Need support?

Security Tips

Anyone can fall for a scam. It is not a reflection of your intelligence
but if you educate yourself to recognise what to look out for, you’ll be
less likely to fall for the traps. Read from our handy tips below to
learn the actions you can take to protect yourself and others.

Credit or debit cards/-i are easy to use - and easy to steal.
Here are a number of steps you can take to make sure your cards are safe.

Safeguard your credit card against fraud


  • Do not lend your credit card to anyone.
  • Do not carry your PIN together with your card or disclose it to anyone.
  • Place your signature on your credit card immediately once you have received it.
  • Cut your expired credit cards into two when you have received your new cards.
  • Immediately contact customer service if you have lost your card or it has been stolen.


Check your credit card transactions


  • Check all details on the transaction slip before signing or confirming the transaction.
  • Destroy all your duplicate transaction slips or the one that you don’t need.
  • Keep the transaction slips and verify them against your credit card statement when it arrives.
Enjoy the convenience of online banking but worried about the risks?
Learn what you can do to prevent online banking fraud as a sender/recipient.

Protect yourself when using internet banking services

Key in the Bank’s URL website directly into the web browser to ensure you are in the bank’s legitimate website.

Make sure the site address begins with “https”. Always look for a padlock symbol on the status bar of your browser. Before carrying out online banking transactions, always use a personal firewall and ensure that your computer/device’s anti-virus software is updated.

Do not share your usernames and passwords.

Do not verify or reveal your username, passwords or PIN via the hyperlink in an email or over the phone.

Do not access your bank account from unprotected PCs in public places such as internet cafes.

Also avoid using public access Wi-Fi when accessing your online banking account through your smartphone, laptop or other portable devices. Beware of people watching over your shoulders when you are accessing in public places.

Change your password or PIN regularly.

As a practice, use different passwords for different websites. Avoid using easy-to-guess passwords such as 12345, your birthday, etc and do not store your username, password, or PIN number in your computer or smartphone.

Reconcile your account(s)

Either online or by statements frequently and regularly.

Always log out from your online banking sessions

Do not leave your computer/smartphone unattended when logged in to your online banking account.

Find yourself qualifying for a credit/loan/financing you never applied for?
Take these steps to protect yourself from credit/loan/financing scams.

Modus Operandi

Scammers will disguise themselves as RHB agents or staff to mislead/con/deceive unsuspecting customers into applying for a Personal Financing with RHB and will subsequently request customers to transfer money into a personal account as a processing fee.

Scammers will also provide either a fake offer letter, fake cheque (purportedly issued by RHB) as proof of credit/loan/financing approval, or fake RHB business card in order to appear legitimate.
Tips to protect yourself from credit/loan/financing scams

RHB DOES NOT require customers to pay any “Processing Fees” for personal loan/financing applications.

DO NOT transfer your money into any unknown third party account even if requested by the agents/staff.

Document forgery


  • Document forgery is when someone FALSIFIES A DOCUMENT WHETHER IN WHOLE OR IN PART TO MAKE IT APPEAR GENUINE. It is a criminal offense if the acts were done with the intention to injure or defraud another person or company. In addition, any agreement or contract which is forged will be rendered null and void in Contract Law.
  •  An example of document forgery is when an individual provides a forged salary slip in a support of a credit/loan/financing application, and where his/her income in the salary slip is inconsistent with the salary credited as per the bank statement, or when the contribution is less than what it is shown in the EPF statement.


How to prevent credit application fraud


  • KEEP YOUR FINANCIAL RECORDS safe at all times and where applicable, SHRED the DOCUMENTS within the specified timeframe according to the law.
  • REMEMBER that financial institutions and banks DO NOT appoint or engage third parties or agents for the process of securing credit/loans/financing.
  • DO NOT TRUST any CREDIT/LOAN/FINANCING OFFER WITH TERMS ((i.e. low interest/profit rate, fast approval, no guarantor required) that are TOO GOOD TO BE TRUE.
  • As a practice, CALL THE BANK TO VERIFY once you have submitted your credit/loan/financing application and to enquire about the status.
ATMs offer an easy way to deposit or withdraw money but they have become targets for fraudsters.
Learn what you can do to prevent fraud. 

Protect yourself against deposit and ATM fraud

Have your debit card ready to go as you approach the ATM.


If you need to search through your purse or wallet, you’ll give criminals chances to catch you off guard.

Check the ATM for a card skimmer.

If the card reader slot feels loose or is of odd color scheme than the bank’s branding, or the keyboard doesn’t feel right (too thick, buttons don’t press easily, etc.), these are often signs that a skimmer is in place.

Use your body to “shield” the ATM keyboard as you enter your PIN.

If someone seems to be lingering behind you, walk away and come back later.

Do not count or visually display any money you received from the ATM.

After taking your money out of the ATM, immediately place the cash in your purse or wallet and count it later.

Always take your receipts or transaction records with you.

This will avoid any of your personal information from falling into the wrong hands.

Bring someone with you when using an ATM.

If you can’t find a buddy, use an ATM that is located in a public area like a mall. You’ll have the video surveillance from both the mall and the bank.

Be aware of your surroundings, particularly at night.

If you see suspicious activities, like a person waiting a few feet away, avoid using that machine and find another in a more public area.

