5 ways to protect yourself from cyber fraud, and to conduct Internet Banking safely

Every 3 seconds, a cyber-fraud crime is committed, ranging from identity theft to phishing and hacking. It may be constantly evolving but the counter measures against cyber fraud are advancing as well.

Make sure you're in the right site

These are the ONLY URLs you should be accessing:
RHB Group Website - https://www.rhbgroup.com/index.html
RHB Now Internet Banking - https://logon.rhb.com.my

Make sure log in securely

Secret Word - Upon entering your Username, look for the right Secret Word that appears on the screen. Only then you should proceed further steps.

One-Time Password (OTP) - Never share your OTP when you receive it via SMS.

Don't ignore your device's auto update prompt

Be sure to regularly update your device, so that you can prevent hackers from taking advantage of software vulnerabilities.

Think before you click!

Never reply to emails or visit non-secured websites that ask you to verify your information or confirm your Username or Password.

If it's too good to be true, usually yes it is

"Free" software such as screen savers or smileys, and contests that you've surprisingly won are usually bundled with malware.


What you need to do to avoid malware and phishing

Malware or malicious software is one of the biggest threats on the internet. With so many different types around, you need to avoid falling victim to this form of cyber attack.

What is malware?

Think of malware as a hijacker – a malicious programme that takes over your browser, or worse, your computer or mobile device.

How to avoid it?
Install anti-virus/malware software
This is a must-have first step in keeping your device malware-free. And remember to keep them up to date, and run regular scans.

Think before you click!
Don't open an email attachment from a source that you are unfamiliar with. Run all downloaded files by your anti-virus/malware software before opening.

Only download apps from a legitimate app store
Read user reviews to confirm the app is safe. Check the privacy policy to make sure that your personal information is not shared.

What is phishing?

Phishing is a form of cyber fraud in which the attacker 'fishes' for information such as login credentials or account information.

How to avoid it?
Guard yourself against spam
Be cautious of emails that come from unrecognised senders, and ask you for personal or financial information.

Be careful of external links
Never go to your bank's website by clicking on links included in emails. Always type in the URL into your browser.

Enter your data in secure websites only
In order for a site to be safe, it must begin with https://, and your browser should show an icon of a closed lock.


6 safety tips to avoid Internet Banking fraud

Internet Banking fraud is an ever-present and increasing threat to both individuals and companies. Knowing fraudsters use sophisticated technology, it pays to stay well alert of the risks and knowing all the safety measures.

Make sure the website address is secure

The URL must begin with a https://, and your browser must show an icon of a closed padlock.

Always check your Secret Word

After entering your username, be sure to check that the Secret Word displayed on screen is the correct one.

Create a strong password

Avoid using common words or phrases, and never create a password that contains details from your name, initials, or date of birth.

Reconfirm transactions via One-Time Password (OTP)

Ensure that you receive your OTP via SMS. This security feature confirms that it is indeed you who is performing the transaction.

Always log out when you are done

This will lessen your chances of falling prey to session hijacking and cross-site scripting exploits.

Review your transaction records regularly

By monitoring your online transaction and transfer records, you can keep track of any discrepancies that may occur.


5 telltale phone scam signs and how to avoid them

Every year, thousands of people fall prey to phone scams. Know their latest tactics and telltale signs so you can protect your money and information effectively.

You've won! But only after you pay

You're notified that you've won a contest – but in order to receive your prize, you'll have to pay for delivery, processing, taxes, duties, or some other fee.

It sounds too good to be true

Congratulations, you've won first prize in a contest that you never entered. Or you're being offered a once-in-a-lifetime investment that guarantees a huge return.

“We'll need your credit card number”

Banks do not require these details unless you are using that specific method of payment.

Payment is via cash only

Fraudulent telemarketers often ask for a cash payment, rather than a cheque or credit card, because cash is untraceable and can't be cancelled.

A limited opportunity that you cannot miss

If you're pressured to make a big financial transaction
immediately, it's probably not legitimate.

How to avoid them

Hang up on suspected phone scammers.

Ignore suspicious SMSes.

Never disclose your:

  • Internet banking username and password
  • ATM pin
  • Full personal details unless you’re sure whom you are talking to


Know more about OTP fraud and how to avoid it

OTP Fraud is another form of cyber fraud. OTP (One Time Password) is the six-digit number sent to a bank account* owner's mobile phone to verify a transaction. OTP Fraud occurs when the victim receives an OTP that they did not request. The scammers will then call the bank account owner, claiming that the OTP is actually for them and that it had been wrongly sent to the victim due to a mistake while registering their mobile phone number. They will request the victim via SMS / Whatsapp / call to forward them the OTP number. Once they have it, the scammers will steal the victim's money through their own OTP.

How to protect against OTP fraud

OTP Fraud is a form of cyber frauds whereby the scammers attempt to perform a transaction.

OTP number will still be sent to the victim's mobile phone. The scammers will then call the victim, claiming that the OTP number was sent wrongly and ask the victims to read out the code to them. Once scammers obtained the OTP number then scammers stealing victim's money through their own OTP number.

How can you protect yourself?

If you receive such messages, ignore them.

Don't entertain calls or respond to SMS from unknown person asking for your information details.

Don't reveal your account information, login ID, password and OTP to a 3rd party. If in doubt, always call the official RHB Call Centre.

Change your online banking password immediately if you suspect it has been compromised to a 3rd party.

Safeguard your OTP Number at all times.

Never reveal the OTP/TAC number to a 3rd party, especially if you receive one that you didn't request for.

Always ensure the OTP/TAC that you receive matches your request while performing an RHB Now transaction.


You are about to enter a third party website and RHB Banking Group's privacy policy will cease to apply.

This link is provided for your convenience only, and shall not be considered or construed as an endorsement or verification of such linked website or its contents by RHB Banking Group.

RHB Banking Group also makes no warranties as to the status of this link or information contained in the website you are about to access.