What is a Phishing/Vishing/ Smishing Scam


A modus operandi where the fraudster will steal the victim’s private credentials through phone, SMS or email. There are 3 common tactics used.

What is a Phishing Scam


Email phishing uses the same method as SMS where the fraudsters send links to the victims while impersonating legitimate entities. However, these links are sent via emails and will be sent out to as many email addresses as possible.


By clicking on the link given through the email, you are led to a malicious website to fill in your private information, and/or your phone/computer will be exposed to malware and viruses that the fraudster can use to gain your personal banking credential.


How to spot a Phishing Scam

Emails that encourage you to click on the website links contain poor English and grammatical errors.

Emails that include instructions to reply, or verify your account – like completing a form attached.

Emails that rush you to take urgent actions with threats to close down your account.

Emails that ask you to provide your personal banking credential.


How you can prevent a Phishing Scam

Do not click


Do not click on links or open any attachments received from unknown parties.

Study the email


Always read the email to identify grammatical or spelling errors and if suspicious, call your bank to verify if the email originates from them.


Scenario of a Phishing Scam

You received an email that looked like from your bank claiming your account had been frozen and required you to key in your details by clicking on the link provided in the email.

Watch this video in Malay, Chinese

What is a Vishing Scam


Phone call phishing, also known as vishing, happens when the fraudsters call the victims and trick the victims into divulging their personal information by impersonating as authorities or experts, and claiming they are trying to help the victims.


How to spot a Vishing Scam

You are told to press a number on your keypad to speak to a customer service representative who is actually another fraudster.

They rush you into taking actions (so that you will panic) by claiming you are in a tight position.

They will persuade you to transfer your money into a “safe account” with an unknown beneficiary to “assist” with the ongoing investigation and to safeguard your money.

They ask you to give your personal and financial information.


How you can prevent a Vishing Scam

Be wary


Be aware that no authorities or banks will ever ask you to provide your full debit/credit card details, online banking credentials or ID number etc.

Check authenticity


When in doubt, contact your bank or the organisation to verify the call.

Take correct actions


Decline call from unknown numbers at all times and inform your bank if you have divulged your information.


Scenario of a Vishing Scam

C received a call from someone claiming from Bank XY and told C there was a $10,000 purchase made in Country J using C’s credit card. C denied the purchases but the person informed C that the payment was already approved. Panicking from the information received, C was transferred to the manager of Bank XY who told C they would try to help C recover the money.


To confirm C’s identity, C was asked to read the details of his credit card including the CVV number and was instructed to transfer all the money from his savings account into a ‘safe account’ under Bank XY. They informed C that it was for a short period and the money would later be ‘transferred’ back into C’s savings account. C was also told to not tell anyone about the incident for at least 3 days.


However, after 3 days, no information was received and the money had not been transferred back. C had fallen victim to a phone call scam.

What is a Smishing Scam


SMS phishing, also known as smishing, is when you receive a text message claiming to be from a legitimate company or bank insisting you click on the link in the text that will lead you to a malicious website for you to provide your personal credentials or call the number given. Through this, the fraudsters will be able to obtain all of your personal information.



Even if you do not divulge your details after you click on the link provided, there are high chances you have been exposed to a malware or malicious software, which will install itself into your phone and trick you into entering your personal information and sending this data to the fraudsters.

How to spot a Smishing Scam

SMS are often sent from unknown mobile numbers with embedded links.

SMS requesting to verify a transaction.

SMS trying to look genuine by copying the message format sent from a bank with the addition of an embedded link.


How you can prevent a Smishing Scam

Be wary


RHB will never send you a website link that redirects you to a banking login page.

Call the bank


Contact the bank using the phone number you know is genuine or visit their website to check for authenticity.

Check authenticity


The bank also does not send you transaction notifications or authentication SMSes embedded with links.


Scenario of a Smishing Scam

You received an SMS claiming that a purchase had been made from your credit card. Immediately you called the bank phone number that was given in the SMS.


You were then asked for your personal credentials and were suggested to transfer all your money to a “safe account” while they conduct their investigation.


They informed you that the money would be transferred back into your account after everything was completed. They also asked you to not inform anyone and to not check your account for the next few days due to the ongoing investigation.

Watch this video in Malay, Chinese

Contact Us


Contact Us immediately if you believe your banking information is compromised or there has been an unauthorised transaction on your account.

Need Support?