Phishing
A social engineering attack where criminals impersonate trusted entities via email, SMS, or fake websites to trick victims into revealing sensitive information.
Phishing is one of the most common cyber threats faced by Malaysians today. Attackers send fraudulent messages — often disguised as emails from banks like Maybank or CIMB, government agencies like LHDN (Inland Revenue Board), or delivery services like Pos Malaysia — to trick you into clicking malicious links or sharing passwords and banking credentials.
How Phishing Works
- The attacker sends a message that looks legitimate — often urgent ("Your account will be suspended!")
- The message contains a link to a fake website that mimics a real one
- The victim enters their login credentials, OTP, or banking details on the fake site
- The attacker captures the information and uses it to steal money or data
Common in Malaysia
SMS phishing (smishing) is especially prevalent in Malaysia. Messages claiming to be from "Maybank", "Touch 'n Go", or "LHDN" asking you to click links are almost always scams. Legitimate organisations will never ask for your TAC or OTP via SMS.
How to Protect Yourself
- Never click links in unexpected emails or SMS messages — go directly to the official website instead
- Check the sender's email address carefully for misspellings
- Enable two-factor authentication on all important accounts
- Report phishing attempts to MyCERT (Cyber999) or your bank immediately