Security Alert

At AmBank Group, we are always concerned about your online banking safety. Kindly be reminded to take necessary precautions in safekeeping your computers and mobile devices from Malware, Viruses and Trojans. Only perform online related activities or any transactions if you have logged directly onto the website and sighted the security icon and phrase.

We are definitely assured that our corporate internet banking is safe for usage and we will always guarantee the security of your information in our system.

Keep yourself updated with AmBank Group Malaysia latest online security alerts and advisories at www.mycert.org.my.


Most Common Types of Scams:
 
Email Scam


An email scam is a type of scam more widely known as ‘phishing‘. The fraudster randomly sends forged emails purportedly from financial institutions or publicly known organisations to lure victims into revealing their internet banking login credentials, email credentials, credit card numbers, bank account numbers and/or passwords which are then used to perform unauthorised transactions by the victims.

These emails are designed to appear legitimate to gain the trust of the recipient. The content of the email typically attempts to inflict a sense of urgency and panic in order to trick customers into revealing confidential information on a fake website/popup.
Phone Scam
 
In such cases, the fraudster usually attempts to obtain sensitive information over a voice call. The fraudster normally tries to gain the victim’s trust by impersonating a credible individual such as a banking authority or a police investigation officer. Victims may not verify the received calls purportedly made by such persons thinking that the calls are from regulators, to avoid embarrassment or as a result of “warnings” given by the “officer".
 
Fake phone calls have been on the rise whereby scammers would trick customers into revealing their confidential banking credentials (such as login ID/password/NRIC, etc.) by following given instructions.
 
To know how to protect yourself against Phone Scams, please read the Notices below:
 
 
Spyware

Spyware is a software that enables a user to obtain covert information about another’s computer activities by transmitting data covertly from their hard drive. It is one of the most common threats on the internet. It can easily infect your device and it can be hard to identify. Spyware is a threat to businesses and individual users since it can steal sensitive information and harm your network.   

You can recognise spyware on your device when it shows symptoms such as slow or crashes unexpectedly, running out of hard drive space and you are getting pop-ups when you are online or offline. If you think your device is affected, run a scan with your current security software and remove the spyware using the virus removal tool.   

Embedded Links

Cybercriminals may use embedded links to lure you into clicking on them and upload malware to your device or network in order to collect your confidential information. Only click on the embedded link from trusted sources to avoid running the risk of malware being uploaded to your computer or network. 

Pretext Calling


Also known as a “conformational call” or “pretence call” or “tapping” is a tape-recorded call between two people, usually between the victim and the suspect of the crime. The cyber-criminals may pretend to be bank officers to obtain your confidential information. Once obtained your confidential information, the cyber-criminals may be calling your bank to pose as you and perform transactions using your account.   

Another form of pretext calling is when the cyber-criminals request for your confirmation on transactions that supposedly made with your credit card. When you inform cyber-criminals that you do not have such credit cards, you’re provided with a fake Bank Negara Malaysia telephone number in order to lodge a report. Upon calling, the cyber-criminals will request for confidential information which will subsequently be used for fraudulent activities. 

Another type of pretext calling whereas the cyber-criminals will call up and pretend to call from a legal company, court, customs or police station. The cyber-criminals then state that you have an outstanding amount and needs to be paid on the same day. If you fall with their tactic, you will be forced to make payment to them over the phone. Do not trust such a call and always demand an official letter so that you can verify the statement. 

Pharming

Pharming is the fraudulent practise of directing Internet users to a bogus website that mimics the appearance of a legitimate one, in order to obtain personal information such as passwords, account numbers and etc. It can be conducted either by changing the host file on your computer by the exploitation of a vulnerability in DNS server software. If you are accessing AmBank corporate internet banking, please ensure the website address has https:// in its URL.


Keylogging

 
Keylogging is the activity carried out by cyber-criminals using keylogger technology that tracks and records consecutive keystrokes on a keyboard. Also known as “Keyboard Capturing”, the users who use the keyboard for logging in to the online banking often unaware that their activities are being monitored. Keyloggers are used to gain fraudulent access to confidential information such as personal details, credit card data, access credentials, etc.   

Protect your account by installing the anti-spyware applications which are able to detect and disable/cleanse keylogging software. AmBank corporate internet banking is secure from keylogging as each PIN is invalidated as soon as it is used.

