Feel safe knowing how we work with you to prevent fraud and identity theft. We take that extra initiative to protect you as well as inform you on how to stay safe online.   

DOs and DON'Ts
  DOs DONT's
Protect your Personal Information
  1. In response to any calls / SMS / email, ONLY call the number on the back of your card OR refer to CIMB website to contact CIMB.

  2. Check SMS alerts and transaction activities on your statements or via CIMB Clicks regularly. In case of any unusual activity, do call the number on the back of your card immediately.
  1. Phone scam fraudsters deploy fear tactics on the phone and ‘role-play’ to induce you to share your card number / User ID / PIN / password / TAC.

    Do not panic. Always call the number on the back of your card to verify with CIMB.

  2. Never take instructions from anyone to share your TAC or change your mobile number on ATM to any number other than your own mobile number.
Protect your Internet Banking / CIMB Clicks Details
  1. On CIMB Clicks, look for your chosen ‘Secureword’ after keying in your User ID (fake/bogus websites will not display your chosen ‘Secureword’).

  2. To access CIMB Clicks, type the entire URL as below: www.cimbclicks.com.my

  3. Ensure your mobile device is always updated with the latest Operating System [OS]. Stay alert for updates released by your OS/device manufacturer.
  1. Do not click on links or open email attachments from unknown / unreliable senders/sources.

    Emails from CIMB will always end with @cimb.com such as cimb.marketing@cimb.com.

  2. Do not enter 'User ID', 'Password' or 'TAC' outside CIMB Clicks.

    Outside CIMB Clicks, CIMB will not ask for your ‘User ID’, ‘Password’ or ‘TAC’ under any circumstances.
Safeguarding your Cards & PIN
  1. Keep your cards and PINs in a safe place.

  2. Cover the keypad with your other hand while keying in your PIN at an ATM or at a Point-of-Sale (POS) terminal.

  1. Don’t write your PIN anywhere which is easily accessible to anyone.

  2. Never use easy-to-guess Card PINs such as date of birth.


TAC: Transaction Authorisation Code

Access your bank account from anywhere.

Just safeguard your details everywhere.

Pay bills conveniently at our ATMs.

Just pay attention to your surroundings.

Receive banking updates via emails.

Just be cautious of its source.

Take our call at your available time.


Just check if the number is official.

Phone Scam
Phone Scam

SMS Scam
SMS Scam

Email Scam
Email Scam

Watch the video below and read on for more details to safeguard yourself from frauds / scams.


Beware of financial scams promising unrealistic high returns. If it sounds too good to be true, it probably is. Do not be a scam victim. When in doubt, please call BNMTELELINK at 1-300-88-5465

Illegal Forex scam (ENG)
Illegal Forex scam (ENG)


Guard yourself against fraudulent look-alike sites. SecureWord is an additional authentication layer used by CIMB Clicks Online Banking to verify that the login page is a genuine CIMB Clicks site. Make sure to check the SecureWord before keying in your password.

Multiple Factor Authentication for TAC


Transaction Authorisation Code (TAC) is a unique 6-digit code sent via SMS to your mobile phone or via Messenger in CIMB Clicks mobile app for transaction authentication use.

Protect Yourself Online

Protect yourself and your computer/mobile devices!


Important things you can do to protect yourself and your computer/mobile devices.

At CIMB Clicks, we are committed to your online security and peace of mind. We use multiple layers of security to ensure that your Online Banking sessions are protected by a high level of security. However, you also play an important role in safeguarding your computer/mobile devices and your online information. Below are the recommended things to do to keep your money where it should be.

Install anti-virus and anti-malware

Protect your devices from virus and malware by installing anti-virus and anti-malware software. To maximise your protection, update them regularly to make sure you always have the latest virus definition.

Avoid rooting or jailbreaking your mobile devices

It is not advisable to use CIMB Clicks App on a rooted or jailbroken device as they are more vulnerable to fraudulent attacks. A rooted or jailbroken device have minimal security, making it easier for fraudster to gain access to your personal details and other information stored or transmitted through your device and might result in illegally using it to perform transactions such as funds transfer.

Install a personal firewall


Firewall software and/or hardware helps provide a protective shield between your computer/mobile devices and the Internet. This barrier can help prevent unauthorised people gaining access to your computer/mobile devices, reading information from it or placing viruses on it while you are connected to the Internet.

Install anti-spyware software


Spyware is a general term for hidden programs on your computer/mobile devices that track what you are doing on your computer/mobile devices. Spyware is often bundled together with file sharing, email virus checking or browser accelerator programs, and it is installed on your computer/mobile devices without your knowledge to intercept information about you and your computer/mobile devices. The type of information gathered can include personal Internet usage, and in some instances, confidential data such as passwords. You can download and run a specialist program designed to help identify and remove threats from spyware. Like an anti-virus program, it also needs to be regularly updated in order to recognise the latest threats.

