You Are In

  • Life Goals
  • Day To Day Banking
  • Digital Services
  • Promotions
  • Help & Support
  • Quicklinks

Fighting Fraud Together

 

We are committed to protect our customers from falling victim to frauds and scams.

 

As part of our commitment to promote cyber security, this page has fraud prevention tips and simple steps you can take to enhance your security knowledge and protect your money and personal data. 

 

If you think you’ve been scammed or your card is lost or stolen, or if you detect unusual or suspicious activity involving your bank account, remember to:

  • Inform the Bank immediately by calling our 24-hour hotline at +603 6204 7788. For Company account, you may contact our Business Call Centre at 1300 888 828 (Local), +603 2297 3000 (Overseas) from Monday to Friday (8.00am to 7.00pm) or Saturday (8.00am to 5.00pm excluding public holidays)
  • Lodge a police report
  • Notify the Bank with the police report at cru@cimb.com

 

Feel safe knowing how we work with you to prevent fraud and identity theft. We take that extra initiative to protect you as well as inform you on how to stay safe online.   

DOs and DON'Ts

  DOs DONT's
Protect your Personal Information
  1. Pay attention to your transaction alerts and check your account activities regularly. In case of any unusual activity, please contact us immediately.

  2. If you wish to contact us, ONLY call the number on the back of your card or refer to CIMB website “Contact Us” page.

  3. Always check the URL of the website that you are making purchases from. Ensure  the “lock” icon or “https” appears on the website’s address bar.

  4. Always find a reputable seller on online marketplaces by searching for reviews from other customers to know their experience. 
  1. Don’t panic and give personal information to fraudsters impersonating representatives of government agencies etc. even if they deploy fear tactics. Immediately call the number on the back of your card to verify with CIMB.    

  2. Never apply for personal financing through unverified links or individuals promising a lower rate. CIMB does not impose any application charges for personal financing applications.

  3. Never take instructions from anyone to change the mobile number in CIMB records to any number other than your own mobile number. 

  4. When transacting online, never continue with a purchase if you have any doubts if the seller is not genuine.  
Protect your Internet Banking / CIMB Clicks Details
  1. To access CIMB Clicks, type the entire URL as follows: www.cimbclicks.com.my

  2. Always remember to log out once you have completed your banking transactions.
  1. Never share details such as your card number / User ID / PIN / password / TAC  with anyone or key them in in any website other than CIMB Clicks. 
    (Note: CIMB will never ask for  your ‘User ID’, ‘Password’ or ‘TAC’ under any circumstances outside of CIMB Clicks). 

  2. Do not click on links or open email attachments from unknown / unreliable senders / sources.
    (Note: Emails from CIMB will always end with @cimb.com such as cimb.marketing@cimb.com
Safeguard your Cards & PIN
  1. Keep your cards and PINs in a safe place.

  2. Cover the keypad with your other hand while keying in your PIN at an ATM or at a Point-of-Sale (POS) terminal.

  1. Don’t write your PIN anywhere which is easily accessible to anyone.

  2. Never save your card details on your browser. 

  3. Never use easy-to-guess Card PINs such as date of birth.

Glossary
TAC: Transaction Authorisation Code

Access your bank account from anywhere.

Just safeguard your details everywhere.

Pay bills conveniently at our ATMs.

Just pay attention to your surroundings.

Receive banking updates via emails.

Just be cautious of its source.

Take our call at your available time.

Just check if the number is official.

NOTICE:

Subsequent to the recent press releases issued by a payment facilitator, we would like to assure you that we take your data security seriously.

 

At the same time, we also encourage you to monitor your online transactions regularly. Call the number at the back of your CIMB card to report any unusual activity.

 

For more info, click here to read the FAQs.

 

 

Read on for more details to safeguard yourself from frauds / scams.

Beware of financial scams promising unrealistic high returns. If it sounds too good to be true, it probably is. Do not be a scam victim. When in doubt, please call BNMTELELINK at 1-300-88-5465.

Email Scam
Email Scam (ENG)

Illegal Forex Scam (ENG)
Illegal Forex Scam (ENG)

Mule Account Scam
Mule Account Scam

SecureWord

Beware of financial scams promising unrealistic high returns. If it sounds too good to be true, it probably is. Do not be a scam victim. When in doubt, please call BNMTELELINK at 1-300-88-5465

 

Transaction Authorisation Code (TAC)

Transaction Authorisation Code (TAC) is a unique 6-digit code sent via SMS to your mobile phone for transaction authentication use.

Protect Yourself Online

Protect yourself and your computer/mobile devices!

Important things you can do to protect yourself and your computer/mobile devices.

At CIMB Clicks, we are committed to your online security and peace of mind. We use multiple layers of security to ensure that your Online Banking sessions are protected by a high level of security.

However, you also play an important role in safeguarding your computer/mobile devices and your online information. Below are the recommended things to do to keep your money where it should be.

Install anti-virus and anti-malware
Protect your devices from virus and malware by installing anti-virus and anti-malware software. To maximise your protection, update them regularly to make sure you always have the latest virus definition.

Avoid rooting or jailbreaking your mobile devices
It is not advisable to use CIMB Clicks App on a rooted or jailbroken device as they are more vulnerable to fraudulent attacks. A rooted or jailbroken device have minimal security, making it easier for fraudster to gain access to your personal details and other information stored or transmitted through your device and might result in illegally using it to perform transactions such as funds transfer.

