1) Similar to Maybank secure2u, you can use Mayban2u App on a registered device with or without SIM slot (non SIM tablet for example)
2) Yes, you need to carry two devices but why wouldn't you register the digital token on your day to day phone ?
3) Yes, it's more convenient than physical token but one downside though, Affin Secure only approve transactions above 10k and the threshold is fixed, you can't adjust the limit in settings. So, given enough time, hacker still can make multiple 10k transactions to steal all your money in the account via OTP/TAC/PAC. I hope Affin can enable adjustable limits in future update.

As an IT guy, my advise for commoner is

#1. Download App from playstore only, never download anything through link.
#2. When redirected to bank transfer page by 3rd party, always double check the URL, make sure its legit. Any IT guy with sufficient knowledge can easily clone the same interface to trick people.
#3. Remember your security phase and picture, always double check before login, these are the info that hacker cannot fake which only known by the bank.
#4. NEVER perform any confidential activity through FREE WIFI.
#5. This is my personal habit, deny all access request from the all application, until the moment u wanted to use it, thn it will pop the request again, and that moment u will knew whether the access request making sense anot. e.g. While using camera filter app, it will pop for camera access request, make sense, but if it's asking to access my contacts and SMS, thn that's fishy, why tf a camera app need to access them?

Pure text SMS alone cant do much thing, most likely the victim phone already infected by spyware early on, my guess is the SMS probably is just a trigger.

This post has been edited by ragk: Jun 16 2022, 10:35 AM

Possible the terrible thing can also happen to iPhone, if we didn’t jail break it?

Iphone is relatively safe for #1 and #5 mentioned above because Apple is strict on the application in their store, and doesn't allow external download source. But it's just relatively safe, so better safe thn sorry for #5.

As for #2 to #5, it apply to all phone.

Referring to the last paragraph, the whole fiasco is getting crazier. It is not just SMS/call, recently someone posted on facebook claiming that after answering those suspicious call, they tried to call the number on the back of their debit/credit card, it directed to the scammer, and when they tried with another phone, it goes to the legit call centre.

nothing to do with malicious apk files and all these bull la at this point in time. There are already statements made by those impacted that they did not install or have clicked on any linked in emails etc.

Banks have to investigate if police says this is not in their purview to investigate. If not it's up to BNM to find out what is the issue.

For now.. you do what you need to safeguard your hard earned money. If banks does not strike confidence from their investors is their problem that people would not put more cash in banks moving forward.

Steps I've taken to protect myself.
- Only have less than 5k at one time in bank.
- Keep more in EPF which requires more manual intervention.
- Limit bank footprint. Have only 1-2 banks.
- If possible have overseas bank if you're able.
- Keep some in cryptos. You are your own bank.
- Keep in physical assets. gold/silver.

Other possiblities:
- Joint account which requires 2 person to remove cash.
- Put money in investment platforms that uses more secure 2FA authentication like 30secs codes i.e google authentication type of platform.
- Secure your email with Yubikey as recovery and Remove your phone number from Gmail recovery procedure.

👍👍
Damned,... I Did not think about that before.
Thks for the tips

Yeap malicious app can do many thing as long their app has been granted the sufficient access, it depend on how creative they wanted to carry out the scam
And many legit app also tend to request access that's very fishy, like Gmail wanted access to microphone, not saying that Gmail is going to sabotage my phone, but it's just annoying all the random app wanted to access all ur information

Many case still related to malicious apk, at least from what I see from reported by the news, so it's still good to have those awareness
But I do believe some case is due to black sheep in the bank
Email is very good point too, since many of the account today linked to Gmail/Facebook login, its very jialat when ur mail/facebook account got compromise

This post has been edited by ragk: Jun 17 2022, 11:23 AM

https://m.facebook.com/story.php?story_fbid...id=323440711827
Millions of ringgit missing from 40 bank accounts holders. This time, malicious APP is not the culprit, it's insider job instead.

is this C**B bank?

for those that has no FB but want to know more about that read outs can try this....

Break your silence on millions lost by victims in ‘fraud’, MP tells bank
Dineskumar Ragu -June 26, 2022
https://www.freemalaysiatoday.com/category/...-mp-tells-bank/

TIL maybank does not support SMS OTP since March this year
is there any known cases for maybank after March ?

As per today news update,....
Probe on bank cheating case still ongoing, say cops.
Monday, 27 Jun 20226:06 PM

Investigations on a cheating case involving bank customers is still ongoing, say police.

"A report was lodged by the bank on Jan 31 over customers’ money being swindled by a bank manager in Selangor.
https://www.thestar.com.my/news/nation/2022...ngoing-say-cops

https://www.facebook.com/294025920750452/po...VdQBl/?sfnsn=mo
Dr also Jean scammed.

Just put money into KDI, and leave min amount inside the acocunt. Settle. No more scam.

This post has been edited by Ramjade: Aug 21 2022, 09:05 AM

i think the one of the most important prevention is ensure u don't install untrusted source app e.g. apk not downloaded from playstore etc.

As written in the news, the CIMB claimed that she clicked one link and then kena... if this claim is true, how about if we accidently click the link or advertisement that indirectly forward to another link?

https://m.facebook.com/story.php?story_fbid...823540&sfnsn=mo
Dr's open letter on her FB

Just to add on, even app on Google play store is not 100% safe
https://www.ghacks.net/2022/08/01/researche...gle-play-store/ kinda even worse now on google play since they remove viewing app permission before downloading app(said will reinstated but dunno when la) so u cannot use permission to vet out sus app.
Apple devices can be sideload app just by clicking link
https://arstechnica.com/information-technol...on-ios-devices/
so the best way i can think of is kept a secondary phone as banking authenticate which u install minimal or none other app use maybank secure2u, pbebank seucresign app etc. stay away for sms OTP infact this is what bank negara was pushing
There is someone that suggest using brokerage akaun which can only withdrawn to ur one bank acc but the downside is timelag for withdrawal

This post has been edited by akhito: Aug 21 2022, 09:21 AM

I am thinking now to buy an old Nokia dedicated for receiving TAC. Will this be workable? But some bank apps use a combination of secureapp and TAC depending on the type of transactions.

Can't hack a dumb phone right?