Not-so Intelligent Bastards.

I received a very suspicious mail today from CIMB Bank regarding a change/upgrade in the security of their online website :

One thing I know is that banks do not send out emails asking you to change or input your passwords and et cetera.

If you look carefully at the image below, you would notice that the email address is not even a proper one from CIMB Clicks/Bank.

I showed this to my station neighbour/colleague a.k.a. Alan. (yes, I am writing this post whilst in office <:P ) We decided to take a look at the site to see how convincing it was just for the heck of it. First thing you would notice is that it looks very similar to the login page of CIMB Clicks.

Have a look at the address bar and you would notice immediately that site is a fraud.

1. The address on the bar does not point to the official URL which is obviously, CIMB Clicks.

2. Secondly, the site is not secured. When you enter websites that are secure you would notice a padlock icon either on the top right or bottm right of your browser window, depending on which browser you are using. I am using Google Chrome

Here's a sample of the real CIMB clicks website's login page on Google Chrome.

Anyways, let us proceed. I entered some crap ID and Password and this was what I got. (excuse my language) A hideous, early 90's colour choice and layout complete with highlights and spelling mistakes.

Notice also how they ask you not to log in within a period of time? That's because they want to make sure that you don't log in when they're about to drain your account of money =/ And really, I think they didn't bother about the design of the last page because hey, they already have what they need from you so no further effort is needed to make the site look....convincing.

So the lesson to be passed on here is,

1. Banks don't send emails. Even when they're gonna suspend your online account, you will not and never be warned. The only things that they do send are emailers letting you know of their latest promotions/etc. They're no-reply emails.

This is an example of a real emailer from CIMB.

I also got an email from 'Maybank' telling me to reactivate my online account and the email also contained a link to a totally suspicious website. But I knew during tha ttime that my online Maybank account was already suspended. Quite silly la.

2. Always check for the security icon when making online purchases or doing banking/money-related stuff on the internet to make sure that it is a genuine, secure website.

If you come across a similar email or website, you can always contact that particular bank either via phone or through their website or email.

I know for sure CIMB bank has a particular section you can go to to report about these phishing sites. It's best that you report on it so that others, liek your friends and family, maybe saved from having their accounts drained.

Anyway this post is just what I wanted to share with everyone. Hope it helps.


Alexa-Star a.k.a. Shaza said...

Bless you EVE!!!~ XD
I'd be an idiot if you didn't share this here!~
thanks baby gurl!~


Eve said...

:D thanks for reading

Shaz said...

It's informative Eve! Much appreciated~ :)

Ms. sceptic said...
This comment has been removed by the author.
Ms. sceptic said...


luckily i saw ur blog b4 any of this happens...huu

keep up!

btw, how do i follow ur blog?
cant seem to find the button/link