What if you received the TAC in a separate phone,  but revealed it to the scammer?

Never reveal your OTP/TAC to any third party even if the party requesting for such information claims to be from a financial institution, Bank Negara Malaysia or other government agencies.
https://www.rhbgroup.com/others/fraud-aware...ment%20agencies.

nothing to do with malicious apk files and all these bull la at this point in time. There are already statements made by those impacted that they did not install or have clicked on any linked in emails etc.

Banks have to investigate if police says this is not in their purview to investigate. If not it's up to BNM to find out what is the issue.

For now.. you do what you need to safeguard your hard earned money. If banks does not strike confidence from their investors is their problem that people would not put more cash in banks moving forward.

Steps I've taken to protect myself.
- Only have less than 5k at one time in bank.
- Keep more in EPF which requires more manual intervention.
- Limit bank footprint. Have only 1-2 banks.
- If possible have overseas bank if you're able.
- Keep some in cryptos. You are your own bank.
- Keep in physical assets. gold/silver.

Other possiblities:
- Joint account which requires 2 person to remove cash.
- Put money in investment platforms that uses more secure 2FA authentication like 30secs codes i.e google authentication type of platform.
- Secure your email with Yubikey as recovery and Remove your phone number from Gmail recovery procedure.

I think a lot of the cases is not user revealed to scammers, but totally no TAC. This could be phone hacked, SMS redirected after they receive the OTP and delete it by thealware, so user not aware. Once redirected, they can do whatever they want.

🤔🤔Then it is the problem of the "smartphone"  as it allowed downloads of apps that may hv hacking virus...
Not so much of the dumb phone problem...  Thus have the extra dump phone just to receives TAC (as you suggested earlier) may not helps much.

1. Use Truecaller to identify and filter out known scammers.

2. On primary phone, u can install the usual social media and messaging apps but no banking related apps.

3. On secondary phone, use a different number solely for data but block all incoming and outgoing calls. U then install all banking related apps like normal. Link TAC number with dumb phone below. No social media or messaging apps here.

3. On spare dumb phone, use a new number solely for receiving TAC and block in incoming and outgoing calls.

For my case, I'm using the A72 as primary phone with everything loaded. For secondary phone, I opt for OnePlus 7 solely for banking related apps. Has a separate number and cannot receive or make calls. All blocked on the phone itself. And finally, an old Nokia 106 solely for receiving TAC and cannot make or receive calls too. Plus, it is small enough to be in the pocket most of the time. Only need recharging every 2 weeks.

As for the monthly cost, it is RM 38 (U Mobile) for primary phone, RM 28 (DiGi) for secondary and finally RM 3 (Yoodo) for SMS.

Simple security tips.

1. Use Truecaller to identify and filter out known scammers.

2. On primary phone, u can install the usual social media and messaging apps but no banking related apps.

3. On secondary phone, use a different number solely for data but block all incoming and outgoing calls. U then install all banking related apps like normal. Link TAC number with dumb phone below. No social media or messaging apps here.

3. On spare dumb phone, use a new number solely for receiving TAC and block in incoming and outgoing calls.

For my case, I'm using the A72 as primary phone with everything loaded. For secondary phone, I opt for OnePlus 7 solely for banking related apps. Has a separate number and cannot receive or make calls. All blocked on the phone itself. And finally, an old Nokia 106 solely for receiving TAC and cannot make or receive calls too. Plus, it is small enough to be in the pocket most of the time. Only need recharging every 2 weeks.

As for the monthly cost, it is RM 38 (U Mobile) for primary phone, RM 28 (DiGi) for secondary and finally RM 3 (Yoodo) for SMS.

Simple security tips.

I think I have just received a CIMB fake link by scammer!!

I Certainly don't have any account application in progress!

BNM is losing its reputation with all these cases

Let me guess, it's from the 63001 number? 

No. From 61750. This number was recently used by DHL to sent me some info on my package recently.

That's the number I just got it from. Might be legit since the url is the same as what cimb uses but I still wouldn't click on it. It might just be a mistake since our local retards banks tend to make a bunch of stupid mistakes like that. Hong Leong did a system wide nonsensical test message the other day via their app and then said sorry later.