Cyberkiz
HIGH THREAT

Fake Customer Service Scam — Impersonating Banks & Telcos

impersonation· cases· losses·Updated 22 Jun 2026

Scammers are impersonating customer service representatives from major Malaysian banks, telcos, and government agencies. Using caller ID spoofing technology, the incoming call displays the official hotline number of Maybank, CIMB, Digi, Celcom, or even PDRM. The caller sounds professional and follows scripts designed to extract banking credentials.

This scam type is particularly dangerous because victims believe they are speaking with a legitimate representative and willingly provide sensitive information.

The scammer calls your phone, and the caller ID displays a recognised number — for example, Maybank's 03-5891 4744 or Digi's 016-221 1800. The caller identifies themselves as a fraud prevention officer and claims suspicious activity has been detected on your account.

To "verify your identity" or "secure your account," they ask for your username, password, TAC, or OTP. In some cases, they direct you to install a remote access app like TeamViewer or AnyDesk, which gives them full control of your phone.

Another variant targets telco customers. The caller claims your phone number has been used for illegal activities and you must verify your identity or face line disconnection. They then use the information to perform a SIM swap or access your banking apps.

Can scammers make their call appear to come from my bank's real number?

Yes. Caller ID spoofing technology allows scammers to display any phone number, including official bank hotlines. Never trust the number displayed — always hang up and call back directly.

What should I do if I already gave my banking details to a caller?

Call your bank's fraud hotline immediately to freeze your account. Then call 997 (NSRC) and lodge a police report. Time is critical — act within minutes.

Red Flags

  • !Inbound call claiming to be from your bank — banks rarely call you proactively about fraud unless you initiated a report
  • !Requesting passwords, TAC, or OTP — no legitimate customer service agent will ever ask for these
  • !Asking you to install remote access software — TeamViewer, AnyDesk, or screen sharing requests are always scam indicators
  • !Transferring you to "police" or "BNM" — scammers chain multiple fake officials to build credibility
  • !Creating urgency — "Your account will be frozen in 1 hour" or "There is a warrant for your arrest"

🛡 How to Protect Yourself

  1. 1Hang up immediately if anyone asks for your password, TAC, OTP, or PIN
  2. 2Never install remote access apps at the request of a caller

📞 How to Report

  1. 1Call your bank back using the number printed on the back of your bank card — not the number shown on caller ID
  2. 2Call 997 (National Scam Response Centre) if you shared any credentials
  3. 3Lodge a police report at your nearest station
  4. 4Report the spoofed number to MCMC at aduan.skmm.gov.my

Want to learn more?

Book a scam awareness workshop for your family, community group, or organisation.

View Anti-Scam Programme