Maybank fake website scams the key different is a and ɑ
Published in Guang Ming Daily on 18 April 2021
In fact, one of the two URLs “maybank2u.com” and “maybɑnk2u.com” is a fake URL created by a scammer, but can you see the different?
Maybank said that today’s fraudulent methods have become more sophisticated and urge people not to click on any links provided in newsletters, emails, or social media messages.
Maybank’s Facebook post pointed out that the two URLs “maybank2u.com” and “maybɑnk2u.com” are the letters “a” and “ɑ” respectively.
Maybɑnk2u.com said that “maybɑnk2u.com” is a scammer using the special letter “ɑ” to create a similar website or link to attract people to click on it.
The bank also pointed out that the “ɑ” in the fake URL is actually a Cyrillic alphabet.
Maybank also urges customers to log in to Maybank2u account, they must manually enter maybank2u.com.my, and avoid clicking on the link provided in any message.
If you accidentally click on any link and disclose your login information, please contact the bank immediately at 03-58914744.
Maybank假網址詐騙 關鍵在a和ɑ
刊登于光明日报 日期2021年4月26日
maybank2u.com” 和 “maybɑnk2u.com” 這兩個網址,實際上有一個是詐騙人士制造的假網址,但你看得出端倪嗎?
馬來亞銀行(Maybank)表示,如今的詐騙手段已經越來越高明,對此促請民眾切勿點擊任何的簡訊、電郵、或社交媒體訊息中所提供的鏈接。
馬來亞銀行臉書發文指出,“maybank2u.com”和“maybɑnk2u.com”這兩個網址,其分別在於字母“a”和“ɑ”。
馬來亞銀行說,“maybɑnk2u.com”是詐騙人士利用特別的字母“ɑ”,來制造一個相似的網址或鏈接,以吸引民眾點入。
該銀行也指出,假網址中的“ɑ” 其實是西里爾字母(Cyrillic alphabet)。
馬來亞銀行也促請客戶要登入Maybank2u賬號時,必須要手動打入maybank2u.com.my,並避免點擊任何訊息中所提供的鏈接。
如果不小心點擊了任何的鏈接,並洩露了自己的登入資料,請立即撥打03-58914744聯系該銀行。
$62,000 lost in fake Singtel e-mail phishing scams, 22 police reports lodged
PUBLISHED at The Straits Times dated FEB 17, 2021
People who clicked on the URL link were directed to a fake Singtel webpage which asked for their bank information and One-Time Passwords.
Scammers using fake e-mails purportedly from Singtel netted at least $62,000 earlier this week.
Victims of the phishing fraudsters received e-mails claiming to be from the telco saying they had won a cash prize or were eligible to claim cashback or a gift.
People who clicked on the URL link were directed to a fake Singtel webpage which asked for their bank information and one-time passwords (OTPs) in order to claim the prize, cashback or gift.
The victims – at least 22 police reports had been lodged on Monday (Feb 15) and Tuesday – realised that they had been scammed only after they spotted unauthorised transactions in their bank accounts.
These are three of the URLs impersonating Singtel’s website:
1. sgsingtel.net/sin/cc1.php
2. sgsingtel.net/cgi-sys/suspendedpage.cgi
3. sgsingtel.net/sing
The police noted that scams like this involving companies other than banks have been on the rise.
“The number of non-banking related phishing scams increased by 1,214 per cent to 644 in 2020, from 49 in 2019. The total amount cheated increased to at least $981,000 in 2020, from at least $72,000 in 2019,” they said.
There are tried and true safeguard against such scams:
– Be wary of URL links provided in unsolicited adverts and text messages, especially those related to deals that seem too good to be true;
– Always verify the authenticity of the information with the official website or sources;
– Never disclose your personal or Internet banking details and OTP to anyone; and
– Report any fraudulent transaction involving your e-payment accounts to the e-payment service provider immediately.
Anyone with information related to these scams can call the police hotline at 1800-255-0000, or go to the Singapore Police Force’s website.
