Online banking scams have become one of the most common ways for scammers & criminals to access your personal and financial information.
According to Nst.com.my, Malaysians suffered RM2.23 billion in losses just from cyber-crime frauds since 2017. Scammers all around the world have an arsenal of tricks to use to get hardworking people to give up sensitive information like bank account numbers, passwords and even OTP numbers.
But, before we get into how these scams happen and how you can stay safe from them, the team here at BigPay just want to give you an update on what the team is doing to ensure that your money and accounts are safe with us.
An Update From The BigPay Security Team
October 26th 2021 Update:
As part of our commitment to always improve BigPay’s security, we have upgraded the way you log into your BigPay app. Instead of the normal 6-pin OTP SMS, you will receive a dedicated login link that will send you immediately to the BigPay login screen.
This login link ensures that only a phone with YOUR mobile number can log into your BigPay account.
With regards to BigPay’s overall security:
BigPay's database has not been hacked! We are always 100% secured.
How scammers portray themselves:
Scammers often impersonate BigPay employees to get your information (OTP, login links, post code, NRIC etc.)
Scammers often contact you via phone calls or WhatsApp.
Common excuses used to obtain your info include upgrading your card, changing your card’s colour, lucky draws or free BIG Points
What BigPay doesn't do:
Sell your personal information (phone numbers, NRIC etc.)
Ask for your personal information
Contact you via WhatsApp
Offer red, limited-edition, platinum or any other cards apart from our standard blue card
We know that it can get scary and very worrying when you keep getting these phone calls or messages. Just ignore them or report it to us via BigPay’s in-app chat and our team will make sure that these scammers are then reported to the relevant authorities! Stay safe! 💙
Where Are We At Today With Online Banking Scams?
With the boom of technology over the past 2 decades, everything has become simpler. We saw the true importance of the internet even more so during Covid-19.
Suddenly, you don’t have to leave your house anymore and most times you can get anything you want just sent to your house. Sadly, with that comes problems like increased online security threats as well as online fraud scams.
Scams happen everywhere. Just in April of this year, the Malaysian Communications and Multimedia Commission (MCMC) advised the public to stay vigilant especially with these new tactics that force you to give up personal information.
The MCMC uncovered various tactics used by these scammers to get you to give up your hard earned money.
When there's money involved, there will be scams. BigPay isn't the sole target of scammers - banks, telcos and other financial service apps out there are being targeted too!
Here are a few examples of the common scams aimed at BigPay users, including a scammer who faked a NRIC and a BigPay employee pass!
These online scammers will stop at nothing to try to get you to give up your personal and private information.
What Are Some of The Most Common Schemes?
Suspicious Text Messages
Most times they will send you a text message with a few links. These messages could be a number of things. Sometimes it’s a security issue with your bank account and they need you to click a link to save your account. Or sometimes, they will say that you have won some money and that if you want to redeem the cash, you will need to click a link.
Most times these links send you to a fake website that they have set up that looks exactly like banking websites. In the background, they are just waiting for you to use your banking username and password so that they can collect it, thus giving them full access to your accounts.
These scams are happening across the board from from most reputable banking institutions in Malaysia to even Bank Negara Malaysia themselves.
Screenshot above taken from the BNM website.
Suspicious Phone Calls
These phone calls can be from anywhere. We have had reports of Malaysian phone numbers as well as Indonesian phone numbers. Most times, they have the BigPay logo as their profile image.
Some of the stories they use are:
That BigPay is replacing your old card to a new one
That BigPay has introduced a new type of card (Red, Platinum) and the customer has been chosen to receive it
That the customer has been chosen to receive free Big Points
That the customer has been chosen to receive promotional prizes
Trust us, almost every time, this is not true. BigPay will never ask for your personal information. Especially when it’s not prompted. The only time a staff from BigPay will ask you to validate any personal information is if you call us and we would need to confirm your identity.
Even then, we will only ask for partial information just to ensure that we are speaking to the right person.
What's really happening behind the scenes?
Here are a few myths and truths of these scams:
Myth: BigPay’s database of phone numbers have been hacked or leaked.
Truth: BigPay’s database is 100% guarded and secured against any leak or breach by scammers
BigPay is audited regularly to maintain our compliance with banking security and safety regulations. On top of that, we have specialist teams who work around the clock daily, to implement new security features and we continuously liaise with the relevant authorities with their ongoing investigations.
