Malaysian Man Lost RM896 Just In Few Minutes After Replying Message To His Friend

Just scan and pay! Since the outbreak of Covid-19, people are advised to use Apps or eWallets while doing payments instead of paying cash to curb the spread of virus. However, there are also some security issues being highlighted lately and we should be aware of it.

Source: prebiu

Few days ago, a Malaysian netizen shared his bad experience on Facebook and went viral with over 3,000 shares. He lost almost RM1,000 in just a few minutes after receiving a message from his friend that asking for a code.

The original post:


It happened to me last night and I have lost almost RM1,000 in a few minutes via GrabPay.

The incident happened when one of my close friends re-created a new Instagram account and requested to follow me. He messaged me and asked for my phone number via Instagram message. Without any doubt, I gave him my phone number, knowing that he probably has lost my phone number.

He posted a few photos to his newly-created Instagram account so it does not look like a phishing account.

Source: swotbusiness

After that, he sent another message to me about GrabPay 8th year special campaign. He was telling me that I will send a message with a code to your phone and please let me know the code and I will see what you have won.

Grab Activation Code (GAC) was sent to my phone number. It was an activation code not TAC code. I gave the activation code to him without any doubt because I know that he is my friend. Also, I was thinking of this is just an activation code, it has nothing to do with my bank accounts.

The tricks started here. I saw RM425 was debited to my GrabPay account and I did not know that it was from my bank account which was linked to the GrabPay account. After a few minutes, I received a new notification from the GrabPay that RM425 was paid to UNIPIN (M) SDN BHD.

The scammer then messaged me again on Instagram. Another activation code was sent to your phone, please let me know the code. Then, I have received another notification from GrabPay that another RM425 was paid to UNIPIN (M) SDN BHD.

Source: carousell

When I was about to reply him a message, he blocked me up. That was the time that I know something fishy has happened. When I checked my Maybank2u, I have lost a total amount of RM896.30 from my bank account. The scammer has cleared all the money in my bank account and left RM60 balance to my GrabPay.

The scammer did a total of 5 transactions as you can see from my GrabPay activity picture below. 4 transactions were made directly via debit card which is linked to my GrabPay account and 1 transaction was made via Maybank2u. The scammer even managed to access my Maybank2u from the GrabPay account.

It happened to me in a blink of an eye where you were blinded by this scammer who cat fished your close friend to do this scam.

On top of that, let me highlight the flaws of the GrabPay App:

1) After you authorise your debit/credit cards and save them as your preference, Grab doesn’t need any OTP/CVV verification from the banks for future/subsequent transactions.

GAC will act as an authorization code to proceed with any transactions.

2) Grab does not notify the user via email for any first-time login attempts of different gadgets in different location.

Source: betterspider

3) Upon registering this app for the past few years, Grab did not put a clause for the users to mandatorily set up their GrabPay pin to secure your transactions from the GrabPay account to any other channels.

4) Your debit card that is linked to your GrabPay will not notify you via SMS for any debit transaction from the bank account to the GrabPay.

*The scammer just need the Grab Activation Code(s) and he can take all the money from your linked bank accounts on the Grab app.

Please be aware of this scam and help me to share this news.

Netizens’ responses:

Source: Facebook