There is more information on scams at the Scam Alert website or call the Anti-Scam hotline at 1800-722-6688.
假新电信网站骗钱 警吁民众小心
联合早报发布于 2021年2月17日
有假的新电信网站骗钱,警方呼吁民众小心。
新加坡警察部队今晚(2月17日)发布文告说,受害者收到假冒新电信公司所发出的电邮,称他们赢得现金奖或是有资格领取现金回赠或礼品。受害者需要点击电邮里的链接,到假的新电信网页提供银行资料和一次性密码。受害者过后发现他们的银行账户有未经授权的交易。
三个冒充新电信的网站链接是:
- http://sgsingtel.net/sin/cc1.phphttps://sgsingtel.net/cgi-sys/suspendedpage.cgihttps://sgsingtel.net/sing
警方也指出,非银行相关的网络“钓鱼”(phishing)诈骗案从2019年的49起,激增1214%至2020年的644起。被骗金额也从前年的至少7万2000元,增至去年的至少98万1000元。
Porn website Ransom email
I received below email from info@pussr.ru, I believe is a scam, please take note.
You don’t know me and you’re thinking why you received this e mail, right?
Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.
What exactly did I do?
I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).
What should you do?
Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).
BTC Address: 1DbNfCLvwuHAfn3L9SccEpooBgc2KASpxN
(It is cAsE sensitive, so copy and paste it)
Important:
You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.
色情网站赎金电子邮件
我收到以下来自 info@pussr.ru 的电子邮件,我认为这是一个骗局,请注意。
你不认识我,你在想为什么你会收到这封电子邮件,对吧?
好吧,我实际上在色情网站上放置了一个恶意软件,你猜怎么着,你访问这个网站是为了玩得开心(你知道我的意思)。当您观看视频时,您的网络浏览器充当 RDP(远程桌面)和键盘记录器,让我可以访问您的显示屏和网络摄像头。在那之后,我的软件从您的 Messenger、Facebook 帐户和电子邮件帐户中收集了您的所有联系人。
我到底做了什么?
我做了一个分屏视频。第一部分录制了您正在观看的视频(您的品味很好哈哈),下一部分录制了您的网络摄像头(是的!是您在做讨厌的事情!)。
你该怎么办?
好吧,我相信,对于我们的小秘密来说,1400 美元是一个合理的价格。您将通过比特币向以下地址付款(如果您不知道,请在 Google 中搜索“如何购买比特币”)。
比特币地址:1DbNfCLvwuHAfn3L9SccEpooBgc2KASPxN
(它是区分大小写的,所以复制并粘贴它)
重要的:
您有 24 小时的时间付款。 (我在这封电子邮件中有一个独特的像素,现在我知道你已经阅读了这封电子邮件)。如果我没有收到付款,我会将您的视频发送给您的所有联系人,包括亲戚、同事等。尽管如此,如果我得到报酬,我会立即删除视频。如果您需要证据,请回答“是的!”我会把你的视频发给你的 5 个朋友。这是一个不可协商的报价,所以不要浪费我和你的时间回复这封电子邮件。
Fake Pizza Hut website steals bank information
Translate from 8world on November 29, 2020 20:14
New scam tactics appeared on the Internet. Scammers pretense to sell cheap pizzas, fished the victim’s bank information and password, and then stole their deposits.
The police issued a statement saying that scammers posted fake advertisements selling cheap pizza on social networking sites Facebook or Instagram, attracting victims to click on the fake website link of the fake pizza chain Pizza Hut in the advertisement, tricking them into placing the order, and then fishing the victim’s bank Information and one-time password. After the victim found out that the deposits in the bank account had been illegally transferred, he was deceived.
The police remind the public to beware of providing links to websites that are too “good”, and at the same time log on to the official website to verify the facts, and not to disclose personal or bank information and one-time passwords.
