The internet can be a dangerous place when there are no physical contacts and it could be hard to trace scandalous sources.
Even when you put in extra caution in handling your online transaction, cybercriminals can go great length to imitate legitimate bank or government’s websites and emails to fool you into providing them your banking details.
This is what happened to Michelle Lee Shi Ni after she lost almost all her savings after following an “LHDN Tax Refund” procedure.
The Inland Revenue Board (LHDN) is the governmental body that levies our taxes and it has a long history of third party scams to trick Malaysians into ‘claiming’ back their tax refund dating all the way back to 2010.
She clicked on the ‘Proceed’ link and it brought her to a page with logos of all the banks together with an instruction to select her bank. She clicked on CIMB and it directed her to CIMB Clicks login page.
She continued to key in her username and password followed by Transaction Authorisation Code (TAC).
“A few minutes later, I received sms from CIMB saying that almost ALL my money in the bank account was transferred out to a person whom I DONT EVEN KNOW!”
Devasted by the news, she quickly called CIMB customer service and found out that her credit transfer limit was increased, then transferred out.
She recalled that she did not select any of the options while she was on the site but merely seeing the login page.
CIMB blocked her account soon after and advised her to lodge a police report.
“…the inspector told me that there is no way that I can get the money back. I can only hope that they can find the culprit and lock him up in jail.
Even though I have always read about internet scams, but I have never thought that I would one day fall victim to it. So be careful everybody, as it can happen to anybody.”
What a costly lesson but her experience has wakened this issue all over again. Her Facebook post has since went viral with over 8,000 shares and 1,300 comments.
Over in my family Whatsapp groups, I have been bombarded by this news as well. At least, it is news worth sharing this time (you know how family Whatsapp groups normally are).
Here is a voice recording spoken in Mandarin I received that summarize the incident.
Source: Unknown from Whatsapp
LHDN alert Malaysians in a statement and confirm the wide-spreading scam
Promptly issued on November 6, LHDN reassured that they do not send e-mails asking for taxpayers’ banking details because they already have the details when taxpayers make the tax declaration on Income Tax Return Form yearly.
Should taxpayers receive a refund from LHDN, LHDN will transfer the sum directly via Electronic Fund Transfer (EFT), tax refund voucher, crossed cheque, or telegraphic transfer (for taxpayers in overseas) with the information they had prior.
The cybercriminals use the name of CEO, board members, and the official logos in their emails but taxpayers should pay a keen eye on the domain of the emails. LHDN only uses “@hasil.gov.my” email domain.
Aside from tax refund, the cybercriminals also have cases of tax deficiency where the fake emails would request taxpayers to make payment promptly.
LHDN state that they do send reminder letters to taxpayers who have taxes deficiency needed to be cleared but the recipients must ensure the letters were genuinely from LHDN.
To check the genuineness of the letters, taxpayers can easily do so by calling Hasil Careline at 1-800-88-5436 or Hasil Recovery Call Centre at 1-800-88-4726 or LHDN branch number stated in the letter.
“If the letter received gives instructions to make income tax payment to the nominee other than the Director General of Inland Revenue or the Inland Revenue Board of Malaysia, the receiver should disregard the instructions in the letter and lodge a complaint to LHDN,” said in the statement.
Below are a few more past cases of LHDN online scam:
Bank Negara-LHDN fake email scam in October 2016
Inland Revenue Board (IRBM) fake email scam in May 2016
Source: LHDN Facebook
Fake LDHN Website
IRBM-Maybank fake email scam in August 2010
Fake CIMB Clicks website
The websites look very convincing if you ask me. Anybody can fall victim to this. Be wary and share this out, guys!