BACKGROUND
BruCERT has recently received a number of reports on a scam called “MARISEWABANK”. The scammer contacts victims via SMS containing a WhatsApp link. Once the link is clicked, the victim would be lured into online gambling by promising a profit of 100% to 350% depending on the bank that the victim deposits their money into. The victim will then be asked for their personal and banking details, namely:
• Bank
• Name of account holder
• Account number
• Online banking username & password
• Mobile password (for certain banks)
• ATM PIN
• ATM card number
• Photo of IC and ATM card (front and back)
IMPACT
• Scammer can easily access victim's bank account, which will lead to financial loss.
• Leakage of personal and financial information
• ATM card and credit card skimming
• Identity theft and fraud
Best Practices
• Do not respond to such messages.
• Always be skeptical of messages from numbers you do not recognize.
• Do not share any messages if you are unsure of its legitimacy.
• Report the sender on WhatsApp and block their number.
• Never give out your financial or personal details or post them online.
• Never send photos of your ATM card or credit/debit card. It can easily be shared with other people.
• Do not click on suspicious links as they may contain malware.
RECOMMENDATIONS
If you have mistakenly given out your details:
• Immediately change your online banking credentials (username, PIN or password, and Mobile Password)
• Take screenshots and save evidence such as the conversation, contact number or email, bank or remittance transaction and receipt, bank statement.
• If you have sent money, report it to the respective bank or remittance company immediately.
• Report the scam to the police.