Thursday, December 4, 2008

Maybank2u Email Fraud

Recently i came across with an email regarding a fake Maybank2u link being circulated on the internet by asking users to log in with their username and password as well as the TAC. After users went to the fake website to key in their username and password, both of the data would be sent straight to the hackers where they would gain access to your account and "sapu" all your years of hard-earned savings.

Therefore, I would like to share with you guys on 3 simple ways to verify the authenticity of an email sent by big companies such as Maybank.

Based on the attached photos in this email:

1. Look at the Email Address
- The sender's email address is "" as you can see from the first photo. A big company like Maybank should have their own domain and server, which means if the email should be from the real Maybank staffs, the email address should end with "" and remember that COMPANIES will NEVER use free email services such as YAHOO, HOTMAIL or GMAIL.

2. Look at the URL (Website Address)
- The website as you can see is "" and most importantly is to look at the main domain name, which is "". After the end of the domain name, people can put any names they like, in this case, it's "Maybank-Online.htm" where the culprits want to convince people to think that the website is really related to Maybank. So always look at the domain name to see if it's suspicious first. Currently the legitimate website for Maybank2u is "", and no one else can use this domain name to cheat on people as it's already registered by Maybank.

3. Look at the Email Header
- Also from the first photo, you could see that the email started with "
Dear Valued Maybank Customer". If it was really an URGENT notification by Maybank, they would greet you by your FULL NAME and most probably Maybank would prefer to call you instead of sending you emails. Just remember that when important and confidential things such as asking for your personal information or changing passwords related to banking, credit cards or $$$, most of the emails are FRAUDS and the real companies will never risk by emailing such essential notifications to you (when they know not everyone knows how to use the Internet or check their emails frequently), instead they would just call you or send a letter straight to your doorstep.

Be smart and alert when using the Internet!