At M2U, your security is our priority. However as online banking becomes more popular, M2U increasingly becomes a target of criminals. Unlike robbing a physical bank, these cyber criminals directly target you, the consumer, in attacks known as phishing schemes.

The M2U team sat down with our Head of Cyber Security here at Maybank to find out what phishing is and how the consumer can avoid it. Here’s Part 1 of our series on Phishing: What It Is And How To Avoid It.

Can you please explain what phishing is?

The term ‘phishing’ describes a scam, or fraud, designed to obtain private information like passwords and credit card numbers. Usually, criminals carry out phishing attacks by pretending to be a trusted party like Maybank and tricking you to reveal your online banking username, password and Transaction Authorization Code (TAC) to them.

The most common form of attack involves sending phishing emails with links to a fake M2U phishing website that is actually controlled by the criminals. Phishing emails are designed to appear to have been sent from Maybank and contain official-sounding messages that prompt users to update their account information.

Unsuspecting users who follow these instructions are brought to a site they think is M2U, but is actually a fake site controlled by the criminals. When the user updates his/her account information, their username, password and TAC are revealed to the criminals.

The criminal can then login to the user’s account on the real M2U. Once inside, the criminal can transfer funds from the victim’s account.

What steps does M2U take to prevent phishing scams?

M2U employs encryption technology to ensure the safety and confidentiality of your transactions. However, because phishing scams are forms of social engineering that trick the user, precautions at the system level are not enough to prevent phishing scams.

The first defence that M2U deploys against phishing is TAC, or Transaction Authorisation Code, to add a second layer of authentication to the login process. The TAC is sent directly to the user’s mobile phone to verify the transaction request and user’s identity for certain transactions in M2U.

We also have dedicated staff that monitor all user account activity. If any weird activity is detected, they will alert Customer Service to verify the transaction in question.

Lastly, M2U plays and active role in helping the Malaysian Commission for Multimedia and Communications (MCMC) and the Malaysian Computer Emergency Response Team (MyCERT) to identify and shut down phishing sites which M2U users have reported, or the ones the team has discovered.

What steps does M2U take when a phishing scam is reported?

Once M2U is notified of phishing emails or websites, we do some internal investigations to locate the sender of the phishing emails and the web hosts of the phishing websites. We then pass on this information to MCMC and MyCE

Tags