If your computer is infected with malware, it will be able to capture your User ID, password & TAC while you browse any online banking site.
A pop up will appear to trick you into keying in your mobile number and operating system. DO NOT proceed further!
If you have entered the above info, you will receive an SMS with malicious link that will install malware into your smartphone and it will be able to steal your SMS TAC.
Perform and anti virus/malware scan to both your computer and mobile devices. DO NOT perform any online transactions if you have encountered any of the above.
Do not click on adware or suspicious URL sent through SMS/messaging services. Malicious program could be attached to collect user's information.
Do not use public wifi networkds for bank transactions and turn off Bluetooth connection when not in use. These can be open windows for eavesdroppers intercepting the transaction or installing spyware and other malware on user's computer/mobile devices.
Do not enter TAC for activities which you did not initiate.
Do not open unknown or suspicious attachments in emails, even if they are from senders you know.
Do not plug your USB stick into just any computer.
Do not save your Online Banking login details on a public computer.
What you have to do
Checking your transactions regularly.
Verify an app's permission and author or publisher before installing it.
Safeguarding your personal details.
Always run a reputable anti-virus on your computer/mobile devised, and keep it up-to-date regularly.
Update the operating system and applications on your computer/mobile devies, including the browser, in order to avoid any malicious exploits of security holes in outdated versions.
Changing your password periodically.
Since URL on mobile site appears differently from desktop browser, make sure to verify it first.
Example of displayed pages in sequence on victim's device
Using a malware-infected computer, the attacker can inject fake content while the user is browsing a legitimate online banking website.
Upon clicking the 'Continue' button, user will be prompted for his mobile operating system and mobile number.
Once customer clicks 'Send SMS' button, an sms with a malicious link asking to install the fake app will be sent to infect the smartphone.
If it’s installed, the malware will be able to steal the TAC.
This link is provided for your convenience only and shall not be considered or construed as an endorsement or verification of such linked website or its contents by CIMB Bank.
CIMB Bank makes no warranties as to the status of this link or information contained in the website you are about to access.