Scammed? Call the National Scam Response Centre now: 997 (NSRC) · Semak Mule (PDRM)
ScamAlert MalaysiaMalaysia Anti-Scam Awareness Portal
EN BM 中文
HomeScam Types › Phishing and Banking Scams: Protecting Your OTP an
Phishing

Phishing and Banking Scams: Protecting Your OTP and Passwords

By ScamAlert Editorial Team · Published 13 Jun 2026 · Updated 13 Jun 2026

Phishing scams trick you into entering your banking login, card details or one-time passwords on a fake website or app. The message may look like it comes from your bank, an e-wallet, a delivery company or even a government agency.

How the scam works

You receive an SMS, email or chat message warning of a "blocked account", a "reward", or a "suspicious transaction", with a link to "verify". The link opens a convincing copy of a real login page. Once you enter your details and the OTP/TAC, the scammer uses them in real time to log in and transfer your money.

Warning signs

  • Urgent messages with a link asking you to log in or "verify" now.
  • Web addresses that are misspelled or do not match the official domain.
  • Requests for your password, full card number, CVV or OTP/TAC.
  • Apps you are told to "sideload" or install from a link.

How to protect yourself

  • Never log in through a link. Type your bank's address yourself or use its official app.
  • No bank will ever ask for your password or OTP/TAC — that code is the key to your money.
  • Turn on transaction alerts and set sensible transfer limits.
  • Only install banking apps from the official app stores.

If you clicked or shared a code

Call your bank's hotline at once to freeze the account, change your passwords, and call 997. Speed is everything when an account is being drained.

This article is published for public awareness and education. Figures are taken from official statements and reputable news reports at the time of writing. If you spot an error, tell our editors.