Beware of a new GrabPay scam that can quickly suck your debit cards and bank account dry!
Don’t give out your GrabPay codes, even if your friends ask for them! SHARE this warning with your family and friends!
GrabPay Scam Alert : Be Careful Of FAKE Friends!
On 16 May 2020, Muhammad Syahir was cheated of almost RM 900 through a GrayPay scam. Here is a brief summary of what happened :
- The scammer created a new Instagram account, pretending to be his friend.
- He messaged Muhammad Syahir asking for his phone number.
- After receiving Muhammad Syahir’s phone number, the scammer told him he would be sending him a GrabPay code for the GrabPay 8th Anniversary Campaign.
- After sending the GrabPay code (not a TAC code) to the scammer, Muhammad Syahir saw RM 425 being debited into his GrabPay account. Unbeknownst to him, that money was from his own bank account!
- A few minutes later, Muhammad Syahir received a notification that the RM 425 was paid to UNIPIN (M) SDN. BHD.
- The scammer messaged Muhammad Syahir again on Instagram, asking for a second code that was sent to the victim.
- Muhammad Syahir then received another notification from GrabPay stating that another RM 425 was paid to UNIPIN (M) SDN. BHD.
- After that, the scammer blocked Muhammad Syahir on Instagram. That was when he got suspicious.
- When Muhammad Syahir checked his bank account, he discovered that he lost RM 896.30 to the scammer.
- In total, the scammer made 5 withdrawals through GrabPay – four from his debit card, and one from his bank account.
Another person – Patrick Saw – also fell for the same GrabPay scam, losing RM 405.
GrabPay Scam Alert : GrabPay Flaws?
Muhammad Syahir highlighted what he felt were major flaws with GrabPay :
- GrabPay allows credit / debit card transactions without CVV verification or OTP from the bank.
- GrabPay will not notify you about any first-time login attempt of a different gadget in a different location.
- GrabPay does not require users to set-up a secured PIN for any big transactions – e.g. more than RM100.
- If your bank account is linked to your GrabPay e-wallet, there won’t be any SMS notification for bank transfers to your e-wallet.
According to his experience, the scammer only needed to use the Grab Activation Code to withdraw money from all bank accounts / debit cards linked to your GrabPay app.
GrabPay Scam Alert : How To Avoid It?
To avoid falling prey to such a scam, here is what you should do :
- NEVER accept a friendship request from a new social media account, until you have verified with your friend (through a phone call or face-to-face) that he/she created that new account.
- NEVER send any code you receive to anyone. Even if it is a friend, why does he/she need the code that was sent to YOU?
- Businesses will never give away free money for anniversaries. Don’t fall for such an old trick!
- NEVER link your debit card or bank account to an e-wallet. Only link a credit card, because they are insured and protected against fraud. If you get scammed, you can call the bank to ask for a refund.
GrabPay Scam Alert : Original Post + Police Report
Here was what Muhammad Syahir posted earlier, together with his police report :
SCAM ALERT VIA GRAB PAY!
It happened to me last night and I have lost almost RM1K in a few minutes via Grab Pay.
The incident happened when one of my close friends re-created a new Instagram account and requested to follow me. He messaged me and asked for my phone number via Instagram message. Without any doubt, I gave him my phone number, knowing that he probably has lost my phone number.
He posted a few photos to his newly-created Instagram account so it does not look like a phishing account.
After that, he sent another message to me about GrabPay 8th year special campaign. He was telling me that I will send a message with a code to your phone and please let me know the code and I will see what you have won.
Grab Activation Code was sent to my phone number. It was an activation code not TAC code. I gave the activation code to him without any doubt because I know that he is my friend. Also, I was thinking of this is just an activation code, it has nothing to do with my bank accounts.
The tricks started here. I saw RM425 was debited to my GrabPay account and I did not know that it was from my bank account which was linked to the GrabPay account. After a few minutes, I received a new notification from the GrabPay that RM425 was paid to UNIPIN (M) SDN BHD.
The scammer then messaged me again on Instagram. Another activation code was sent to your phone, please let me know the code. Then, I have received another notification from GrabPay that another RM425 was paid to UNIPIN (M) SDN BHD.