新诈骗伎俩!假必胜客网站盗银行信息
2020年11月29日 20:14 八视界发布
网上又出现新诈骗伎俩,骗徒假借售卖廉价比萨,钓取受害人银行资料和密码,然后窃取存款。
警方发表文告说,骗徒在社交网站Facebook或Instagram刊登售卖便宜比萨的假广告,吸引受害人点击广告上假冒比萨连锁店必胜客Pizza Hut的假网站链接,诱骗他们下单,然后钓取受害人的银行资料和一次性密码。
等到受害人过后发现银行户头内的存款被非法转移,才发现受骗。
警方提醒公众,提防提供太过“好康”的网站链接,同时应登录官方网站查证事实,以及不可透露个人或银行资料和一次性密码。
Fake police site phishing for confidential information claims victim’s Web browser ‘blocked’
Published by The Straits Times dated 28 Jan 2020
The Singapore Police Force has warned the public of a fake police website that tries to trick people into giving up confidential information by claiming that their Web browsers have been “blocked”.
This is the latest version of similar scams that have cropped up in recent years.
In a statement on Tuesday (Jan 28), the police said that scammers are using a Web browser’s full-screen mode to show a victim a Windows 10 desktop image displaying the fake Singapore Police Force website. The image fills up the whole screen of a victim’s computer.
The fake site alleges that the victim’s Web browser has been “blocked due to (the) viewing and dissemination of materials forbidden by (the) law of Singapore”, namely pornographic material.
The victim may also be led into thinking that his computer has been locked because the scam display, being mostly an image, does not allow him to click on the “Start” menu, or close and open applications.
The fake site goes on to inform the victim that his Web browser will be unlocked after paying a $1,000 fine through a credit card. He is also told that the fine must be paid within six hours. If he does not comply, the site says bogus criminal proceedings will be initiated against him.
The victim is asked to enter his credit card details – such as the card number, his name, card expiry date, and card verification value (CVV) – on the fake site to purportedly pay the fine.
The police said that such websites are actually phishing sites in disguise that are designed to extract a victim’s personal information and banking details. This could lead to monetary losses as scammers would use these details to make unauthorised purchases and transactions.
The police added that they do not have access to lock a person’s desktop computer, and clarified that the official Singapore Police Force website address is www.police.gov.sg.
If a person encounters the latest fake police website, the police advised that he should press his computer’s Alt+Tab keys to see if it is possible for him to return back to his normal desktop display.
The victim can also try pressing the Ctrl+Alt+Delete keys to open the computer’s task manager to end any Web browser processes.
He should also refrain from giving out his personal information and bank details, such as Internet bank account user name and password, as well as one-time password codes from tokens. Such information is useful to criminals.
This is the latest variation on the fake police website scam. In November last year, the police warned of a fake Singapore Police Force website that resurfaced, and that they have been issuing advisories on the matter as far back as 2017.
For the November fake website alert, the police said then that a victim got a call from someone claiming to be from the police.
The person alleged the victim was involved in illegal activities and the call was transferred to someone claiming to be a law enforcement officer in China, who then directed her to a website resembling the Singapore Police Force website.
The victim was then instructed to key in her bank account details, password and one-time password.
After that, the victim realised money had been transferred from her bank account without her consent.
For those in doubt or have information related to the latest fake police website scam or similar crimes, they can call the police hotline on 1800-255-0000, or visit www.police.gov.sg/iwitness.
People that need urgent police assistance can call 999.
To get scam-related advice, the public can call the anti-scam helpline on 1800-722-6688 or visit www.scamalert.sg.
Members of the public can also join the “Let’s fight scams” campaign at www.scamalert.sg/fight by signing up to receive up-to-date messages and share them with their family and friends.
