Cyberkiz
HIGH THREAT

Fake Bank SMS Phishing — Maybank, CIMB & Public Bank SMS Scams

phishing· cases· losses·Updated 22 Jun 2026

Phishing SMS messages that impersonate Maybank, CIMB, Public Bank, RHB, and other Malaysian banks remain one of the most persistent scam types in the country. These messages claim your account has been suspended, a suspicious transaction has been detected, or your card is about to expire — all designed to panic you into clicking a malicious link.

The messages often appear in the same SMS thread as legitimate bank notifications because scammers use sender ID spoofing to display the bank's name instead of a phone number.

Scammers send bulk SMS messages using spoofed sender IDs that display names like "Maybank", "CIMB", or "PBBank." The message typically warns of account suspension, unauthorized transaction, or security upgrade, and includes a shortened URL.

The link leads to a phishing website that replicates the bank's official login page with remarkable accuracy. When you enter your username and password, the scammer captures them in real time. A second page then asks for the TAC or OTP that was triggered by the scammer simultaneously attempting to log in to your actual account.

Some sophisticated variants use a technique called real-time phishing, where the scammer's system immediately uses your credentials on the real banking site, triggering a legitimate TAC that arrives on your phone. The phishing page then asks you to enter this TAC "for verification."

Do Malaysian banks send SMS with links?

No. All major Malaysian banks — Maybank, CIMB, Public Bank, RHB, and others — explicitly state they never send SMS containing clickable links. Any such SMS is a scam.

How can a scam SMS appear in the same thread as real bank messages?

Scammers use sender ID spoofing technology to display the bank's name as the sender. Your phone groups messages by sender name, placing the fake message alongside real ones.

Red Flags

  • !Links in SMS messages — Malaysian banks explicitly state they never include clickable links in SMS
  • !Sender ID matches your bank — spoofed sender IDs can appear in the same thread as real messages
  • !Urgency and threats — "Account will be locked in 24 hours" or "Unauthorized transaction detected"
  • !Generic greeting — "Dear customer" instead of your actual name
  • !Unusual URL — the link does not match the bank's official domain (e.g., maybank2u.com.my)

📞 How to Report

  1. 1Do not click any links in SMS messages claiming to be from your bank
  2. 2Open your banking app directly or type the URL manually to check your account status
  3. 3Call your bank's official hotline if concerned (Maybank: 03-5891 4744, CIMB: 03-6204 7788)
  4. 4If you entered credentials on a phishing site, call your bank immediately to freeze your account
  5. 5Call 997 (National Scam Response Centre) to report the fraud
  6. 6Lodge a police report at your nearest station

Want to learn more?

Book a scam awareness workshop for your family, community group, or organisation.

View Anti-Scam Programme