WHAT IS PHISHING
In short: With phishing scams, people trick you into giving away your account information.
Phishing, a word originated from password + fishing, is a type of identity theft where spam messages are sent through emails/SMS to tempt the victims to update their login credentials. More often than not, the victims are deceived to tap on a bogus hyperlink given by the fraudster where the victims will then be redirected to a fake login site that looks identical to the genuine website.
Phishing websites and emails often resemble the genuine site. Therefore, unsuspecting victims may answer to them and give out confidential personal data that can result in identity theft, fraud and frequently financial losses.
Let’s look at the most common ways people get tricked.
COMMON PHISHING TACTICS
In email phishing, fraudster send you emails disguising as an important alert sent by iPayEasy, urging you to give out you personal data including login credentials or taking you to a phishing website.
Phishing websites are setup to look like iPayEasy’s website. Yet any interactions you made with the fraudulent website, e.g. download iPayEasy mobile application installer, or log in to iPayEasy, are recorded (read:stolen) by the fraudster.
Telephone or SMS phishing
Certain fraudsters make calls to you or send you a text message, disguising as iPayEasy employee, conveying urging messages to have you to give up your account password or other information to them. (see section “Common trick message sent by scammers”)
Search Engine Advertising phishing
Comparatively new, search engine adverts phishing are used by fraudsters to trick you to a phishing site when you are using search engine. With this tactic, fraudsters post search engine adverts which looks like a legit link to iPayEasy official website, but instead takes you to a lookalike phishing site.
SPOTTING A PHISHING SCAM
Commonly fraudster will send messages (through email, sms or calls) with the below listed intent, to trick users in giving out their personal data including password. As an effort to combat frauds, iPayEasy will NEVER communicate to you for such intents.
Common trick message sent by scammers:
- Requires you to submit your personal information directly into the e-mail or online.
- Threatens to close or suspend your accounts if you do not respond.
- Claims there are unauthorized transactions on your account and requires your account information.
- Claims that your account has been compromised and requests you to enter, validate or verify your account information.
- Requires you to enter your card number, password, user ID or account numbers into an email, pop-up window or non-secure webpage.
- Requires you to confirm, validate, verify and/or update your account or credit card information.
- Requires you to confirm your IP address.
If you receive emails or SMS like these:
- Do not follow the instruction written in the email or SMS
- Report the incident to us via firstname.lastname@example.org
If you receive calls like these:
- Cut off the conversation
- Do not provide any personal data
- Report the incident to us via email@example.com
If you are unsure, please call us at +6 03- 7664 8484
1. Only download ipayeasy from Google Play Store
iPayEasy will NOT include any download link to install iPayEasy mobile application, across any form of our communications (i.e. email/SMS/websites)
2. Protect your password
- Do not share your password with others.
- Create STRONG and UNIQUE password, by combining a mix of different character types: letters (upper and lower case), numbers, punctuation marks, etc.
- Regularly change your password.
3. Protect your Transaction PIN
- Do not share your transaction pin with others.
- Avoid using combination of numbers that can be easily linked to your identity, e.g. birth date (yours nor your family’s), your IC numbers, your phone numbers, your car plate number etc.
- Avoid using simple PIN, e.g. incremental, decremental or repetitive numbers
- Regularly change your transaction PIN
4. Site Authentication
If you are visiting iPayEasy’s informational website, check on the below to ensure you are on a genuine site to keep up with our updates.
- Observe the lock icon located next to the browser’s address bar.
- The certificate should only be for https://www.ipayeasy.com and no other websites.
We also recommend that you key in the url https://www.ipayeasy.com manually.
5. Keep your device secured
- Ensure all your devices are secured from threats. Install antivirus software for your PC, browsers and mobile phones.
- Avoid rooting or jailbreaking your mobile device.
- Always keep your browsers up to date. The latest version of several browsers can detect and warn you when you are about to enter a suspicious/phishing site. When such alerts pop up, DO NOT PROCEED.
6. Phone/Credit Card Scam
- If you receive calls regarding your iPayEasy wallet, claiming to be from any financial institutions or iPayEasy, please DO NOT share your username, password and transaction PIN number.
- You are encouraged to take precaution when giving out any confidential personal data (including your credit card number) over the internet, phone or any other channels.
IPAYEASY’S EFFORT IN FIGHTING PHISHING FRAUD
Being a Malaysian homegrown ewallet service provider, we are under the purview of Bank Negara Malaysia (BNM). We are compliant to Bank Negara’s E-money regulation and has built iPayEasy’s ecosystem fully based on BNM’s IT security requirements. While Bank Negara impose strict requirements to all e-money operator in Malaysia, we at iPayEasy are committed to work with you as our users to combat phishing activities.
As part of our anti-phishing efforts, iPayEasy subscribed (yes! we invested to keep your risk low) to professional monitoring and takedown service to reduce our phishing attack risk. Our monitoring runs 24 x 7 across the web to ensure early detection of any possible phishing. To safeguard iPayEasy users, we are committed to take down suspicious phishing site, including previously removed sites if it attempts to be reactivated.
We will consistently share information on online security, to help you understand better the latest threats and to protect yourself from these threats. These content will be shared through our official website iPayEasy Security Tips Page & our social media pages. We will notify you through email or in app notification whenever there are new security updates on iPayEasy.
As time changes, so will the threats we face. We wish to assert our commitment towards ensuring a safe and secure platform for our users. The process of combating these threats will be a continuous effort, iPayEasy will work closely with Bank Negara Malaysia as well as our security experts to curb any phishing threats, and we welcome you to join hands in protecting yourself from falling victims to these phishing scammers.