- Insight
Media
Over the last year, payments have largely shifted online, whether we’re shopping online or going cashless in a shop. As such, scams have gone online too.
eWallets have been a huge part of this change in preferred payment method, so it’s no surprise that criminals have targeted them looking for easy money. Chances are, to some degree, all of us with a smartphone use one form of eWallet or another, making us vulnerable to potential scams.
What Are Some eWallet Scams Out There?
Since the emergence of eWallets, there have been some known cases of scams targeting eWallet users. Whilst they’re not as profitable as bank scams or Macau Scams since nobody puts their entire life savings in eWallets, victims may still lose around RM 1,000 to these small-time criminals.
The Fake Friend Scenario
Certain eWallets such as GrabPay eWallet only requires a Grab Activation Code (GAC) to make payments once you’ve saved your credit or debit cards. The code is sent to your registered phone number to be filled in and complete the transaction.
A real life case saw a scammer creating a fake Instagram account using the name of the victim’s friend. The scammer then messages the victim asking for his phone number. The victim obliged, and the scammer continued by saying a GAC would be sent to the victim’s number as part of Grab’s anniversary campaign. The victim sent the GAC to the scammer still believing it’s actually his friend, and the next thing he knows, nearly RM 500 was debited.
“Help Me Register an eWallet”
If someone ever offers you easy money to help them register for an eWallet by providing your NRIC number and name, don’t do it.
A case from last year saw a victim’s name and NRIC used for a new eWallet account, but it was registered under the scammer’s own number and address. This gave the scammer access to the victim’s bank account. In cases like these, criminals target low income group members and offer between RM 100 to RM 300 for their information.
Fortunately, most eWallets now require users to take a selfie with their NRIC for verification during the registration process, so it is unlikely this trick can be used again.
Fake eWallets
Cybersecurity companies have also warned people about the existence of fake eWallets. Do not click on just any online ads of eWallets you see, and definitely do not download them from suspicious links.
These are often malware that will infect your smartphone with data stored from your digital payments. Always verify and make sure your phone is installed with the latest cybersecurity software. Remember, when in doubt, do not click!
Ways to Avoid eWallet Scams
Avoid public WiFi networks
If you’re ever connected to a public WiFi network, there are tricks to maintaining the safety and security of your digital finances. According to TNG eWallet’s tips on “Cashless Confidential”, eWallet users can protect themselves by:
- Making sure they are on SSL VPN Security
- Switching off sharing on their phones (Airdrop for Apple users or NFC mode for Android users)
- Avoiding logging into personal accounts such as social media and bank accounts with public WiFi
Beware of phishing
Via phishing, scammers try to “phish” for victims through emails, messages, texts, calls etc. If successful, they can retrieve sensitive personal information from you such as your card details and social media login details. More often than not, they can use this information to gain access to your banking accounts.
The case of the fake eWallet is an example of a phishing attempt, where someone or something tries to assume the identity of a legit body or person. They might try to lure you in by sending you a text or email with seemingly official links to legit eWallets or banks that you can “sign in” to, to “change your password” or for something else.
Whenever you get emails like this, look out for misspelled domain names, extra subdomains, suspiciously blurry graphics and just bad use of language in general.
Limit information you put out there
As seen from some of the cases, information like your NRIC number and phone number can easily be used by criminals to access your eWallet or bank account.
It may be a smart thing to try and keep your information private, or at least not easily attainable by people you don’t know from the internet. Be smart about what you share with others!
Never give away authorisation codes sent to you
Authorisation codes refer codes sent to your phone to approve transactions such as One Time Passwords (OTP), Transaction Authorised Codes (TAC), or Grab Authentication Code (GAC.)
If you didn’t request for a code but got one anyway, don’t share it with anyone. This should ring alarm bells because someone tried using your phone number to make a transaction you don’t know about!
Bottom Line
eWallets have made life a lot easier and in light of the pandemic, safer as well. However, we need to be smart about how we use it; as things get more convenient for us, it may get more convenient for criminals as well!