Keep your browser and operating system up-to-date


From time to time security weaknesses or bugs are found in browsers and operating systems. Usually 'Service Packs' are issued by the software company to make sure these are fixed as quickly as possible. You should make regular checks on your software vendor's website and apply any new security patches as soon as possible to ensure you have the most updated security features available.


Avoid running programs or opening email attachments from any source you do not know or trust


You should not install software or download any files from websites (e.g. programmes, games, screensavers) that you aren't completely sure about. We also recommend that you scan all email attachments for viruses and avoid opening any from people or organisations that you do not know or trust. However, some virus may forward infected email to everyone in an address book. Therefore, you can also get an infected attachment from someone you know. If you are not sure what is in the attachment, do not open it.


Important note: CIMB Bank or CIMB Clicks will never send you an email asking you to reconfirm or revalidate your Online Banking information via email or any links from an email. If you have received this sort of email, please contact us immediately at +603 6204 7788.

Be cautious when using public or shared computers/networks


If you access your accounts using a computer in a cyber café, a library or your workplace, try to ensure the computer has the latest anti-virus, firewall, anti-spyware and browser software installed. Although Wi-Fi is a convenient way for you to go to the Internet, it is not advisable to access your account via Wi-Fi connection, especially in public places like airports, hotels or shopping malls.


For more information with regards to online safety, you can visit CyberSecurity Malaysia at http://www.cybersafe.my.

Please click here to read more about malware protection.



It is advisable to to download the latest anti-virus and scan your devices regularly. This is to ensure that your online financial transactions are not performed using infected devices. Please stay vigilant when banking online. You may also refer to Cyber Security Malaysia for further action on infected machines. Please call us immediately at +603 6204 7788 or email to callcentre@cimb.com.

Types of Fraud


Malware stands for Malicious Software. It can be viruses, trojans, and spyware to "PC Optimization" programs that harm your electronic devices.


For even more detailed information about malware and protecting your electronic devices, click here.


For more guidelines on Malware Prevention, please refer to press release from Cyber Security, click here.


What is 'Phishing'? 'Phishing' is a type of identity theft where criminals blast emails to a mass audience in their malicious attempt to bait you into fake websites.


You'll then be asked to disclose confidential financial and personal information, passwords, credit card numbers along with any other highly confidential questions.

SMS/Phone Call Scam

Customer receives an SMS or a call requiring him/her to call a given number to confirm a transaction involving customer's credit card or account information.

Money Muling

For fraudsters, transferring stolen funds directly into their accounts would make their whereabouts and activities be easily traced by law enforcement agencies. In efforts to stay under the radar, money mules are recruited or used to help facilitate the movement of funds to the criminals. In other words, money mules are used specifically to receive and transfer out stolen money.


Fraudsters will try to recruit customer to use their personal banking account as intermediary account by promising them rewards. Recruitment will normally be promoted via social media, chat sessions or even newspaper ads offering work-from-home job offers.

Security Alert

Stagefright Bug


A vulnerability is found on Android devices affecting almost 95% of its users. Attacker can exploit this bug through MMS (a type of message which can include text, sound, images and video) which allows them to take control of your device.


Tips to prevent being attacked:

  • Ensure you have the latest Android upgrade/patch installed.
  • Disable auto-retrieval of MMS.

Dridex Malware


Dridex operates by first arriving on a user's computer as a malicious spam email with a Microsoft Word document attached to the email. If the user opens the document, a macro embedded in the document will trigger a download of the Dridex banking malware, enabling it to first steal banking credentials and then attempt to generate fraudulent financial transactions.

DYRE Malware


A new variant of malware known as 'DYRE' is targeting online banking customers. The malware started from phishing emails. Hence, please do not respond or click on any hyperlink in an email to access to your Online Banking websites. Phishing email aims to steal your Online Banking User ID and Password.


These may be some of the signs that your computer could be infected by ‘DYRE’:

  • You are prompted to enter your User ID and Password repeatedly.
  • Your computer seems to be running very slowly compared to usual.
  • Unfamiliar screen after you login to your Online Banking site.

Please click here to read more about malware protection.



It is advisable to to download the latest anti-virus and scan your devices regularly. This is to ensure that your online financial transactions are not performed using infected devices. Please stay vigilant when banking online. You may also refer to Cyber Security Malaysia for further action on infected machines. Please call us immediately at +603 6204 7788 or email to callcentre@cimb.com.

Security Policy