Take note Grab users, a Malaysian man recently shared how he fell victim to an e-wallet scam that cost him close to RM900.

Muhammad Syahir shared that the scam involved a fake friend on Instagram, his GrabPay account, and the Grab Activation Code (GAC).

Source: Mdroid

In his 16th May post on Facebook, Syahir recalled how it all started when a close friend requested to follow him on Instagram after creating a new account. “He messaged me and asked for my phone number via Instagram message. Without any doubt, I gave him my phone number, knowing that he probably has lost my phone number,” he called.


After getting hold of his mobile number, the scammer texted Syahir about GrabPay’s 8th Anniversary Campaign and asked him to look out for a GrabPay code. “The Grab Activation Code (GAC) was sent to my phone number. It was an activation code not TAC code,” he wrote, explaining he forwarded the code assuming that it wasn’t linked to his bank account.

Big mistake.

Source: Facebook

Syahir saw RM425 being debited into his GrabPay account via Visa 3248. A few minutes later, that exact amount was paid to UNIPIN (M) SDN. BHD. Syahir fell for the same trick not once but twice. Just like that, the scammer had stolen RM896.30 from 5 withdrawals through GrabPay (4 from his debit card, another from his Maybank2u).

In hindsight, Syahir noticed how the scammer only required the Grab Activation Code(s) to gain access and redraw from one’s bank accounts/ debit cards via GrabPay app. A similar incident also happened to his friend Patrick Saw (who lost RM405) not too long ago. Despite the police report, there’s little that can be done to obtain back what he had lost.

What are some of the e-Wallet Flaws?

  • Some e-Wallets allows credit / debit card transactions without CVV verification or OTP from the bank.
  • Some e-Wallets will not notify you about any first-time login attempt of a different gadget in a different location.
  • Some e-Wallets do not require users to set-up a secured PIN for any big transactions – e.g. more than RM100.
  • If your bank account is linked to your e-wallet, there won’t be any SMS notification for bank transfers to your e-wallet.

Here’s how you can avoid falling victim to such scams:

  • Don’t accept new friend requests on social media until you’ve verified with the person.
  • Don’t forward any code you receive. Why does your friend need it when it was sent to YOU?
  • Avoid linking your debit card/ bank account to an e-wallet. It is advisable to top up manually.
Source: Google Images

Feel free to read Muhammad Syahir’s full post here. Grab has also notified users on how to protect yourself from phishing scams.

Previous articleBTS’ Manager Gets Exposed For Using Company’s Van For Personal Reasons
Next articleJanna Nick Calls Out Merchants For Pressuring Her To Do Free Product Reviews
Usually awkward & quiet, but gets talkative once the conversation revolves around movies, TV shows, music, and entertainment. (Contact: [email protected])