If you’re a Touch ‘n Go eWallet (TNG eWallet) user, take note there’s a scam which attempts to steal your login details. Some users have reported to receive an SMS from “GOV” about a special cash aid that’s disbursed through your TNG eWallet.
As tweeted by @haaziq_mz and @xyes, the SMS reads “MySejahtera: Bantuan Khas Kewangan COVID-19 sebanyak RM800 telah kredit ke TNG eWallet anda. Sila semak baki dan tuntutan anda di XXXXX.”
MySejahtera has clarified that they do not offer any financial aid or payment to its users. It added that the SMS is fake and they are reporting it to the Malaysian Communications and Multimedia Commission (MCMC) for further action. All users are urged to ignore the message if they received it.
This is an obvious phishing attempt to fool users into providing their Touch ‘n Go eWallet login details and OTP. Not only the SMS tries to pretend to be a government official channel, the link directs to a page that imitates a Touch ‘n Go eWallet login page. After asking for your mobile number and 6-digit pin, the culprits behind the scam will then ask for your 6-digit OTP that’s sent to your mobile number. If they have your correct password and OTP, they will gain full control of your eWallet which allows them to take out your entire balance and possibly more if you have auto-reload enabled. This is quite an elaborate scam and it is best to let your friends and family members know about such tactics.
In February this year, a group of 20 teachers were reported to have suffered losses after their Touch ‘n Go eWallets were “hacked” to purchase Steam credits. It isn’t clear how their accounts got compromised but Touch ‘n Go has constantly sent out reminders to users to safe guard their 6-digit pin and not to use general and simple 6-digit codes such as 111111 or 123456.
Touch ‘n Go eWallet has a Money Back Guarantee by offering full compensation within 5 days if your eWallet is charged with unauthorised transaction or reloads. This Money Back Guarantee is offered to verified wallets and the report must be made within 60 days from the date of the unauthorised transaction.
Source: SoyaCincau