Beware of a new GrabPay scam that can quickly suck your debit cards and bank account dry!
Don’t link your debit card or bank account with GrabPay, and SHARE this warning with your family and friends!
GrabPay Scam Alert : Don’t Link Your Bank Account!
On 16 May 2020, Muhammad Syahir recounted how he was cheated of almost RM 900 through a GrayPay scam. Here is a brief summary of what happened :
- The scammer created a new Instagram account, pretending to be the victim’s friend.
- He messaged the victim asking for his phone number.
- After receiving the victim’s phone number, he messaged him through Instagram to tell him about the GrabPay 8th Anniversary Campaign.
- The victim was asked to look out for a GrabPay code, which would reveal what he won.
- After sending the GrabPay code (not a TAC code) to the scammer, the victim saw RM 425 being debited into his GrabPay account. Unbeknownst to him, that money was from his own bank account!
- A few minutes later, the victim received a notification that the RM 425 was paid to UNIPIN (M) SDN. BHD.
- The scammer messaged him again on Instagram, asking for a second code that was sent to the victim.
- The victim then received another notification from GrabPay stating that another RM 425 was paid to UNIPIN (M) SDN. BHD.
- After that, the scammer blocked the victim on Instagram. That was when the victim got suspicious.
- When the victim checked his bank account, he discovered that he lost RM 896.30 to the scammer.
- In total, the scammer made 5 withdrawals through GrabPay – four from his debit card, and one from his bank account.
Another person – Patrick Saw – also fell for the same GrabPay scam, losing RM 405.
GrabPay Scam Alert : GrabPay Flaws?
Muhammad Syahir highlighted what he felt were major flaws with GrabPay :
- GrabPay allows credit / debit card transactions without CVV verification or OTP from the bank.
- GrabPay will not notify you about any first-time login attempt of a different gadget in a different location.
- GrabPay does not require users to set-up a secured PIN for any big transactions – e.g. more than RM100.
- If your bank account is linked to your GrabPay e-wallet, there won’t be any SMS notification for bank transfers to your e-wallet.
According to his experience, the scammer only needed to use the Grab Activation Code to withdraw money from all bank accounts / debit cards linked to your GrabPay app.
GrabPay Scam Alert : How To Avoid It?
To avoid falling prey to such a scam, here is what you should do :
- NEVER accept a friendship request from a new social media account, until you have verified with your friend (through a phone call or face-to-face) that he/she created that new account.
- NEVER send any code you receive to anyone. Even if it is a friend, why does he/she need the code that was sent to YOU?
- Businesses will never give away free money for anniversaries. Don’t fall for such an old trick!
- NEVER link your debit card or bank account to an e-wallet. Only link a credit card, because they are insured and protected against fraud. If you get scammed, you can call the bank to ask for a refund.
GrabPay Scam Alert : Original Post + Police Report
Here was what Muhammad Syahir posted earlier, together with his police report :
SCAM ALERT VIA GRAB PAY!
It happened to me last night and I have lost almost RM1K in a few minutes via Grab Pay.
The incident happened when one of my close friends re-created a new Instagram account and requested to follow me. He messaged me and asked for my phone number via Instagram message. Without any doubt, I gave him my phone number, knowing that he probably has lost my phone number.
He posted a few photos to his newly-created Instagram account so it does not look like a phishing account.
After that, he sent another message to me about GrabPay 8th year special campaign. He was telling me that I will send a message with a code to your phone and please let me know the code and I will see what you have won.
Grab Activation Code was sent to my phone number. It was an activation code not TAC code. I gave the activation code to him without any doubt because I know that he is my friend. Also, I was thinking of this is just an activation code, it has nothing to do with my bank accounts.
The tricks started here. I saw RM425 was debited to my GrabPay account and I did not know that it was from my bank account which was linked to the GrabPay account. After a few minutes, I received a new notification from the GrabPay that RM425 was paid to UNIPIN (M) SDN BHD.
The scammer then messaged me again on Instagram. Another activation code was sent to your phone, please let me know the code. Then, I have received another notification from GrabPay that another RM425 was paid to UNIPIN (M) SDN BHD.
When I was about to reply him a message, he blocked me up. That was the time that I know something fishy has happened. When I checked my Maybank2u, I have lost a total amount of RM896.30 from my bank account. The scammer has cleared all the money in my bank account and left RM60 balance to my GrabPay.