伪造警察网站欺骗受害者的网络浏览器“封锁”
刊登于海峡时报 二零二零年一月二十八日
新加坡警察部队已经警告公众有一个虚假的警察网站,该网站声称他们的网络浏览器已被“封锁”,试图诱使人们放弃机密信息。
这是近年来出现的类似骗局的最新版本。
警方在星期二(1月28日)的声明中说,诈骗者正在使用网络浏览器的全屏模式向受害者显示Windows 10桌面图像,其中显示了伪造的新加坡警察部队网站。图像填满了受害者计算机的整个屏幕。
该假网站声称受害人的网络浏览器已“由于查看和传播新加坡法律所禁止的材料而被封锁”,即色情材料。
受害者可能还被认为是他的计算机已被锁定,因为该骗局显示(主要是图像)不允许他单击“开始”菜单或关闭并打开应用程序。
假网站继续告知受害者,他的网络浏览器将在通过信用卡支付1000美元的罚款后被解锁。他还被告知必须在六个小时内缴纳罚款。如果他不遵守规定,该网站称将对他提起虚假刑事诉讼。
要求受害者在虚假网站上输入其信用卡详细信息(例如卡号,姓名,卡到期日期和卡验证值(CVV))以据称支付罚款。
警方说,此类网站实际上是变相的钓鱼网站,旨在提取受害者的个人信息和银行详细信息。这可能会导致金钱损失,因为诈骗者会利用这些详细信息进行未经授权的购买和交易。
警察补充说,他们无权锁定一个人的台式计算机,并澄清说,新加坡警察部队的官方网站是www.police.gov.sg。
如果某个人遇到了最新的假警察网站,则警察建议他应按计算机的Alt + Tab键,以查看他是否有可能返回正常的桌面显示。
受害者还可以尝试按Ctrl + Alt + Delete键以打开计算机的任务管理器,以结束所有Web浏览器进程。
他还应该避免透露自己的个人信息和银行详细信息,例如Internet银行帐户用户名和密码,以及令牌中的一次性密码。这些信息对罪犯很有用。
这是假警察网站骗局中的最新版本。去年11月,警方警告伪造的新加坡警察部队网站重新出现,他们早在2017年就一直在就此事发表咨询。
对于11月份的假冒网站警报,警察随后说,受害者从声称是警察的人那里接到了电话。
该人称受害人参与了非法活动,电话被转移到一个自称是中国执法人员的人,然后他将她定向到一个类似于新加坡警察局网站的网站。
然后指示受害者输入她的银行帐户详细信息,密码和一次性密码。
之后,受害人意识到未经她的同意,钱已经从她的银行账户中转出。
对于那些有疑问或了解与最新的假警察网站骗局或类似犯罪有关的信息,他们可以拨打警察热线1800-255-0000,或访问www.police.gov.sg/iwitness。
需要紧急警察协助的人可以拨打999。
要获得有关欺诈的建议,公众可以拨打1800-722-6688拨打反欺诈热线或访问www.scamalert.sg。
公众也可以通过注册接收最新消息并将其与家人和朋友分享,来参加www.scamalert.sg/fight上的“让我们一起打击诈骗”活动。
MOM warns of fake website phishing for personal information
Publish by Channel News Asia on 16 Jun 2020 09:17PM
How to identify fake “MOM” websites or phishing eServices
The official MOM website is at https://www.mom.gov.sg. This is where we make available MOM-related information and eServices that enable you to perform your transactions with us safely and securely.
Listed some examples of fake websites that it has found:
http://eponline-sg.com
http://www.mom-sg.org
http://mom-gov.com
http://ministryofmanpower.net
http://wponlinemomgov.sg.com
These looked very similar to our official URL, but do not have ‘.mom.gov.sg’.
Some may even try to embed ‘.mom.gov.sg’ into their URLs but their domain name won’t end with ‘.mom.gov.sg’,”.
Some browser also shows warning signs before access.
How to report fake “MOM” websites, phone scams or email scams
Call the anti-scam helpline at 1800 722 6688 if you notice:
Any websites that you suspect to be fake versions of the official MOM website.
Any calls or emails that you suspect to be scams.
