Bank Letter QR Code Scam : What You Need To Know!

Are scammers sending bank letters with a QR code that can steal your money?!

Take a look at the viral claim, and find out what the facts really are!


Claim : Bank Letter With QR Code Is A Scam!

People are sharing a photo of a letter from a bank, claiming that the QR code in the letter can steal your money if you scan it with your phone!

Circulating In WhatsApp : If you get a letter from the bank like this and ask to update the book using the QR CODE provided in the letter that was sent, don’t ever scan it, you will lose all your daily savings or old age savings, this is another scammer’s work and method take your money, please spread it to everyone so that siblings, relatives, neighbors & family members are not affected by this kind of scam…

Peng Seong, the one : ⛔️ Another Scam ‼️

Do NOT scan the QR code per the letter even with bank’s letterhead without verifying with the bank

Recommended : WhatsApp Block Button Scam : What You Need To Know!


Truth : Bank Letter With QR Code Is Not A Scam!

This is likely another example of FAKE NEWS circulating on WhatsApp and social media platforms, and here are reasons why…

Fact #1 : This Is Old Fake News

First, let me just point out that this photo is not new. It first went viral, with a voice message in August 2022, and has subsequently gone viral on and off over the last year or so.

Fact #2 : CIMB Letter Was Genuine

The letter, which was sent by CIMB, is genuine. CIMB even posted a reply to one viral tweet, that the letter was genuine:

FYI, this [letter] is genuinely from our bank. You can refer to the link below for more information: [link no longer available]

[U]ntuk makluman, ia adalah sah dari pihak kami. Anda boleh rujuk pautan di bawah bagi maklumat lanjut: [link no longer available]

Fact #3 : CIMB Letter Was Only Sent To Business Customers

The letter was not meant for consumers, and was only sent to CIMB business customers, to request that they update their company/organisation’s information.

Re: Update on your records to improve your banking experience

We refer to the above mattes and our letter dated 27/06/2022.

We note that you have vet to update your company/organisations information with us.

As part of the Bank’s ongoing process to know our customers better and provide a seamless banking experience, we would like to remind you to return the completed Customer Information Update form to us

This letter appears to be CIMB’s efforts to comply with KYC (Know Your Customer) requirements set out by regulators like Bank Negara Malaysia (BNM).

Recommended : Can StopNCII Remove All Nude / Deep Fake Photos?!

Fact #4 : QR Code Leads To CIMB Website

QR codes is a type of barcode, which allows people and companies to share / deliver information, that can include links. QR codes can lead you to malicious websites, but they cannot deliver malware, or hack your computer or smartphone.

The QR code in the CIMB bank letter isn’t malicious. It actually codes for a link to the CIMB website. You can verify it by simply scanning the QR code in that “CIMB scam letter”. You will see that it only leads to [which no longer exists]

Ultimately, this viral warning was likely created by well-meaning but clueless Internet “experts” who are apparently not tech-savvy enough to even verify the QR code by simply scanning it!

Fact #5 : Form Was To Be Emailed / Delivered

The CIMB letter asked its business customers to download and fill in a form. However, that form was not to be submitted online.

Rather, the letter specifically asked its business customers to email the completed form to a legitimate CIMB email address, or to physically mail or courier it to the bank itself.

Scan the QR Code below to download the form. Once you have completed the form, please submit by email to or mail/courier to the address below within 21 days from the date of this letter, failing which, the Bank reserves the right to suspend or close the account in accordance with the account terms and conditions.

In a real scam, you will be asked to taken to a fake CIMB bank website, and asked to logged into your bank account. That’s how the scammer gets hold of your bank login credentials.

However, even that scam won’t work without access to your TAC (Transaction Authorisation Code), which is sent to your phone by SMS, or authenticated through the bank’s mobile app.

For certain, scammers cannot log into your bank account by simply gaining your company’s information through a form, unless you actually include your company’s bank account login details!

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!


Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal :

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.


Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP


Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Leave a ReplyCancel reply