Maybank2U Phishing

Today I received an email trying to trick me into giving out my Maybank2U login and password over the internet. While this is not the first time that I received a phishing email, I think I should blog about this because most of my readers are not under the group which I shall call “hi tech” hehe. And I’m sure many of you have received or will receive this email soon.

This post is more for those who wants to know how to detect phishing site and also some ways to prevent them. For those “advanced” users, at the end of this post you can learn what you can do to stop this menace.

Ok back to the email, here’s the content :

Subject : Maybank Technical Maintenance

The following are the contents :

Dear Valued Customer,

Due to maintenance during the Sunday 12 November 2006,
The Maybank Technical Department is performing a scheduled software upgrade to improve the quality of the online banking services.
By clicking on the link below you will begin the procedure of the customer details confirmation.

Once you have updated your account records, your Maybank account service will not be interrupted and will continue as normal.

.. …

Now, for the unsuspecting users, nothing is wrong with the email, the link looks ok. But when you click on it, the site that is actually opens is

Notice the domain name? It’s not but instead

WS is the country extension for Western Samoa. On that page, you will see the following page :

bank phishing

Yes it looks exactly like Maybank2U’s page. Actually, it is the same image taken from the original page. Because of the state of the internet where you can copy almost anything online, imitating pages is too easy.

So please do not give out your password on this page. It’s like giving out your ATM numbers to some strangers.

How do you prevent being phished? Follow these advice :

  • Don’t click on any links from any email that says comes from your bank. If you want to check out for any news or information, read the next pointer
  • If you want to go to your bank’s website, always select from your bookmark or type in your bank’s address manually in your browser’s address field. If you don’t know the bank’s address, check it out from their brochures. You can also easily search it from google (just make sure you found the correct bank and not a phishing site hehe).
  • If the email says that your account is being terminated unless you click on the link, relax. They’re trying to stir up your emotion and force you to click on the link. Just call up your bank instead for confirmation.
  • If you think you’ve given up your passwords to some bad websites, call your bank immediately and tell them about it. They can reset your password and protect your account.

How do you know if you’ve been tricked into giving your passwords? Well after trying to login, you will be redirected to the login page again. If you are sure you’ve given the correct password, then the information has been recorded earlier and now they redirected you to the correct website to avoid suspicion.

Well that’s the advice from me today.

Okay so for people who detected any phishing email and website, what can you do?

If you are using Firefox 2, open up the phishing page, click on Help and select “Report Web Forgery”. Soon Google will warn people about this site and kick them out of their index.

Since I received this email under GMail, I opened the email and select “Report Phishing”. Now I feel good :)

Links :

The Star : Beware bank queries scam
Consumer Advice: How to Avoid Phishing Scams
Maybank2U :


  1. mrhenri says:

    Another thing is you can see the “lock” icon at the bottom of the browser. It contains the identity of the website. Mind you, to obtain SSL certificate is not easy as we all thought. If your spelling salah even one, you have to re-do it all over again… In this case, the SSL provider for that is doubtful, as it didn’t mention the issuer of the certificate . Valid SSL provider would be Thawte,Verisgn, to name a few.

  2. pinolobu says:

    i am not 100% sure about this, but even if the bad guys get your login id and password, they can’t transfer funds out of your account into another, unless they know you hp no and somehow impersonate you to get the TAC code.

  3. Vee says:

    :-( Malaysian will be banned forever from being clickbank affiliate lah kalau macam ni… bad impression…

  4. mrbadak says:

    pinolobu – on that page there is a field for handphone number. I think they will call the customer up and pretend to be the bank staff, and ask if they received any TAC request. If they do, then they will make up some other explanation in order for you to tell them the numbers. social engineering bah hehe.

    i think it can work on people who are not sure what’s going on and will just give the tac number.

    cuz you are right, they can’t do anything without the tac number but that won’t stop them from trying.. of course it’s harder la with this extra authentication protection… BCB/CIMB also just started this on their site…

  5. says:

    Maybank2U Phishing Part II…

    Following up on my blog post on Maybank2U phishing site, if you open the fake site using Firefox, this is what you’ll see (click on the thumbnail below to see a larger version).

    Yeay for Google and Firefox!


  6. colbert says:

    i got this early nov too. so bad man

  7. darksoft says:

    heee heee. nowdays ppl getting know a lil bit of philser. gonna do nu-style :p

  8. […] The usual trick done by them : They may be showing the real-looking link, such: but, when clicked, the actual link wasn’t as showed, instead, it rather different. The real-looking link may confuse you down to provide your information to the wrong guy. Read More. […]