Keylogging on ATM


Cybercriminals have been known to use keyboard overlays on ATMs to capture people’s PINs. Each keypress is registered by the keyboard of the ATM as well as the criminal’s keypad that is placed over it. The device is designed to look like an integrated part of the machine so that bank customers are unaware of its presence.  

Cover the keypad with your hands when entering the PIN into an ATM or supermarket’s terminal. Some banks and supermarket’s terminal already equipped with a cover to prevent theft and some are not. Hiding your PIN when you use an ATM is a simple way to avoid nasty financial surprises in your bank account. 

Keylogging on Mobile

The main purpose for cyber-criminals to keylogging on mobile phones is to capture and transmit information including email, SMS and keystrokes on mobile phones without the phone user knowing it.

SMS Scam
 
SMS scam usually involves SMSes initiated by a fraudster to trick victims into believing that they have won a contest/reward and which attempt to lead them into compromising their banking information and/or create an internet banking facility without the victim even realising it.
 
This type of scam may also involve ‘identity theft’ since an unauthorised person usually pretends to be a valid account holder and accesses the customer’s account (usually through the internet), unbeknown to the account holder.
 
Fake SMSes have been on the rise whereby scammers would trick customers into revealing their confidential banking credentials (such as login ID/password/NRIC, etc.) by following given instructions.
 
To know how to protect yourself against SMSes Scams, please read the Notices below:
 
​​

Online Banking Tips


 

  • Preventing Ransomware
    • Install the latest security patches
    • Do not open attachment from an 'unknown' sender
    • Backup your device regularly
    • Adjust your computer settings to automatically install updates
  • Banking Safety
    • Always enter the AmBank's corporate internet banking website address directly into your browser's address bar.
    • Always check AmBank's corporate internet banking website address changes from http://to https:// once you are on the login page.
    • Always review your account details and transaction(s). This is to ensure there is no unusual transaction(s) has been made.
    • Set up account alerts for a large amount of transaction debited from your account.
  • Protect your username, password and other authentication credentials
    • Ensure your password creation is strong and hard to guess.
    • Always memorise your password and do not write it anywhere or save it to your device.
    • Use a separate password for your online banking purposes and for logging in to other non-banking websites.
    • Ensure no one is watching when you are keying in your password.
  • When using a computer
    • Always make sure your computer's operating system and browser software are updated with the latest security patches.
    • Configure a personal firewall and install the latest anti-virus software to help prevent unauthorised access to your devices.
    • Clear your browser's cache and history after each session to ensure your personal data is removed especially when using a shared computer or network. 
    • Backup your critical data and information. 
    • Always consider the use of encryption technology to protect highly sensitive data. 
  • When using a mobile device
    • Ensure the mobile device that you own built-in with security features.
    • Always protect your personal information by preventing it from being lost or stolen.
    • Secure your phone by using a strong passcode lock.
    • Review the privacy policy and understand what data an application can access on your device before you download it.
    • Be vigilant against SIM card swap fraud.
    • Cyber-criminals request SIM card swap from telecommunication companies and gain access to customer’s mobile number. 
  • Wireless Networks
    • Keep your operating system updated and enable automatic updates.
    • Use your own cellular network or enable personal hotspot rather than wi-fi for online banking. This is to avoid thieves from getting into your network when doing any online transaction.
    • Control your devices e.g. do not set your laptop or mobile device to 'Connect automatically' when it finds available networks nearby. Fraudsters can set up a fake wifi network easily.
    • Use any security available that is provided by your bank e.g. two-factor authentication or authorization code for login.
    • Use security software such as firewall, antivirus, antimalware etc to avoid a breach of data to your online banking account.
    • Trust your browser and ensure you are in a secured website before doing any online transaction.
    • Monitor your account and check your transaction history regularly.
  • Using ATM
    • Avoid using an ATM in a deserted or isolated location.
    • Be aware of your surroundings when withdrawing funds.
    • Look for CCTV to ensure there is evidence when an incident happens.
    • If it looks like someone has tampered the ATM with 'something', avoid using it.
    • Cover your hands when entering ATM PIN.
    • Remember to remove your ATM card and receipt from the ATM after completing your transaction.
    • Lock your car door once you are in the car.
AmBank Transaction Banking always keeping your online security at top-notch. As users of corporate online banking, please note that we recommend a few security precautions to further safeguard your account while doing your online transaction. 

