Threat Advisory

Alert on SMSSpy Campaign Targeting Banking Customers

Beware of Fraudulent Telephone Calls, E-mails or SMS Requesting Personal Banking Information

With an increasing number of cyber-attacks reported, Bank Negara Malaysia (BNM) have reminded everyone to be vigilant when doing transactions online and to be alert to the SMSSpy Campaign Targeting Banking Customers.

Protect Yourself from Being A Fraud Victim

In support of the BNM’s initiative and responding to MyCERT's notice to combat the cyber threat in e-banking, MPay would like to remind all users to be more careful while performing online transactions. Users are advised to:
Research the App
Study and understand the application before installation and only purchase or download from official and verified app stores.
Verify the App
Verify an app’s permission for its intended purposes e.g., an online banking app should not require access to camera, microphone, and SMS permissions.
Verify Provided URLs
Verify any provided URLs with the official organisations, institutions, or LEA websites as the URL may appear differently on mobile compared to the desktop.
Keep Only Apps You Need
It is advised to keep the number of installed applications to a minimum.
Avoid Opening Spam Emails
Avoid being infected by spam mails by not opening suspicious and irrelevant emails, including embedded links or attachments.
Avoid Sharing Mobile Phones
Avoid sharing mobile phones with anyone if possible and restrict any third-party access to the device.
Avoid Side Loading
Avoid installing from non-official sources if possible, and install third-party apps only from reputable sources outside of the official apps store.
Don't Click on Suspicious URLs
Do not click on adware or suspicious URL sent through SMS/messaging services.
No Rooting / Jailbreaking
Do not root or ‘jailbreak’ mobile phones without understanding the associated risks and threats.
Enable Pay Protect Service
Always enable Pay Protect Service for Android smartphone users.
Review App Permission Request
Review app permissions request before approving root access and updating your mobile operating system, apps, and firmware to protect against potential threats.