Take note Grab users, a Malaysian man recently shared how he fell victim to an e-wallet scam that cost him close to RM900.
The e-wallet user shared that the scam involved a fake friend on Instagram, his GrabPay account, and the Grab Activation Code (GAC).
In his 16th May post on Facebook, he recalled how it all started when a close friend requested to follow him on Instagram after creating a new account. “He messaged me and asked for my phone number via Instagram message. Without any doubt, I gave him my phone number, knowing that he probably has lost my phone number,” he called.
After getting hold of his mobile number, the scammer texted him about GrabPay’s 8th Anniversary Campaign and asked him to look out for a GrabPay code. “The Grab Activation Code (GAC) was sent to my phone number. It was an activation code not TAC code,” he wrote, explaining he forwarded the code assuming that it wasn’t linked to his bank account.
The Malaysian saw RM425 being debited into his GrabPay account via Visa 3248. A few minutes later, that exact amount was paid to UNIPIN (M) SDN. BHD. He fell for the same trick not once but twice. Just like that, the scammer had stolen RM896.30 from 5 withdrawals through GrabPay (4 from his debit card, another from his Maybank2u).
In hindsight, he noticed how the scammer only required the Grab Activation Code(s) to gain access and redraw from one’s bank accounts/ debit cards via GrabPay app. A similar incident also happened to his friend (who lost RM405) not too long ago. Despite the police report, there’s little that can be done to obtain back what he had lost.
What are some of the e-Wallet Flaws?
- Some e-Wallets allows credit / debit card transactions without CVV verification or OTP from the bank.
- Some e-Wallets will not notify you about any first-time login attempt of a different gadget in a different location.
- Some e-Wallets do not require users to set-up a secured PIN for any big transactions – e.g. more than RM100.
- If your bank account is linked to your e-wallet, there won’t be any SMS notification for bank transfers to your e-wallet.
Here’s how you can avoid falling victim to such scams:
- Don’t accept new friend requests on social media until you’ve verified with the person.
- Don’t forward any code you receive. Why does your friend need it when it was sent to YOU?
- Avoid linking your debit card/ bank account to an e-wallet. It is advisable to top up manually.
Grab has also notified users on how to protect yourself from phishing scams.