CIMBClicks DDoS Attack Email Phishing Scam
I only received this phishing email minutes ago. And I’m publishing this right now because I was almost fooled into believing this email was completely legit from CIMB Bank. It sounded so legit because we are prone to DDoS attacks and accounts who don’t answer will be suspended. Plus, we all know how cumbersome it is to visit the bank to un-suspend our account if it happened.
Here’s what was written in the email (all links have been removed):
Dear CIMB Bank customer,
We are hereby notifying you that we’ve recently suffered a DDos-Attack on one of our’s Internet Banking server. For security reasons you must complete the next steps to verify the integrity of your CIMBClicks account. If you fail to complete the verification in the next 24 hours your account will be suspended.
Here’s how to get started:
- Log in to CIMBClicks online account (click here).
- You must request for TAC online via CIMBClicks – your TAC will be sent via SMS to the mobile phone number you registered at the ATM. ( you can find the “request TAC” button in the left menu of your account )
- Logout from your account and close the browser.
- When you have received the TAC (Transaction Authorization Code) on your mobile phone, Log in to our secured verification server and submit the requested information(Account user ID, password and TAC).CLICK HERE to go on our secured server.
- Please allow 48 hours for processing.
Please comply and thanks for understanding.
© 2008 CIMB Bank
Note: Please do not reply to this email.
This mailbox is not monitored and you will not receive a response.
Indeed some look at it as a laughing matter. But I’m not laughing because I was nearly fooled by this. Normally, I’d know a phishing email when I see one but this I found really legit for some reason. My observation tells me it’s because the first link provided was the bank’s website. However, I was still skeptical and finally, got my answer from the second link – it was a phishing website.
So, if you’re reading this please alert your friends especially those who use or have CIMB accounts. I’ve already complained to CIMB and requested for them to immediately alert their customers but I bet us (bloggers) will be able to do it more efficiently than them.
Thus, please do inform your friends. Thanks.
Have something to say? Leave a comment