Maybank is the largest bank and financial group in Malaysia and it has a pretty good and complete online banking system. I have been using it for many years to conveniently pay my bills online and to transfer funds without even going to an ATM machine or to the bank. Recently there has been many fake Maybank2u websites created by phishers to steal the username and password. I don’t know why they even do it because transferring funds to a third party account that is not saved into the favorites requires to key in the random unique TAC code that is sent to the mobile phone and that number can ONLY be changed in the ATM machine. So there is no point in stealing an unknown user’s maybank2u login information.
Here is one that I’ve recently received on my personal Hotmail account. It is claimed to be sent by servicenotify@maybank2u.com with the subject Important Alert. The body the of email says the following:
Dear Customer,
During our last security update, we noticed problems with the security image on your account. You are therefore required to verify your account and select a new securuty image. As an additional security verification, you will be required to verify your security question and answers.Click Here to Continue
Thank you for using Maybank2u.com
Clicking on the link brings me to a site that looks like the real Maybank2u website. This phishing site is created by an amateur because:
1. The email headers shows the IP address of the sender. To view the email headers in Hotmail, at the top right where you see the Reply link, click on the drop down arrow and select “View Message Source”. If you don’t know understand the headers, you can paste it to ipTRACKERonline Email header analysis which will do all the work for you and present you with an easy to understand information.
2. Images are pulled directly from Maybank2u website. Maybank2u.com has implemented hotlink protection that when unofficial website uses the images that is from their server, it shows a red warning box “FAKE SITE, LAMAN WEB PALSU”.
3. Did not turn off directory listing. I am able to view all the files from the directory.
The website is obviously hacked by exploiting one of Zen-Cart’s shopping cart software because it is not up to date, allowing the phisher to gain access to the directory and uploading the fake Maybank2u website. KeyScrambler will not protect you against phishing but LastPass will since it only logs on to the real website. A question that I couldn’t answer is how did the phisher got my personal email in the first place?
Related posts:
hey guys be aware , this same man is behind the scam, check in google
You are not alone. But I didn’t lost much.
I met him on anotherfriend.ie site. Widower with one child etc….. His life story was very similar. His said his name was Bryan Ronald Brook (bb112 users name)from Portsmouth, VA. He was born in Aberdeen, Scotland, grew up in both (Mayo) Ireland and Bahamas, his mam was an Irish woman, while his dad was a British, the spent most of their lives together in Bahamas and States. He says he is an independent contractor/senior supervisor, currently working on a contract with Ridzo-Group, here in Valencia, Spain. His mail address bryanbrook62@live.com (home) and bryanb@ridzo-group.com (work). He left the site as bb112, but he is back as 4 different person as:
bryan2kn2
ronbro2kn1
bbron2kn1
moore2kn1
Different Pictures but this is the same man.
And I have reason to believe that he is also using other people pictures.
He seems to be very active on ALL dating sites.
If you google bryanbrook11, his picture will come up on some of the sites.
too many phising sides. Need to be careful!!
@RDX
As you can see Raymond article
Dear Customer,
During our last security update, we noticed problems with the security image on your account. You are therefore required to verify your account and select a new securuty image. As an additional security verification, you will be required to verify your security question and answers.
Click Here to Continue
Thank you for using Maybank2u.com
It’s say “Dear Customer” they just send out to Malaysia email database. I believe they purchase somewhere.
I also wonder why they able to transfer the money out since TAC is unique code. If they able to clone the magnetic strip, they just take money from ATM, why need to change this and that.
Hopefully got more info about this. I am interest on it.
not only Maybank2U, recently I received a lot of phishing emails that claimed to from CIMB!
Hi Ray,
I received an email from you about lastpass, but the reply email address wasn’t valid. Not really sure how else to reach you. I don’t think the email from the contact page went through either.
Sue N.
I totally agree is people from maybank actually sell our info/ being hack by the people. before this i never get this kind of email but i get it just the day I register a new maybank account. luckily i didn’t activate maybank2u if not I think I’m sure will believe its a true site
This maybe a clue how the phisher got yr email, discontent employee (IT) of the bank,sold the data base or way the IPS was hacked (again discontet IT empployee)
Since I started commenting on blogs, phishing emails were hunting me. Maybe the ” will not be published ” statement is not real after all or people by a way or another can access and see the emails that are required to reply. So, I’ve created a new account, but I didn’t use it to comment on any blog. the result was as expected, I have yet to receive any phishing emails :). Who should take the blame ? the answer is obvious, it’s you ” the commentator”.
Hi Ray, great article, but maybe they just want your password in order to go into your email.
How did you manished to do a directory listing?
I myself have received many of these phishing scam from Maybank2u. I never open the message as i know there will not be any message sent by the bank unless a formal letter sent to your home.
yeah very important posts..i hope its for the users…
@RDX: Yeah we will never expect an attack until it happens to us. If they did clone my card’s magnetic strip, they have to try harder in trying to phish my account. Anyway I have very little money in my Maybank account, just enough to pay my Internet bills :P
@Ajay: LastPass and KeyScrambler works differently, both provides different layer of protection.
why did u say that lastpass is a better option to keyscrambler
thanks for educating us :)
Thanks for this good info… all the more info to watchout while online banking… M2U dont sent emails to their client any way…
Ray,
You should cc what you say above to Maybank, this will help them to fight against Phishing scam site.
nice info…ip hide!
Hey Ray may be you are not an unknown user to them and they are targeting you as they know your online income resources lolz and yeah once they get your id and password they may or might have already taken your card`s magnetic data to clone it as they sent you the email in hotmail that too for your Bank page how cum they know that this user whois YOU has this bank details??????
I know you are pretty smart in all this trojan,phishing and other tits bits of hacking but still a clue sometimes we think advance and forget the minor loopholes
Thanks for the heads up Ray ;).
Ray,
Thanks for this informative post again. I suppose facebook and google and the other parties with whom we register our email address, do give out the email to others.
I found out suggestions to like people with whom I have shared my email address. Anyway thanks for the tip on lastpass. You rock as ever. :D