AS online shopping continues to rise in popularity, so too do the scams that prey on unsuspecting users. In Malaysia, phishing scams targeting e-commerce platforms have become increasingly common — and costly.
One local woman recently took to social media to share how her friend was allegedly scammed out of RM54,000, and how she herself narrowly avoided falling victim to a similar scheme.
“This method is called phishing. They fake the platform’s website so victims willingly give their banking details, thinking it’s a legitimate online shopping platform.
“Victims never ‘send money’ directly. They just click a fake link that steals their login details when they type them in,” she claimed in a post on Threads.
According to the post, the scammer allegedly impersonated a seller from an online shopping platform and sent a link to her friend containing a fake payment page, complete with the platform’s logo, colour scheme, and layout.
“They told the victim to make payment or verify details through the link. Once the victim clicked and entered their bank login and TAC/OTP, the scammer immediately gained access to the account.
“In just minutes, they transferred out all RM54,000, leaving only RM3.40,” she alleged.
In the woman’s own case, the alleged scammer pretended to be a buyer from another e-commerce platform. The scammer initially contacted her via the platform’s app, then moved the conversation to WhatsApp.
“I only realised what was happening the moment I clicked the link and almost believed it. What’s worse is this isn’t even my first time! I even passed a cybersecurity awareness exam,” the woman said.
First, the “buyer” sent her an “official-looking” email — mimicking the e-commerce platform’s design and email address — requesting her to “validate” or “confirm payment” as the seller. The email led her to a fake payment landing page displaying logos of various Malaysian banks.
“Once you choose your bank and log in, they capture your banking username, password, and TAC. From that point, they can log into your real account and transfer out your money.
“The trick here is that you think you’re receiving payment, but you’re actually logging into their phishing site,” she added.
She further advised that no legitimate online shopping platform would ask users to verify or validate payments via email or links, and urged others to always double-check any financial transactions directly through the platform’s official app.