Scam Alert : CIMB Customers Hit By Fake SMS Messages!

Scammers continue to target CIMB customers, using many different kinds of fake SMS messages.

Do NOT click or call if you receive any of these fake SMS messages!

And please warn your family and friends!


Scam Alert : CIMB Customers Hit By Fake SMS Messages!

Whether you are a CIMB Bank customer or not, you may receive one of these alarming SMS messages :

RM 0.00 CIMB: Confidential!

Dear CIMB users, your account will TERMINATED on 24/12/20. Verify via to keep on using CIMB Clicks services.

Please make verification within 24hours to avoid service interruption.

RM0 CIMB: Instant Transfer RM4998.78 to CHAY LEE FEN/HONG LEONG on 23-Dec-2020, 13:06:35. Call the no. at the back of your card for queries.

If you receive any of these SMS messages, please DO NOT click on the link, or call the number. JUST IGNORE THEM, or delete them.

RM0.00 CIMB: MYR 2968.00 was charged on your card num 4204 at Shopee.MY. If this is not your txn, call 1800-9767 now.

Cimb Your account is judged as high risk by the system, PLS re-verify your account.

Note : These scams do not just affect CIMB Bank. In fact, all banks are affected :


Why These CIMB SMS Messages Are Fake

Let us show you how to identify these fake CIMB SMS messages.

If you spot any of these warning signs, BACK OFF and DO NOT PROCEED!

Warning Sign #1 : Grammatical Mistakes

If you carefully read the first SMS messages above, you can easily spot numerous grammatical mistakes. A bank will never send such poorly worded messages to their customers.

However, they may copy the real SMS message from CIMB to trick you into thinking that this is a real transaction. Such fake SMS messages will have proper grammar.

Warning Sign #2 : Embedded Links

Banks will NEVER embed links (URLs) into the message. If you see embedded links, always think – SCAM SMS!

Unlike the Public Bank SMS scam, they used a copy of the real SMS message to trick you into clicking the URL in the first message.

Warning Sign #3 : Wrong Links

And always check the link – and are not the correct addresses for the CIMB Bank websites ( or

The best policy is to manually key in the bank website address. NEVER click on any link in an SMS, even if it looks legit.

When you see any website with .cc links, be wary because the .CC domains are registered in the Cocos (Keeling) Islands – an Australian territory of only 14 km², with only about 600 inhabitants.

Warning Sign #4 : No Personal Login Phrase / Picture

To avoid phishing attacks, banks now give you a secret response (like a picture or a phrase) to confirm that you are visiting their legitimate website.

If the website you are visiting gives you the wrong picture or secret phrase, you have been tricked into visiting a fake website designed to mimic the real bank website.

You should also remember that the bank website must show you secret picture or phrase right after you enter your login, but BEFORE you key in your password.

If you are asked to key in your password without the website displaying the secret phrase or picture, you have been tricked into visiting a fake website designed to mimic the real bank website.


CIMB Advice To Protect Against Fake SMS / Email Scams

Here is a list of DOs and DON’Ts to protect yourself against fake SMS / email scams.

Please DO follow these good practices

  1. Pay attention to your transaction alerts and check your account activities regularly. In case of any unusual activity, please contact us immediately.
  2. If you wish to contact us, ONLY call the number on the back of your card or refer to CIMB website “Contact Us” page.
  3. Always check the URL of the website that you are making purchases from. Ensure  the “lock” icon or “https” appears on the website’s address bar.
  4. Always find a reputable seller on online marketplaces by searching for reviews from other customers to know their experience.
  5. To access CIMB Clicks, type the entire URL as follows:
  6. Always remember to log out once you have completed your banking transactions.

Please DO NOT follow these bad practices

  1. Don’t panic and give personal information to fraudsters impersonating representatives of government agencies etc. even if they deploy fear tactics. Immediately call the number on the back of your card to verify with CIMB.
  2. Never apply for personal financing through unverified links or individuals promising a lower rate. CIMB does not impose any application charges for personal financing applications.
  3. Never take instructions from anyone to change the mobile number in CIMB records to any number other than your own mobile number.
  4. When transacting online, never continue with a purchase if you have any doubts if the seller is not genuine.
  5. Never share details such as your card number / User ID / PIN / password / TAC  with anyone or key them in in any website other than CIMB Clicks.
    (Note: CIMB will never ask for  your ‘User ID’, ‘Password’ or ‘TAC’ under any circumstances outside of CIMB Clicks).
  6. Do not click on links or open email attachments from unknown / unreliable senders / sources.
    (Note: Emails from CIMB will always end with such as


Recommended Reading

Go Back To > Cybersecurity | BusinessHome


Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Leave a ReplyCancel reply