I’m a fiery and short tempered person in nature, and it doesn’t take much to anger me or annoy me. As of late, I’ve been receiving an email that I suspect a ‘phishing email’. For those who are not really familiar with the term ‘phishing’, phishing an act of sending an email to a user and falsely claiming to be an established legitimate enterprise or organization in an attempt to scam the user into surrendering private information that will be used for identity theft.
The email will usually directs the user to visit a website where they are asked to update personal information, such as passwords,credit card codes, id number, and bank account numbers that the legitimate organization already have in their database. The website, however, is bogus and set up only to steal the user’s information.
The recent email that irritates me to no end lately is an email claimed to be sent on the behalf of CIMB Bank, Malaysia. So, after receiving the same email a few times, I’ve decided to report it to CIMB Bank for further investigation. I’d like to share the phishing email with my dear readers as a forewarning. Do not fall for the email below.
Dear CIMB Bank customer,
We are hereby notifying you that we’ve recently suffered a DDos-Attack on one of our’s Internet Banking server. For security reasons you must complete the next steps to verify the integrity of your CIMBClicks account. If you fail to complete the verification in the next 24 hours your account will be suspended.
Here’s how to get started:
1. Log in to CIMBClicks online account (click here).
2. You must request for TAC online via CIMBClicks – your TAC will be sent via SMS to the mobile phone number you registered at the ATM.
( you can find the “request TAC” button in the left menu of your account )
3. Logout from your account and close the browser.
4. When you have received the TAC (Transaction Authorization Code) on your mobile phone, Log in to our secured verification server and submit the requested information(Account user ID, password and TAC).CLICK HERE to go on our secured server.
5. Please allow 48 hours for processing.
Please comply and thanks for understanding.
© 2008 CIMB Bank
Note: Please do not reply to this email.
This mailbox is not monitored and you will not receive a response.
I’ve forwarded the email to CIMB Bank for further investigation, and was pleased to note that I receive a reply that’s less than 24hours. Here I’d like to extend my gratitude to CIMB for their efficient PR service. (Which is so unlike the bloody McD. Til tis very second, I still haven’t get any feedback from them)
Below is the content of my short notice to CIMB Bank:
I’ve received this suspicious email. I don’t even have a CIMB account, how is it possible that your bank would request me to verify the integrity of my account? Please alert your clients about this phishing email. This is the third time I received the same email.
This is what CIMB Bank personnel, Ain, wrote to me, confirming that it’s indeed a phishing email. So I thought, I’d warn you guys about the phishing email. Don’t fall for it, okay?
Thank you for reporting to us on the matter.
We wish to inform you that the e-mail is NOT from us. This is a phishing email as the contents are absolutely not related to our bank, CIMB Bank Berhad.
Please to be informed that this message or email can be safely ignored and discarded
For further information this e-mail would be sent to thousands or maybe millions of users. Recipients are not necessarily being CIMB Customers. Fraudsters are merely holding on to lady luck to get responses from CIMB Bank customers. That is the reason most phishing emails carries a very generic greeting (example: Dear CIMB Bank Customer). Meaning there are probabilities a non CIMB customer will receive these sorts of emails.
Regards and have a pleasant day.
Cleffairy: Do take note that banks do not usually ask you to verify your pin number or password via emails or phone. So please do not fall for such tricks, for the consequences could be fatal.
PS: Dear readers, please feel free to copy/paste phishing email, apart from the one above and share it with the rest of us here. Feel free to share your ‘phishing’ experience here too, be it via emails or the ones via phone calls. 😀