How to How to Avoid Getting Scammed as an eWallet User | eWhallet

How to Avoid Getting Scammed as an eWallet User

Shen Lee

Since March earlier this year, life has gone online for the majority of us. Be it work or play, everything has shifted. The same goes for payments too. Even in-store, cashless payments are insisted on (and for good reason!). 

But as payments move online, so do scammers. 

With more susceptible groups such as the less tech-savvy, the elderly and the underaged having to adjust to making more payments online, it opens up more opportunities for eWallet and online banking scams with it too.

Malaysians are some of the most gullible to Internet scams.

A previous survey by Telenor group found that among Singapore, Malaysia, India and Thailand, Malaysia was the country most vulnerable to Internet scams.

Why is this so? One can only imagine. But we do know that 46% of Malaysian respondents had been victim to an Internet scam of one form or another. The survey also managed to pinpoint the top three most prominent Internet scams in Malaysia.

  1. Facebook password hacking

  2. Internet auction scams

  3. Work from home frauds

What are some recent eWallet scams in Malaysia?

  • “Friends” requesting for your phone number and eWallet activation code.

During the first MCO in May earlier this year, a Malaysian man named Muhammad Syahir took to Facebook to share how he was scammed of RM896 from a scammer using Grabpay.

A scammer created an Instagram account using his friend’s name under the guise of it being a new account. From there, he messaged Syahir asking for his phone number.

Not suspecting a thing, Syahir shared his phone number and was subsequently told that he would receive a Grab Activation Code (GAC) as part of Grab’s 8th-year special campaign. 

He received the GAC text and sent it to his ‘friend” on Instagram. The next thing you know, RM425 was debited into his GrabPay account and paid to a UNIPIN (M) SDN BHD. Syahir was victim to this twice before realising something was amiss.

Unfortunately, this was possible because after you save your debit/credit cards in your GrabPay eWallet, Grab only requires the GAC code that is texted to your phone number to carry out transactions.

  • “Get paid” to help strangers register eWallet accounts.

Another case in Kelantan earlier this March 2020 saw scammers promising “easy money” of a few hundred ringgit. Victims provided their name and NRIC number to help the scammers register eWallet accounts. 

The scammer would then register an account using the victim’s name and NRIC, but the scammer’s own phone number and address. This allowed them to gain access to the victim’s bank account.

These days, most eWallets require users to take an on-the-spot selfie during the registration process on top of the other info. This is one step that helps to mitigate such eWallet scams.

Here’s what to avoid so that you don’t get scammed as an eWallet user.

  • Don’t use public WiFi networks

  • Beware of phishing attempts

  • Don’t download eWallets from texts or emails

  • Be wary of what information you put out

  • Never give out authorisation codes sent to your phone

1. Don’t use public WiFi networks

As more Malaysians have made the switch to working from home (or from a public cafe etc.), free WiFi becomes another path for scammers. According to TNG eWallet’s handy new series “Cashless Confidential”, eWallet users can protect themselves by:

  • Make sure you’re using SSL VPN Security

  • Turn off sharing on your phone (Airdrop if you’re an Apple user or NFC mode if you’re an Android user)

  • Refrain from logging into personal accounts such as your social medias and bank account when using public WiFi

2. Beware of phishing attempts

You can think of phishing as scammers trying to “phish” for victims through emails, messages, texts, calls etc. Essentially, they’re trying to obtain sensitive information from you such as your card details, social media login details etc. These details can then be used to gain access to your bank account, social media accounts and the like.

These phishing attempts will typically try to assume the identity of a trustworthy source such as your bank, company, EPF, various service providers, or as in the case above - even a friend.

3. Don’t download eWallets or click links from texts or emails

In line with phishing attempts mentioned above, scammers who impersonate these sources may send you an email or text with a seemingly harmless link. 

Clicking on this link may direct you to a spoof website where you will “login” to your account as usual, unbeknownst that it’s not the official website at all. This enables the scammers to install malware on your computer or steal your personal data. 

To put this into context, this may be an email from an eWallet you’re currently using asking you to “change your password” or “join a competition”. 

Luckily, you can be more wary of these attempts by looking out for misspelled domain names, extra subdomains, bad grammar and inconsistent graphics etc. 

4. Be wary of what information you put out.

Most eWallets have levels of security that prevents scammers from gaining access to your account, even if they have certain personal info such as your NRIC and contact number (which can easily be found anyways).

The trouble begins when you provide an unhealthy amount of info online, which gives scammers more room to create tactics directed personally at you. 

5. Never give out authorisation codes sent to your phone.

Be it One Time Passwords (OTP), Transaction Authorised Codes (TAC), or other authorisation codes like Grab Authentication Code (GAC), never give them out to a third party, especially if you weren’t even expecting a code in the first place.

Remember that all it takes is a few-digit code for your entire life savings to get debited away.

How can I further safeguard my eWallet accounts?

As a preventive measure, there are other ways you can layer on the security - just in case.

  • Always enable your phone screen lock. In case you lose your phone, you will have time to log your accounts out of that phone from another device.

  • Enable two-factor authentication on all your sensitive accounts (email, social media etc.) 

  • Add an app lock on sensitive apps such as your notes, Whatsapp, bank and eWallet apps.

To what extent are eWallets regulated in Malaysia?

EWallet security is a big concern for most Malaysians. In Nielsen’s report last year on Malaysia’s shifting payment landscape, 50% of Malaysians were concerned about security and fraud related to digital money. 

But don’t worry, eWallets are well regulated! We’ve put together a handy guide on eWallets laws and regulations in Malaysia for you to check out, which also includes how eWallet companies can apply for licensure, what isn’t covered by our existing eWallet laws and regulations, and whether or not money in your eWallet is protected by PIDM.

What to do if you suspect you’ve been a victim of an eWallet scam?

Depending on the type of scam you think you’ve fallen victim to, you may want to first log off the WiFi you’ve been using, use another device to log off your accounts in all other devices, and call your bank provider to temporarily disable your bank account or credit/debit card.

Following that, don’t forget to report your case to your eWallet provider ASAP. 

TNG’s Money-back Guarantee promises full compensation within 5 days if your TNG eWallet is charged with any unauthorised transactions, as long your claim is submitted within 60 days. 


The more you know about how eWallets work, the more you can do to protect yourself and make the most value out of your eWallet usage. Click here to browse all our articles on eWallets in Malaysia!