Fake Bank Messages in Malaysia: Maybank, CIMB & More

Fake Bank Messages in Malaysia: Maybank, CIMB & More

Fake bank messages have become one of the most dangerous and convincing scams in Malaysia today. They don’t come with broken English or strange phone numbers anymore. Instead, they arrive quietly — often under the same message thread as your real bank alerts — using familiar names like Maybank, CIMB, Public Bank, RHB, or Bank Islam. By the time victims realise something is wrong, their savings are already gone.

These scams usually start with panic disguised as protection. A message claims there’s been “suspicious activity,” a “temporary account block,” or a “failed transaction.” The wording feels urgent but professional. Victims are told to click a link immediately to secure their account. The link leads to a fake banking website that looks almost identical to the real one — logos, colours, fonts, even customer service wording are carefully copied.

Once victims enter their username and password, the trap deepens. The fake site asks for TAC or OTP codes, claiming verification is needed. In reality, those codes are being used in real time by scammers to log into the victim’s actual bank account. Within minutes, money is transferred out, often split into multiple mule accounts to make tracing difficult. By the time the victim calls the bank, the funds are usually unrecoverable.

What makes fake bank message scams especially effective in Malaysia is SMS sender ID spoofing. Scammers can mask their messages to appear under legitimate sender names like “MAYBANK” or “CIMB,” merging seamlessly with previous genuine alerts. This breaks one of the most basic safety rules — “check the sender” — because the sender looks real. Many victims assume banks would never allow fake messages under official names, but the technology has already outpaced public awareness.

Another layer of danger is WhatsApp follow-ups. Some victims receive a bank-style SMS first, then a WhatsApp message from a “bank officer” offering assistance. The scammer sounds polite, knowledgeable, and calm — exactly how Malaysians expect bank staff to behave. Victims feel reassured and continue following instructions, unaware they are being guided step-by-step into emptying their own accounts.

Language plays a key role too. Scammers now use fluent Bahasa Malaysia, proper English, and even local banking terms like “akaun dibekukan,” “transaksi tidak dikenali,” or “pengesahan segera.” This local flavour lowers suspicion and creates a false sense of legitimacy. The scam doesn’t feel foreign — it feels local, official, and routine.

The uncomfortable truth is this: banks will never ask for your login details, TAC, or OTP through links or messages. Yet fake bank messages succeed because they exploit fear, speed, and trust. Malaysians are conditioned to respond quickly when money or authority is involved.

Until more people understand how these scams actually operate — not just what they look like — fake bank messages will continue to drain accounts across the country. The safest habit is boring but powerful: never click banking links from messages. Open your banking app manually. And when in doubt, stop. That pause could be the difference between safety and loss.