Scam Alert: Advisory On Fake Instagram Account Impersonating NTUC And Soliciting Information For NTUC’s COVID-19 Support
Publish by NTUC on 22 Apr 2020
We’ve been alerted by members of the public that there is a fake Instagram account (handle: __ntucsingapore) claiming to be from NTUC Singapore and soliciting information for NTUC’s COVID-19 support. This is a fake account. Our real official Instagram handle is @ntucsingapore. We do not have two underscores before our account handle. Only trust pages and accounts with a blue tick, because these are verified.
If you encounter the account trying to follow you, please block the account and report it to Instagram. Do not engage with this account.
We take such incidents seriously, as they undermine public trust in NTUC.
We’ve lodged a police report.
DBS Phishing website
Always access DBS services through DBS official website https://www.dbs.com/.
Avoid clicking on links in unsolicited emails and SMSs.
Sample Websites are below:
https://gronvangenx.gq/secure/banking.dbs.com.sg-IB/posb/index[.]html
https://virutallin[.]gq/secure/update/verification/posb/index[.]html
http://merkez.cf/secure/update/verification/posb/
Go directly to DBS website at https://www.dbs.com/security to view the latest alerts.
Call DBS immediately at the hotlines below if you suspect you’re a victim of fraud or notice any unexpected banking or card transactions.
Singapore: 1800-339-6963 or 6339-6963
China: 400-820-8988
Hong Kong: 2290 8888
India: 1-860-210-3456
Indonesia: 0804 1500 327
Taiwan: (02) 6612 9889 / 0800 808 889
Fake govt websites phishing for personal data
Published by Straits Times on APR 24, 2016, 5:00 AM SGT
How to spot a fake government website
The Infocomm Development Authority (IDA) said there is a growing number of fake government websites over the past few years. This is part of a larger upward trend in the number of phishing websites on the Internet. Phishing sites try to trick users into giving their personal or financial information, such as credit card numbers, identity card or passport numbers, or usernames and passwords, through the use of fake websites or e-mail masquerading as official sources.
What are the risks?
The risk of landing on a fake government website can be serious. Divulging personal information to dubious sources can lead to a compromise of your bank accounts, or even identity theft. The latter poses worse problems as criminal activities can be conducted in your name.
Here are 5 ways to spot a fake government website or email:
- Emails that uses a public internet account
Take a look at the sender’s e-mail address before clicking on any link sent to you via email. Do not trust the email if it was sent via a public account as emails sent by the government will not be sent via a public account. Singapore government email addresses will end with @[agency name].gov.sg. Additionally, do not trust any email or website that asks you to “confirm” sensitive account information as it is surely a scam.Incorrect URL
A tell-tale sign of a fake website is the usage of incorrect suffixes in the URL of the website. ALL government websites will end with ‘www.(agency name).gov.sg’. All Singapore government websites end with gov.sg. Only government websites are allowed to use .gov domain names. Many fake government websites will use domain names such as .org or .net. Below is an example of a fake website with a comparison of the real one.Is not a secure site
Legitimate websites will use encryption to help ensure that your payment information remains safe. You can see if a site uses encryption by looking for a lock symbol in the browser window. You should also check that the address starts with “https://” rather than just “http://”. Do not enter payment information on any site that isn’t secure.Grammatical errors
Watch out for poor English or grammatical errors as it could mean that the site is not genuine and was put together quickly by someone looking to make a quick profit. Before divulging any personal information, take a few moments to browse the website. Read through the ‘About Us’ or ‘Contact Us’ page and see if you see anything suspicious.Low resolution images
Scammers usually put up fake sites quickly, resulting in poor quality websites. If the ministry logo or text appears to be in poor resolution, this might be an important clue that this website should not be trusted.
How to protect yourself against such phishing scams?
Avoid clicking on links in suspicious or unsolicited e-mails. Ignore suspicious call-to-action e-mails such those claiming that “your account will be terminated”. Victims who shared their passwords or usernames should change their passwords immediately and those who have given out personal information should make a police report. Practice common sense and remain vigilant at all times.
Disclaimer: Please practice discretion while encountering such situations, vigilance is key. The list above is not exhaustive and does not guarantee that you will not fall prey on an online scam.