Site icon The Rojak Pot

GrabPay Scam Alert : Be Careful Of FAKE Friends!

Beware of a new GrabPay scam that can quickly suck your debit cards and bank account dry!

Don’t give out your GrabPay codes, even if your friends ask for them! SHARE this warning with your family and friends!

 

GrabPay Scam Alert : Be Careful Of FAKE Friends!

On 16 May 2020, Muhammad Syahir was cheated of almost RM 900 through a GrayPay scam. Here is a brief summary of what happened :

  • The scammer created a new Instagram account, pretending to be his friend.
  • He messaged Muhammad Syahir asking for his phone number.
  • After receiving Muhammad Syahir’s phone number, the scammer told him he would be sending him a GrabPay code for the GrabPay 8th Anniversary Campaign.

  • After sending the GrabPay code (not a TAC code) to the scammer, Muhammad Syahir saw RM 425 being debited into his GrabPay account. Unbeknownst to him, that money was from his own bank account!
  • A few minutes later, Muhammad Syahir received a notification that the RM 425 was paid to UNIPIN (M) SDN. BHD.
  • The scammer messaged Muhammad Syahir again on Instagram, asking for a second code that was sent to the victim.
  • Muhammad Syahir then received another notification from GrabPay stating that another RM 425 was paid to UNIPIN (M) SDN. BHD.
  • After that, the scammer blocked Muhammad Syahir on Instagram. That was when he got suspicious.
  • When Muhammad Syahir checked his bank account, he discovered that he lost RM 896.30 to the scammer.
  • In total, the scammer made 5 withdrawals through GrabPay – four from his debit card, and one from his bank account.

Another person – Patrick Saw – also fell for the same GrabPay scam, losing RM 405.

 

GrabPay Scam Alert : GrabPay Flaws?

Muhammad Syahir highlighted what he felt were major flaws with GrabPay :

  1. GrabPay allows credit / debit card transactions without CVV verification or OTP from the bank.
  2. GrabPay will not notify you about any first-time login attempt of a different gadget in a different location.
  3. GrabPay does not require users to set-up a secured PIN for any big transactions – e.g. more than RM100.
  4. If your bank account is linked to your GrabPay e-wallet, there won’t be any SMS notification for bank transfers to your e-wallet.

According to his experience, the scammer only needed to use the Grab Activation Code to withdraw money from all bank accounts / debit cards linked to your GrabPay app.

 

GrabPay Scam Alert : How To Avoid It?

To avoid falling prey to such a scam, here is what you should do :

 

GrabPay Scam Alert : Original Post + Police Report

Here was what Muhammad Syahir posted earlier, together with his police report :

SCAM ALERT VIA GRAB PAY!
It happened to me last night and I have lost almost RM1K in a few minutes via Grab Pay.

The incident happened when one of my close friends re-created a new Instagram account and requested to follow me. He messaged me and asked for my phone number via Instagram message. Without any doubt, I gave him my phone number, knowing that he probably has lost my phone number.

He posted a few photos to his newly-created Instagram account so it does not look like a phishing account.

After that, he sent another message to me about GrabPay 8th year special campaign. He was telling me that I will send a message with a code to your phone and please let me know the code and I will see what you have won.

Grab Activation Code was sent to my phone number. It was an activation code not TAC code. I gave the activation code to him without any doubt because I know that he is my friend. Also, I was thinking of this is just an activation code, it has nothing to do with my bank accounts.

The tricks started here. I saw RM425 was debited to my GrabPay account and I did not know that it was from my bank account which was linked to the GrabPay account. After a few minutes, I received a new notification from the GrabPay that RM425 was paid to UNIPIN (M) SDN BHD.

The scammer then messaged me again on Instagram. Another activation code was sent to your phone, please let me know the code. Then, I have received another notification from GrabPay that another RM425 was paid to UNIPIN (M) SDN BHD.

When I was about to reply him a message, he blocked me up. That was the time that I know something fishy has happened. When I checked my Maybank2u, I have lost a total amount of RM896.30 from my bank account. The scammer has cleared all the money in my bank account and left RM60 balance to my GrabPay.

The scammer did a total of 5 transactions as you can see from my GrabPay activity picture below. 4 transactions were made directly via debit card which is linked to my GrabPay account and 1 transaction was made via Maybank2u. The scammer even managed to access my Maybank2u account from the GrabPay account.

It happened to me in a blink of an eye where you were blinded by this scammer who cat fished your close friend to do this scam.

On top of that, let me highlight the flaws of the GrabPay app:

1) Grab allows credit/debit card transaction without the bank’s authorization OTP and also the CVV verification.
2) Grab does not notify the user via email for any first-time login attempts of different gadgets in different location.
3) Upon registering this app for the past few years, Grab did not put a clause for the users to mandatorily set up their secured pin for any big transactions that are more than RM100.
4) Your bank account that is linked to your GrabPay will not notify you via sms for any debit transaction from the bank to the GrabPay.

*The scammer just need the Grab Activation Code and he can take all the money from your linked bank accounts on the Grab app. Such a flaw app!

Please be aware of this scam and help me to share this news. I have also tag a person who has faced the same case last week. You may also check on his Facebook profile. Patrick Saw has lost RM405 from the scammer who has approached him the same way as mine.

 

Recommended Reading

 

Support Us!

If you like our work, you can help support our work by visiting our sponsors, or even donating to our fund. Any help you can render is greatly appreciated!


Exit mobile version