So, how do scammers gain access to phone numbers?
Illegal businesses are selling consumer data, particularly telephone numbers. If you’ve given your mobile number somewhere (think online shopping sites or even in-store MCO registration books), your number can be sold to scammers.
Scammers have turned to technology to scrape as much data as possible from LinkedIn and Facebook.
Scammers also pay people to take screenshots of phone numbers in WhatsApp groups and target these numbers.
Myth: BigPay lets the authorities handle security issues
Truth: BigPay’s security team is working around the clock to report scammers and improve our security systems
We take your security seriously. In fact, we have dedicated teams who are constantly fighting against scammers. Here are a few snippets of what we do to strengthen BigPay’s security:
We are systematically initiating efforts to take down any website or social media page that’s impersonating us
We report to authorities on the WhatsApp numbers used by scammers
We are training our machine learning system to flag and recognise scam behaviours, allowing us to protect vulnerable users before anything happens
Our algorithm is becoming better every day at catching scammers early, and we are systematically banning scammers’ BigPay accounts
We have strengthened the password reset requirements by adding two-factor authentication, with all existing features being constantly worked on to protect our users.
In addition to that as of 26th of October 2021, we have just upgraded the way you log into BigPay, which is via login links. These login links ensure that only an app on a phone with your phone number registered to it will be able to access your BigPay account
Myth: BigPay refuses to help customers when scams happen
Truth: If you share your OTP or login links with a scammer, there is little BigPay can do to stop scammers from accessing your money immediately
If you give away your OTP or your login links your money is immediately at risk.
While we can freeze any transactions from happening if you alert us, chances are, your money will have been quickly transferred out once you share your login links or your OTP.
Rest assured that the BigPay team will always send reminders, updates and support messages to always remind you how to navigate the app safely at all times.
The BigPay customer support team is always here for you if this happens to you and we are always reporting these instances to the relevant authorities at all times.
How Do You Stay Safe And Avoid These Online Scams?
More often than not, if it sounds too good to be true, check with us in our in-app chat to see if it's a scam attempt or not!
Here's a list of what BigPay doesn't do:
Ask for your personal information via calls, SMS or WhatsApp
Ask for your login links or OTP’s to be shared outside the app, under any circumstances
(BigPay's OTPs will come with a warning)
Call you or WhatsApp you to give you a prize
Give free BIG Points (we do BigPay promos, not free points)
Give red, customised, premium or limited-edition BigPay cards
Use WhatsApp to help you replace your BigPay card (we do this via emails and in-app chat)
Recruit you to be part of a giveaways, lucky draws, special rewards or contests (we do this through emails and push notifications, not WhatsApp!)
What is BigPay doing to keep everyone's money safe?
Constant reminders - when we detect unusual behaviour on your account, we’ll send you a push notification, an SMS or an email to remind you of never giving your OTP or your login links
Freezing your account - if it seems serious enough, we’ll proactively freeze your account to guarantee the safety of your account
(Example of BigPay’s systems taking the necessary step of blocking cards)
Multiple authentication levels - to log into your account, you need your passcode, your official login link, an OTP sent to your registered phone number and even Touch ID, Face ID & Face Unlock
Give you the ability to freeze your card immediately - lose your card or see a suspicious payment? Just freeze it and chat with us so we can help you with the issue. (Settings > Support > Chat with us)
3D Secure - when you pay on a website, you will need to fill in your card details, your CVV and key in an OTP that we send to your mobile
Constant reminders - we remind all our users on the app at least once a week!
(Here’s what all BigPay users will see regularly on their BigPay app)
Lastly, It’s A Team Effort
While we’ve taken plenty of measures and are still amping up and improving our security, scams are still happening because there are people who fall for them.
That’s why it’s key for you to never share your OTP or login links. Ever.
If the battle against scammers is fought from both BigPay’s end and through your vigilance, they’ll realise that it’ll simply have no returns and will stop harassing you for your OTP or your login links!
For more info on how BigPay keeps your money safe, read this!
If you've been affected by a scam, chat with our team inside your BigPay app immediately or send us a message to firstname.lastname@example.org
Just heard about BigPay?
We're more than just a money transfer service. We’re that blue card with the best exchange rate anywhere in the world! 🌏 We also give you the tools to manage and track your spending the smart way. Like what you hear?