Thursday, February 26, 2009

I Crippled a Maybank2u Email Scam!!!

Okay so I got this email supposedly from Maybank. And for the first time in my life, I almost fell for it. Actually this guy's trick is pretty good. The email header was legit and he's got a phishing site elsewhere. So what he did was trying to get you to go into your maybank2u account get ur TAC number. A TAC number is a code which u need if u want to do any online transactions which is a really good security measure cuz u can only request a TAC number with ur ATM card at an ATM machine or request it online and have it delivered to ur phone.

--- On Mon, 2/23/09, maybank2u [notify@maybank2u.com.my] wrote: (note the email address is legit!!!! WTF!!!)

> From: maybank2u
> Subject: Dear maybank2u customer,
> To:
> Date: Monday, February 23, 2009, 6:30 PM
> Untitled Document
>
>
>
> Dear maybank2u customer,
>
> We are hereby notifying you that we've recently
> suffered a DDos-Attack on one of our's Internet Banking
> server. For security reasons you must complete the next
> steps to verify the integrity of your
> maybank2u account. If you fail to complete the verification
> in the next 24 hours your account will be suspended.
> Here's how to get started:
> 1. Log in to maybank2u online account
>
>
> (click here).
> 2. You must request for TAC online via
> maybank2u - your TAC will be sent via SMS to the mobile
> phone number you registered at the ATM.
> ( you can find the "request a TAC" button in the
> right menu of your account
> "Utilities" )
> 3. Logout from your account and close the browser.
> 4. When you have received the TAC (Transaction
> Authorization Code) on your mobile phone, Log in to our
> secured verification server and submit the requested
> information(Account user ID, password and TAC).CLICK HERE to
> go on our secured server.
> 5. Please allow 48 hours for processing.
>
> Please comply and thanks for understanding.
> © 2009 maybank2u
>
> Note: Please do not reply to this email.
> This mailbox is not monitored and you will not receive a
> response.


So the link from the email led me to the MAYBANK2u website. I checked it out and it was also legit. Logged in and requested a TAC number and then went to the next link. The supposedly "secured server" and another page popped up with Maybank stuff on it. There i was given 3 empty boxes to fill in. My user name, password and TAC number. At this time I was still unaware and keyed in my user name and password, but when I wanted to key in my TAC number, something caught my eye. On the fake site, they had the same design and text and logos and everything including this particular phrase which actually saved me. it says that "Maybank will never send u email links" so I immediately stopped what I was doing.

I scrutinized the page a bit more and noticed that the url was weird. It wasn't a maybank url. it read systemqwe. So then I did a google search and found out that this was indeed a scam site. Some guys did an ip trace or something and found it to be hosted on someplace where it wasn't supposed to be. Heck, even the maybank logo was hosted on flickr. With that, I forwarded this email to maybank and asked them whether this was legit. And finally they replied my email with this. The site was blocked. WOOOHH!! I guess this makes me the one who crippled this scam!!!! I'm a hero!!! I'm so cool!! i saved so many people's monayy!!!! haha!!! and also just for kicks, i logged in to the scam site after i sent the report email to maybank cuz by then I was already pretty sure that it was a phishing site and keyed in FUCKYOU as the username and password (with numbers for the password) lol!

So yea, the moral of the story is. The internet is a dangerous place. So always be cautious especially with your personal identity and ur money!!!!!



Dear Sir/ Madam

Thank you for your email.

We appreciate your effort in forwarding the e-mail to us. We would like to inform that the e-mail received is not true. Our Cyber Security Team has taken action to close the URL.

Meanwhile, kindly ignore the email and we advise you NOT to log on to any website links contained in an e-mail. We wish to highlight that Maybank will never send emails to customers requesting for personal information.

Should you require any further assistance, you are welcome to contact our Customer Service Executives at telephone number 1 300 88 66 88 or 03-7844 3696 (overseas) 24 hours a day , 7 days a week.


Best regards,
Ratna
Maybank Group Customer Care

3 comments:

siddiq said...

wohoo!! amir is the new superhero in town.. Abang key dah xde.. now is the era of Abang Mir!!

Izyan Izzaty said...

haha!!!!!new hero is here!!!congrats~

hows the feeling of saving others>?

lalala~

Anonymous said...

OMG ... how dumb one can be.