Keep your personal identification number (PIN) just that - personal.

Never write it down or share it with anyone - not even family members. It’s also a good idea to update your PIN number once a year to keep it fresh.

At RHB, we are committed to your online peace of mind.
However, you also play an important role in safeguarding your devices and online information.

What is Malware?

Malware or malicious software is designed to gain access to your computer systems without your consent.
When installed, malware can steal your personal and financial information. Install anti-virus software and the latest security patch on the devices you use to access internet banking app to help prevent malicious threat.


Types of malware



Worms are spread via software vulnerabilities or phishing attacks. Once a worm has installed itself into your computer’s memory, it starts to infect the whole machine and in some cases, your whole network.


Viruses are typically attached to an executable file or a word document. Viruses need an already-infected active operating system or program to work.
Trojan Horse

Trojan Horse

Trojan Horse is a malicious program that disguises itself as a legitimate file. Because it looks trustworthy, users download it and it infects their devices once it is inside.


Bots are computers/devices that have been infected with malware. They can be controlled remotely by hackers.
Protect yourself against online security and malware threats

Do not use a jailbroken Apple® iPhone®, rooted Android™ phone or any other mobile devices that has been jailbroken or rooted.

These are techniques which remove important security features built into your device by the mobile operating system manufacturers.

Ensure your personal device and computer used for online banking are updated with the latest antivirus and firewall software.

Do not click on links from unknown senders that may be embedded with malwares and viruses.

Use different passwords for different website.
Learn how an APK file works.
Scammers are becoming increasingly advanced with their tactics. There is a new trick where scammers target android users to download Android Package Kit (APK) files in an attempt to get the customers’ bank details and make transactions. Watch this video to know more.

Remember, always be alert and protect yourself from being a scam victim.

A malware blocks access to the infected computer system/files through encryption.
A type of malware that restricts access. After restricting access, the malware operator then demands that the user pays a ransom to remove the access restriction.

Scenario of ransomware


While you were browsing a new website, you clicked on an advertisement banner. Unknowing to you, you had downloaded a malware to your computer. A few days later, you started noticing files having different extensions that could not be opened. Soon, you realised your computer was operating abnormally and your genuine files were no longer accessible. You were a potential victim of ransomware.


Modus Operandi

User clicks on an ad or receives a spam message with attachment(s) for download.

The link/downloaded attachment will launch the ransomware into your computer and encrypts your files.

A ransom message is displayed, stating the deadline and ransom amount to be paid.

Victims are required to make payment using specific payment; example, cryptocurrency.
Types of ransomware

Spam Emails

Clicking on malicious links or opening compromised email attachments.


Malicious advertisements embedded in websites.

Instant Messaging (IM)

Links in IM messages e.g. Whatsapp, Telegram, etc.

Drive-by Attack

Accidental/Unknown downloads from visiting a compromised website.

Protect yourself against ransomware

Do not use a jailbroken Apple® iPhone®, rooted Android™ phone or any other mobile devices that has been jailbroken or rooted.

These are techniques which remove important security features built into your device by the mobile operating system manufacturers.

Ensure your personal device and computer used for online banking are updated with the latest antivirus and firewall software.

Do not entertain unknown email requests and click on links that may be embedded with malware and viruses from unknown senders.

Use different passwords for different website.

Dos and Don’ts to prevent you from becoming a victim


For your personal banking credentials, always use a strong password. Use 8-16 alphanumeric characters. Do not use easily identifiable number sequences. For example, NRIC, date of birth or vehicle number as a PIN for ATM or credit cards, or as an online banking password.
To complete your transaction, always check your OTP messages and do not share the OTP with any third parties. Do not respond to requests for OTP passwords through phone, SMS, or social media channels.
Always key in the bank's URL or check to see if it is a genuine site with “padlock” icon. Do not download any links or APK files to your laptop and mobile.
Notify the bank in advance to update your latest contact details. e.g. corresponding address, mobile number and email address. Do not submit your loan/financing documents to loan/financing syndicates/third parties who guarantee approval in exchange for a fee.
Monitor your online banking transaction history and credit card statement regularly for suspicious transactions and immediately report to your bank if there is an unauthorised transaction. Do not send your personal and card information over any communication mediums e.g. emails, SMSs, WhatsApp etc.
How you can avoid being a victim
Always check your secret words ​

Always check your secret words ​

After entering your username, be sure that the Secret Word displayed on the screen is yours.
Reconfirm transaction via One Time Password (OTP)

Reconfirm transaction via One Time Password (OTP)

Make sure the Security Code displayed on your Confirmation Page matches the Security Code sent via SMS before entering your OTP.
Make sure the website address is secure

Make sure the website address is secure

The URL must begin with a https://, and your browser must show an icon of a closed padlock.
Create a strong password

Create a strong password

Avoid using common words or phrases, and never create a password that contains details from your name, initials, or date of birth.
Always locked out when you are done​

Always locked out when you are done​

This will lessen your chance of falling prey to session hijacking and cross-site scripting exploits.
Review your bank statement regularly

Review your bank statement regularly

By monitoring your saving/credit card statement you can keep track of any discrepancy that may occur.

Contact Us

Contact Us immediately if you believe your banking information is compromised
or there has been an unauthorised transaction on your account.