Install a personal firewall

Firewall software and/or hardware helps provide a protective shield between your computer/mobile devices and the Internet. This barrier can help prevent unauthorised people gaining access to your computer/mobile devices, reading information from it or placing viruses on it while you are connected to the Internet.

Install anti-spyware software

Spyware is a general term for hidden programs on your computer/mobile devices that track what you are doing on your computer/mobile devices. Spyware is often bundled together with file sharing, email virus checking or browser accelerator programs, and it is installed on your computer/mobile devices without your knowledge to intercept information about you and your computer/mobile devices. The type of information gathered can include personal Internet usage, and in some instances, confidential data such as passwords. You can download and run a specialist program designed to help identify and remove threats from spyware. Like an anti-virus program, it also needs to be regularly updated in order to recognise the latest threats.

Keep your browser and operating system up-to-date

From time to time security weaknesses or bugs are found in browsers and operating systems. Usually 'Service Packs' are issued by the software company to make sure these are fixed as quickly as possible. You should make regular checks on your software vendor's website and apply any new security patches as soon as possible to ensure you have the most updated security features available.

Avoid running programs or opening email attachments from any source you do not know or trust

You should not install software or download any files from websites (e.g. programmes, games, screensavers) that you aren't completely sure about. We also recommend that you scan all email attachments for viruses and avoid opening any from people or organisations that you do not know or trust. However, some virus may forward infected email to everyone in an address book. Therefore, you can also get an infected attachment from someone you know. If you are not sure what is in the attachment, do not open it.

 

Important note: CIMB Bank or CIMB Clicks will never send you an email asking you to reconfirm or revalidate your Online Banking information via email or any links from an email. If you have received this sort of email, please contact us immediately at +603 6204 7788.

Be cautious when using public or shared computers/networks

If you access your accounts using a computer in a cyber café, a library or your workplace, try to ensure the computer has the latest anti-virus, firewall, anti-spyware and browser software installed. Although Wi-Fi is a convenient way for you to go to the Internet, it is not advisable to access your account via Wi-Fi connection, especially in public places like airports, hotels or shopping malls.

 

For more information with regards to online safety, you can visit CyberSecurity Malaysia at http://www.cybersafe.my.


Please click here to read more about malware protection.

Alert

It is advisable to to download the latest anti-virus and scan your devices regularly. This is to ensure that your online financial transactions are not performed using infected devices. Please stay vigilant when banking online. You may also refer to Cyber Security Malaysia for further action on infected machines. Please call us immediately at +603 6204 7788 or email to cru@cimb.com.

Types of Fraud

 

Malware

Malware stands for Malicious Software. It can be viruses, trojans, and spyware to "PC Optimization" programs that harm your electronic devices.

 

For even more detailed information about malware and protecting your electronic devices, click here.

 

For more guidelines on Malware Prevention, please refer to press release from Cyber Security, click here.


Phishing

What is 'Phishing'? 'Phishing' is a type of identity theft where criminals blast emails to a mass audience in their malicious attempt to bait you into fake websites.

 

You'll then be asked to disclose confidential financial and personal information, passwords, credit card numbers along with any other highly confidential questions.


SMS/Phone Call Scam

Customer receives an SMS or a call requiring him/her to call a given number to confirm a transaction involving customer's credit card or account information.


Money Muling

For fraudsters, transferring stolen funds directly into their accounts would make their whereabouts and activities be easily traced by law enforcement agencies. In efforts to stay under the radar, money mules are recruited or used to help facilitate the movement of funds to the criminals. In other words, money mules are used specifically to receive and transfer out stolen money.

 

Fraudsters will try to recruit customer to use their personal banking account as intermediary account by promising them rewards. Recruitment will normally be promoted via social media, chat sessions or even newspaper ads offering work-from-home job offers.

Security Alert

 

Stagefright Bug

A vulnerability is found on Android devices affecting almost 95% of its users. Attacker can exploit this bug through MMS (a type of message which can include text, sound, images and video) which allows them to take control of your device.

 

Tips to prevent being attacked:

  • Ensure you have the latest Android upgrade/patch installed.
  • Disable auto-retrieval of MMS.


Dridex Malware

Dridex operates by first arriving on a user's computer as a malicious spam email with a Microsoft Word document attached to the email. If the user opens the document, a macro embedded in the document will trigger a download of the Dridex banking malware, enabling it to first steal banking credentials and then attempt to generate fraudulent financial transactions.


DYRE Malware

A new variant of malware known as 'DYRE' is targeting online banking customers. The malware started from phishing emails. Hence, please do not respond or click on any hyperlink in an email to access to your Online Banking websites. Phishing email aims to steal your Online Banking User ID and Password.

 

These may be some of the signs that your computer could be infected by ‘DYRE’:

  • You are prompted to enter your User ID and Password repeatedly.
  • Your computer seems to be running very slowly compared to usual.
  • Unfamiliar screen after you login to your Online Banking site.

Please click here to read more about malware protection.

Alert

It is advisable to to download the latest anti-virus and scan your devices regularly. This is to ensure that your online financial transactions are not performed using infected devices. Please stay vigilant when banking online. You may also refer to Cyber Security Malaysia for further action on infected machines. Please call us immediately at +603 6204 7788 or email to cru@cimb.com.