When I was about to reply him a message, he blocked me up. That was the time that I know something fishy has happened. When I checked my Maybank2u, I have lost a total amount of RM896.30 from my bank account. The scammer has cleared all the money in my bank account and left RM60 balance to my GrabPay.
The scammer did a total of 5 transactions as you can see from my GrabPay activity picture below. 4 transactions were made directly via debit card which is linked to my GrabPay account and 1 transaction was made via Maybank2u. The scammer even managed to access my Maybank2u account from the GrabPay account.
It happened to me in a blink of an eye where you were blinded by this scammer who cat fished your close friend to do this scam.
On top of that, let me highlight the flaws of the GrabPay app:
1) Grab allows credit/debit card transaction without the bank’s authorization OTP and also the CVV verification.
2) Grab does not notify the user via email for any first-time login attempts of different gadgets in different location.
3) Upon registering this app for the past few years, Grab did not put a clause for the users to mandatorily set up their secured pin for any big transactions that are more than RM100.
4) Your bank account that is linked to your GrabPay will not notify you via sms for any debit transaction from the bank to the GrabPay.
*The scammer just need the Grab Activation Code and he can take all the money from your linked bank accounts on the Grab app. Such a flaw app!
Please be aware of this scam and help me to share this news. I have also tag a person who has faced the same case last week. You may also check on his Facebook profile. Patrick Saw has lost RM405 from the scammer who has approached him the same way as mine.
Recommended Reading
- Ji Shan Foundation Charity Scam Exposed!
- Charity Scam : Current List Of 79 Reported Scammers!
- How To Get + Pay Your TNB Bill During COVID-19 MCO
- Face Mask Recycling Scammers Exposed!
- MITI FAQ On Business Ops Allowed During MCO
- 9 yo Lara Thanks Dr. Noor Hisham, This Was His Reply!
- New York Accidental Cremation Hoax Debunked!
- Why Face Masks Are CRITICAL To Prevent COVID-19
- Doctor Died Taking Hydroxychloroquine To Prevent COVID-19
- McDonald’s Malaysia Voucher Scam EXPOSED!
- Business Ops Allowed During MCO : Full List + Requirements!
- New COVID-19 Clusters Show The Danger Of Social Contact!
- #FilmYourHospital : Empty Hospitals Hoax Debunked!
- Fact Check : Out-Of-Control Crowd @ Johor Bahru CIQ!
- Anti-Lockdown Gathering Of Muslim Migrants Debunked!
- Thai King Died From COVID-19 Hoax Debunked!
- CNBC COVID-19 Airborne Hoax Debunked!
- COVID-19 Airborne Hoax Debunked : Japanese Doctor Edition!
- Bantuan Prihatin Nasional (BPN) : SMS Scam Alert
- COVID-19 : How To DIY Your Own Face Shields!
- Bomohs Combine Powers To Trap COVID-19 Toyol!
- Did This Malaysian Student Die From COVID-19 In London?
- COVID-19 Found On Fruits & Vegetables Hoax Debunked!
Support Us!
If you like our work, you can help support our work by visiting our sponsors, or even donating to our fund. Any help you can render is greatly appreciated!
Pingback: How To SAFELY Clean Our Phone + Watch Against COVID-19 | Rojak Pot
Pingback: Watch : Malaysian Police Fired TWICE To Disable Car! | The Rojak Pot
Pingback: The Multi-Coloured Rosary Of Mother Teresa Hoax Debunked! | Rojak Pot
Pingback: Car Catching Fire From Hand Sanitiser Hoax Debunked! | The Rojak Pot
Pingback: Pos Malaysia : No Bonus Scam Exposed! | The Rojak Pot
Pingback: Watch Out For Fake CIMB Scam Call / SMS! | The Rojak Pot
Pingback: US Protestors Breaking Into White House : Hoax Debunked! | Rojak Pot
Pingback: GrabFood Clarifies Restaurant Availability Controversy! | Rojak Pot
Pingback: BLM Protestors Attacked Abe Lincoln Statue? Not So Fast! | The Rojak Pot
Pingback: Nikon Says Goodbye To Malaysia On 1 January 2021 | The Rojak Pot