promise fast returns which requires you to hang over your ATM card and/or online banking login and password.
• Do not be deceived by the mule account scam syndicate’s promise of lucrative returns.

7. What is a B.E.C. (Business Email Compromise) Scam

They prey on the business relationship you have with your partners and customers to steal information or for financial gain. The scammers may target and defraud your business through email scams.

Common type of BEC variation involves impersonating or hacking into vendor accounts to trick the victim. The email to the victim is usually supported with fake invoices or an excuse to change bank transfer details to deposit funds for services and products that are never delivered.

7.1 In a BEC scam, criminals send an email message that appears to come from a known source making a legitimate request. These scams target businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. Such scams usually target individuals who have the easiest access to company funds.
7.2 Before BEC attacks begin, fraudsters collect corporate data through various sources that are publicly available like social media and buying credentials in the dark web to identify targets. Social engineering techniques such as vishing and phishing are also used as baits to solicit company information.
7.3 Some of the tactics applied in BEC scams are CEO or founder frauds where you receive emails that are sent from a fraudster impersonating the CEO of your known associate.

• Verify any changes
Make sure you call and verify any emails that come to you with requests to change the already existing process.
• Dual control
Ensure you have practice dual control to further make sure your transaction is getting validated from the maker to the approval.
• Train employees to recognise BEC attacks
Ensure employees are adequately trained on cybersecurity threats and the best practices. For example, not to entertain emails by unknown third parties and pay close attention to third party emails with abnormal or uncharacteristic patterns of language and content.

8.What is a Macau Scam

It is a scam where people impersonate law enforcement agencies to obtain your personal banking credential.

8.1 During the conversation, they will transfer your call to unknown parties claiming to be law enforcement agencies or other investigating authorities.
8.2 Scammers will try to make you panic by claiming you are involved in an ongoing investigation and request that you follow their instructions which involves moving your fund into 3rd party/unknown accounts.
8.3 They will demand for your personal banking credential.
8.4 Scammers will insist you to 'keep it quiet' and not tell anyone about the call.

• Stay calm and think
Take your time and think about every action they ask you to do.
• Ask questions
Ask the caller to identify you. Ask as many questions as possible.
• Call your bank
If you think you might have responded to unknown parties, please call your bank immediately.
• Share with others
Don’t keep it to yourself. Share with your family and friends.
As a reminder, EasyPay will never direct you to a website asking for your personal banking details, including OTP or Card PIN.