“MariSewaBank” Scam

BruCERT has recently received a number of reports on a scam called “MARISEWABANK”. The scammer contacts victims via SMS containing a WhatsApp link. Once the link is clicked, the victim would be lured into online gambling by promising a profit of 100% to 350% depending on the bank that the victim deposits their money into. The victim will then be asked for their personal and banking details, namely:
•    Bank 
•    Name of account holder 
•    Account number 
•    Online banking username & password 
•    Mobile password (for certain banks) 
•    ATM PIN 
•    ATM card number 
•    Photo of IC and ATM card (front and back)

•    Scammer can easily access victim's bank account, which will lead to financial loss.
•    Leakage of personal and financial information
•    ATM card and credit card skimming
•    Identity theft and fraud 

Best Practices
•    Do not respond to such messages. 
•    Always be skeptical of messages from numbers you do not recognize. 
•    Do not share any messages if you are unsure of its legitimacy. 
•    Report the sender on WhatsApp and block their number. 
•    Never give out your financial or personal details or post them online. 
•    Never send photos of your ATM card or credit/debit card. It can easily be shared with other people. 
•    Do not click on suspicious links as they may contain malware. 

If you have mistakenly given out your details:
•    Immediately change your online banking credentials (username, PIN or password, and Mobile Password) 
•    Take screenshots and save evidence such as the conversation, contact number or email, bank or remittance transaction and receipt, bank statement. 
•    If you have sent money, report it to the respective bank or remittance company immediately. 
•    Report the scam to the police.