The scammer did a total of 5 transactions as you can see from my GrabPay activity picture below. 4 transactions were made directly via debit card which is linked to my GrabPay account and 1 transaction was made via Maybank2u. The scammer even managed to access my Maybank2u account from the GrabPay account.
It happened to me in a blink of an eye where you were blinded by this scammer who cat fished your close friend to do this scam.
On top of that, let me highlight the flaws of the GrabPay app:
1) Grab allows credit/debit card transaction without the bank’s authorization OTP and also the CVV verification.
2) Grab does not notify the user via email for any first-time login attempts of different gadgets in different location.
3) Upon registering this app for the past few years, Grab did not put a clause for the users to mandatorily set up their secured pin for any big transactions that are more than RM100.
4) Your bank account that is linked to your GrabPay will not notify you via sms for any debit transaction from the bank to the GrabPay.
*The scammer just need the Grab Activation Code and he can take all the money from your linked bank accounts on the Grab app. Such a flaw app!
Please be aware of this scam and help me to share this news. I have also tag a person who has faced the same case last week. You may also check on his Facebook profile. Patrick Saw has lost RM405 from the scammer who has approached him the same way as mine.
- Fact Check : Tasuku Honjo Bets Nobel Prize On China Creating COVID-19
- Fact Check : Prolonged Use of Face Mask Causes Hypoxia!
- Fake CARES Act YouTube Video Perpetuates COVID-19 Hoax
- Fact Check : CARES Act (HR 748) Proves COVID-19 Plot!
- Fact Check : Tasuku Honjo Confident USA Created COVID-19!
- Fact Check : Kim Yo Jong Confirms Kim Jong Un Is Dead
- Mark Zuckerberg Fact Check : My Wife China And Not Pretty
- Fact Check : Fox News Hot Mic Leaks COVID-19 Hoax + Vaccine
- Ji Shan Foundation : New Charity Scam Exposed!
- Fact Check : Chinese Not Allowed In Australian Supermarkets
- Fact Check : Empty Hospitals Prove COVID-19 Is Fake?
- Fact Check : Funeral Home Accidentally Cremated Employee!
- Hydroxychloroquine Risk : Death From Cardiac Arrest!
- How Malaysia Manages PPE Supply To Combat COVID-19
- How Social Contact Spreads COVID-19 + Creates Clusters!
- Fact Check : McDonald’s Malaysia Voucher Giveaway!
- Fact Check : Thai King Death From COVID-19
- Face Mask vs COVID-19 : Should You Wear One?
- DIY Face Shield : An Easy Way To Make / Mass Produce!
- Is COVID-19 An Airborne Virus? Here Are The Facts!
- Can COVID-19 Spread Through Fruits & Vegetables?
- COVID-19 Food Safety : Fruits, Vegetables, Takeouts
- Chloroquine Poisoning : Do NOT Use It To Prevent COVID-19!
- Did The Chinese Use Tea To Cure COVID-19 In Wuhan?
- Cyber Crime WhatsApp Warning Hoax Debunked!
- Bitcoin Revolution : Fake Celebrity Endorsements Exposed!
- COVID-19 Email Scams + Malware Are Spreading!
- Hand Sanitiser Alcohol Catching Fire : Hoax Debunked!
- COVID-19 Coronavirus : Why Snakes Are Not Hosts!
- Chloroquine Was NOT Approved By FDA To Treat COVID-19!
- MYEG COVID-19 Rapid Test Kits Are Genuine, But…
- COVID-19 Rapid Tests : What You Need To Know!
- MYEG vs KKM : Our COVID-19 Rapid Test Kits Are Real!
- COVID-19 Coronavirus Gargling Hoax Debunked!
- Soap vs Sanitiser : Which Works Better Against COVID-19?
- Surgical Mask : How To CORRECTLY Wear + Remove!
- The Double-Sided Surgical Mask Hoax Debunked!
- American Origin Of H1N1 Pandemic Hoax Debunked!
- COVID-19 Coronavirus Symptoms Revealed In JAMA Study!
- COVID-19 : Protect With Surgical Mask + Eyewear!
- H1N1 Pandemic : The Great American Cover-Up Debunked!
- Hand Sanitiser vs Soap : Which Should YOU Use?
- Why Snakes Are Not Source Of Wuhan Coronavirus!
- Rasam Antidote For Wuhan | Nipah | SARS Viruses Debunked!
- How Did Iran Shoot Down UIA Flight PS752 By Mistake?
Go Back To > Cybersecurity | Software | Home