Last Updated on June 11, 2022 by Chin Yi Xuan

Financial scams are getting out of control.

Lately, I’ve seen reports/posts on scam cases popping up everyday on social media and news. It pains me to see people’s life savings go missing due to scams.

Financial scam malaysia

So, how does a financial scam happen? How to protect yourself from scams? More importantly, what should you do if this happens to you?

Let’s find out!

Oh ya! If you find this post useful, consider subscribing to my FREE weekly personal finance & investing newsletter! I’d really appreciate it if you can share this post with your family and friends too!

Useful post:


Different ways scammers can steal your money

A scam can happen in many ways. However, there are 2 most common ways scammers find their way to your hard-earned money:

#1 Phishing scams

Phishing is where you are tricked to disclose important financial information through different tactics.

Some of these tactics include:

  • Email scams pretending to be from legitimate sources, such as Paypal, Amazon, and other shopping apps like Shopee or Lazada.
  • Scam calls pretending to be from a bank officer, government agency (eg. LHDN, JPN), or delivery company (eg. Pos Laju).
  • Fake SMS notifications, usually pretending to be from your bank.
  • Fake websites from the real ones (eg. banks) to trick you to disclose your login credentials.
  • Hacked social media accounts that send malicious links to you.

Usually, these tactics use a similar social engineering approach – to take advantage of one’s trust and/or create a sense of urgency (eg. refund, account locked, limited-time promo) so people would fall for the scam when they are least rational/cautious.

Phishing scam malaysia

#2 Data-theft

Data theft is where your important information (eg. credit card number & CVV, phone number, ID) is leaked without your consent.

This could be due to the failure of an organization/company/bank to keep your data private. Else, it could also be a lack of proper security infrastructure to safeguard customers’ information.

As a result, scammers can use this data to conduct illegal and unauthorized transactions without your consent.

Can money be stolen from your bank account without SMS OTP/TAC?

If yes, how?

I’m sure you’ve come across news where a victim’s money is stolen from their bank account even without One-Time Password (OTP).

Money stolen without OTPHow is this possible?

From a security standpoint, an OTP is part of 2-Factor Authentication (2FA). 2FA is an additional security layer on top of our usual username and password where we have to key in an OTP to approve a transaction.

So, technically speaking, OTP should reduce fraudulent transactions and make transactions safer.

However, as you can see by now, OTP is not 100% secure – and it can be exploited.

Here are some ways scammers can exploit OTP against you:

  • Installing malware/spyware that can read your SMS (where you get your OTP) when you install apps from unknown sources (apps that are not from Apple App Store/Google Playstore)
  • Through phishing, scammers can trick victims to disclose their SMS OTP by creating trust or a sense of urgency.
  • Impersonating you and requesting for bank to change the phone number linked to your bank account.

Scam prevention checklist – 12 ways to protect yourself from financial scams!

I hope it is clear now that we have to take our online security seriously. Here’s a list of 12 ways we can do to protect ourselves online:

#1 Scam Calls: Stay cautious of calls from suspicious numbers.

Avoid disclosing ANY information and end the call immediately. Install apps like Truecaller to filter for fake/scam caller IDs.

Install Truecaller to filter for scam/fake callers ID
Install Truecaller to filter for scam/fake callers’ ID

#2 Email Scams: Always check the email address whenever you receive emails from a supposedly official organization/company!

Official emails will never be sent through a personal Gmail or Hotmail.

Fake emails: 12 ways to protect ourselves online

#3 Phishing Links: Always double-check the links attached in an email/SMS before clicking on them.

If you are on your desktop, you can hover your cursor to the link/button and you’ll be shown a preview of what you will click on to.

Do not click on links from suspicious email addresses, WhatsApp & telegram messages, and social media accounts.


#4 Fake Apps: Avoid installing unverified apps/APK outside of Apple App Store and Google Playstore.

Some of the recent examples include fake apps to hire maids. Who knows what other tactics will be raging next?

Fake app scam - 12 ways to protect yourself from financial scams online

#5 Check for unknown apps & In-app permission.

Check if you have installed apps from unknown sources. Review the permission you give to the apps that you installed and remove unnecessary permissions. (eg. File access, SMS permission)

For Android users, you can access the permission setting section by going to Setting > Privacy > Permission Manager. Remember to especially check if you are giving SMS, microphone, camera, and file access to unnecessary apps (and remove them)!

Financial scam - How to protect yourself online
Remove unnecessary app permissions.

#6 Privacy: Reveal as little private information online.

Never disclose your bank/card details + CVV security number and personal IC/ID on social media. Choose the platforms where you do transactions/online shopping carefully.


#7 Use a credit card instead of a debit card for online transactions.

Credit cards have an overall better consumer protection policy than debit cards. Find out more in my article HERE.

What to do when your credit/debit card is compromised

#8 Use a better authentication method:

Replace the legacy SMS OTP/TAC authentication with a more secure in-app authentication (eg. Maybank’s Secure2u, Google Authenticator) wherever you have the option to do so.


#9 Password: Use strong passwords and never reuse the same password twice!

Use password managers like Dashlane and LastPass to organize your passwords securely and consider updating your passwords regularly.


#10 Don’t put all eggs in one basket.

Diversify your cash across different savings accounts and cash management platforms (eg. Versa Cash, StashAway Simple, KDI Save).

While this will not spare you from scams, it helps to reduce the damage should the worst-case scenario happens (ie. you fell for a scam).

StashAway Simple vs Versa vs KDI Save vs T&G Go+

#11 Use a VPN while going online:

VPN stands for ‘Virtual Private Network’ and it disguises your online activities and protects it from external access. 

There are free and paid VPN options such as Hotspot Shield, Proton VPN, Windscribe, and Nord VPN.


#12 Do not allow suspicious people to gain remote access to your computer (via Teamviewer or Anydesk).

This is a common refund scam that tricked victims into giving remote access to their computer to scam money out of the victim’s bank, or worse, hold them ransom.

You can check out how scary it is by checking out the Youtube video below:

anydesk/teamviewer scam

Guide: What to do if you fell for a scam

Falling for a scam is devastating.

It may seem like there is nothing much that you can do – BUT there are actually things you can do to potentially recover from the scam.

Check out my guide below for more info!

4 things to do immediately if your money are stolen from the bank!
Click on photo to access article

Verdict: Do not take your online safety for granted

With scamming tactics getting more deceiving and advanced these days, it is more crucial than ever for us to protect ourselves with proper online safety routines and tools.

While the list above is not 100% foolproof, I am sure a combination of them will make your online presence more secure.

Oh ya, consider helping your less tech-savvy parents/friends out with the guide above! I am sure they’ll appreciate the gesture.

If you find this post useful, consider subscribing to my FREE weekly personal finance & investing newsletter!


This guide is produced with my own best effort and research. Online scams are evolving constantly and the list in this guide is not an exhaustive list of scamming tactics and preventative approaches.

Always refer to the official guideline from your bank and official Bank Negara Malaysia (or your respective central banks for my fellow foreign readers) for the latest info.