Alert: Beware of

Alert: Beware of

SMS Scam Purporting to be from Maxis

Browsing Maxis Safely

Here is how to recognise fake websites and make sure you are browsing or sending information on the genuine Maxis website.
 

What is phishing?
  • A phishing scam usually begins with an email, SMS or instant message that looks like it is from a genuine business, such as Maxis or a local bank.
  • The message might use alarming news – falsely claiming you are late on bill payment, for example – to prompt you to respond quickly. 
  • The message may state attractive rewards for redemption with a small payment.
  • This message will usually include a link that directs you to a fake website if you click on it. 
  • The fake website will have a similar name and appearance to an official website. Scammers use it to trick you into revealing sensitive information or lead you to download ransomware or malware. Other your personal information, you may be asked to key in your credit card details for payment.
How to spot a fake website?
  • Double-check the domain name.
  • Look for a padlock symbol (but don’t rely solely on it for verification).
  • Examine the content closely for poor spelling and image quality.
  • Exercise caution with deals that appear too good to be true.
Thoroughly read the content

Watch out for forms asking for personal details that no credible business or organisation would ask you to reveal, such as your credit card PIN number. If you are making payment, please double check on the amount.

IMPORTANT: Never reply to phishing emails or submit your personal details into unknown forms on fake websites. It can lead to identity theft and money taken from your bank accounts.

Protect Yourself Online

Scams may be more frequent and common nowadays, but there are several rules we can follow to avoid them.

Protect your device

  • Use strong PINs and passwords. Avoid easy to guess PINs and passwords like ‘1234’, ‘0000’ and ‘password’. If your password is compromised in a data breach, change it immediately.
  • Avoid Rooting or jailbreaking. Jailbreaking your device can remove built-in security features, it will also make update of security patches difficult, leaving your device more vulnerable to malware, hacking attempts & other known risk.

Protect Your Data

  • Genuine businesses, organisations, and officials will never ask for your personal data over these channels out of the blue.
  • When in doubt, contact them via official channels such as a hotline listed on their official website.
  • Think twice before clicking on a link or opening suspicious-looking emails.
  • Pay attention to your app permissions (what your apps are allowed to do and access. E.g: location, call history, etc). Only allow necessary permissions.
  • Install anti-virus and malware protection.
  • Make sure your Wi-Fi is secure.

Stay Calm, Stay Vigilant

  • When someone on the phone claims to be a government official, a business or bank representative, do not let your guard down or rush into a decision.
  • Verify their identity and claim by calling the business or agency’s official phone number before taking further action.

New and Common Scams

These are the latest online and phone scams happening in Malaysia.

SMS, WhatsApp & Email Phishing

Scammers often pose as real businesses like Maxis using phishing emails, SMS or WhatsApp. They may contain links that take you to a clone of a real website where your personal information will be requested or ask you to make payment for an relatively small amount to redeem some rewards. This can lead to identity theft, unauthorised access to your bank accounts or tricked you into authorising payment for a much bigger amount than what was stated in the cloned website.

IMPORTANT: Maxis would never request for a customer’s credit card details or PIN number via email. If you are unsure of the authenticity of the message, do contact the organisation and verify.

Public Wi-Fi Scam

A public Wi-Fi scam is when a criminal creates a seemingly legitimate fake public WiFi network to steal personal information from unsuspecting users. On top of that, even a legitimate public WiFi connection can pose security risks as it can easily be hacked.

For example, you connect to a WiFi network at a cafe to make an online purchase. However, you may not realise that the attacker is collecting your login credentials, credit card information, and other sensitive data.

IMPORTANT: Maxis advises its customers to protect themselves from public Wi-Fi scams by verifying network authenticity, using VPN, and being cautious of entering personal information.

QR Code Scam

A QR code scam is when a criminal creates a fake QR code that looks legitimate to steal personal information or money.

For example, you scan a QR code at a restaurant and enter your information to order food and make payment. But the QR code was fake, and your information is actually being sent to the attacker.

IMPORTANT: Maxis advises its customers to verify the source of the QR code. Only scan codes from trusted sources, and be cautious of unexpected requests for personal information or payments.

Social Welfare Scheme Fraud

Social welfare scheme fraud is where fraudsters send text messages claiming to be a trustworthy organisation, offering financial aid. They may ask for information such as bank account numbers, causing victims to lose their money or become victims of identity theft.

An example could be receiving an SMS offering RM500 e-wallet financial aid, but in return, victims are asked to provide their bank details, leading to unauthorised transactions.

IMPORTANT: Maxis reminds customers to be vigilant against social welfare fraud. Do not disclose personal information to unknown sources and protect yourself by verifying information sources.

Wangiri Fraud

Ever received missed calls from international numbers you do not recognise? They are likely scam calls generated by fraudsters. They will call a user and hang up right before it is answered, hoping the person will return the call. These numbers are charged at premium rates, and users who call back will be hit with exorbitant charges.

IMPORTANT: Never return calls to international numbers that you don’t recognise.

Browser & Pop-up Scam

When browsing the web, you might encounter pop-ups that ask you to click on a link to fill out a survey or choose a gift box to win a "prize" (such as phones, electronic devices or accessories). You will then be led to a payment page where you have to “redeem the prize” by paying a small amount via credit card, or enter your personal details or bank details.

IMPORTANT: Maxis will never ask you to fill out forms with personal details. If you are browsing the web and receive this pop-up, please exit the browser immediately.

SIM Cloning

SIM cloning is a serious issue whereby a scammer creates a duplicate of your SIM card to access information stored on your phone.

For example, you receive a notification of unusual activity on your account. Turns out your SIM card has been copied, giving the scammer access to your personal data and mobile number, possibly resulting in financial loss, identity theft, and unauthorised use of your phone number.

IMPORTANT: Maxis will never compromise on the security of its users and is continuously implementing advanced measures in protecting against SIM swapping, with secure authentication processes and customer education.

TAC Scam

Transaction Authorisation Codes (TAC) are a security measure to prevent unauthorised transactions and activities, but scammers have found different ways to get around the system.

For example, scammers try to obtain the TAC such as impersonating a Maxis employee and contacting the victim to “reward” them with free data and credit. The unsuspecting user is asked to share the TAC received via SMS before receiving their prize, but when they do, credit is syphoned from their prepaid account.

IMPORTANT: This method can also be applied to your bank account.

Android App Scam

Targeting online shoppers, this scam tricks buyers into downloading an APK file on their phone to obtain their personal details.

Scammers would use social media to advertise services for sale. Upon agreement, victims have to download an APK file and are asked to register their personal information, email or even credit card number. A 'page error' would pop-up upon registration, and scammers would take this opportunity to syphon money from victims’ bank accounts.

IMPORTANT: Avoid downloading APK files, especially from unverified sources.