AmBank Security

 

  • Secure website - AmBank Corporate Online Banking is secured with a digital certificate to enable safe communication between the Bank and our corporate customers. Such a feature ensures message privacy, website authentication and message integrity. You will be able to verify the identity of the website by clicking on the padlock icon located at the browser window.
  • Minimum system requirement - To secure the information transmitted between your personal computer and our Corporate Online Banking, you will need a minimum Microsoft Internet Explorer 7.0 or higher with 256-bit encryption. Encryption is a mechanism of transmitting data in a secure way, where the data is encrypted using a key (this key is provided by a Certificate Authority (CA)). To protect the privacy of your data and information, please remove the cache information using the steps provided in the Security Tips section.
  • Authentication – AmBank Corporate Online Banking separate users based on the channels and services subscribed. The standard login ID and password user provided with access to inquiry functions only. To ensure the integrity of your login ID and password, the Bank advises you to:
    • Periodically change your password.
    • Do not disclose your password to anyone including the Bank’s personnel.
    • Do not associate your password with anything personnel or easy for guessing.
    • Do not write your password on any paper or anywhere accessible by others. 
Token-based users are authenticated using a Two-Factor Authentication token such as Vasco®, which is activated by a Personal Identification Number (PIN), in addition to your login ID. Each time you enter your Login ID, a challenge will be provided. A response to the challenge has to be generated from a Vasco® token device that is assigned to your login ID. A new challenge code is required after 50 seconds to prevent fraudulent use of expired response. After three failed attempts, the user will be automatically blocked.

  • Automatic log out – If there is an inactivity of 20 minutes during your online banking session, the system will automatically log you out. You are then required to log in and please note to:
    • Do not leave your device unattended while logged on to the online banking.
    • Ensure no unauthorised person gain access to an active online banking session.
    • Log out by clicking the Logout button and log off your device before leaving your desk.
  • Data security and confidentiality – AmBank uses the industry-standard security measure that is known as Secure Socket Layer (SSL) encryption. In commitment to protect the privacy and security of your information, has implemented the following security features:
    • Login ID and password verification for corporate online banking’s inquiry module customers only.
    • Two-factor authentication for corporate online banking’s payment module customers only (token-based users).
    • Firewalls and intrusion detection systems
    • Updated anti-virus software
    • Internal policies and guidelines
    • Server-side authentication through digital certificates
  • User Verification – A Transaction Authorisation Code (TAC) via SMS is required for first-time inquiry module user logging into the online banking. To ensure the provision of the token user is correct and authorised by the customer, Token Acknowledgment and Activation is required for the first-time login.
  • Firewalls and intrusion detection systems – Firewalls act as filters that prevent information from getting in or out of a protected network. This protects the network against unauthenticated access to the server and permit-selected traffic based on functions available at the corporate internet banking. The Bank also has an intrusion detection system to automatically disable attacks from hackers. The intrusion detection system alerts the Bank’s security personnel about possible attacks-in-progress and the Bank keeps audit logs to provide a trail of information.
  • Anti-virus software – AmBank has implemented industry-standard anti-virus application to ensure the online banking is safe and secure from viruses. For you to have a safe and secure online banking session, please ensure that: 
    • You have installed anti-virus software on your devices for added protection.
    • You periodically update your anti-virus software to the latest version.
    • You have configured your browser setting to always block intrusive advertisement with phishing links.
  • Internal policies and guidelines – AmBank adopts various policies for managing system access, back-ups and other operation management to safeguard customers’ access. Several guidelines and procedures have been put in place to minimise potential security breaches and to ensure the protection of data integrity within the Bank’s network.
  • Server-side authentication through digital certificates – AmBank uses digital certificates to verify the authenticity of a website and provides encrypted communication. Your online banking sessions via AmBank corporate internet banking are encrypted to prevent Interlopers, Eavesdroppers, Vandals or Imposters through the use of 256-bit Secure Socket Layer (SSL) from a reputable Certificate Authority such as DigiCert and Verisign, a protocol designated to provide privacy, reliability and integrity.
Report to Us!

If you have experienced or suspect any unauthorised breach, irregular transaction(s) or other spam activities related to your account, please report to us immediately by calling AmBank Contact Centre at 03-2178 3188 or email to us at e-ambizcare@ambankgroup.com. Alternatively, you can write to AmBank Contact Centre, Level 18, Menara AmBank, No. 8, Jalan Yap Kwan Seng, 50450 Kuala Lumpur. You may expedite the investigation process by furnishing us the details of the incident.