GOTCHA!!!!

I got an email a few days ago from CIMBclicks telling that I got a new message. I clicked at the cimbclicks url and entered my username and passwords to check the message. When I clicked the login button, the same page appeared. At first, I thought I entered the wrong password, so I tried to login again. Still, nothing happened. Then, when I looked at the url of the page, it says "http://thecyberbully.ron8.org/poll/image/index.htm".

SHIT!!! I was tricked. The email was fake. But at that time, they already got my username and password. Thank god I realise that I was tricked straightaway. I quickly logon to my CIMBclicks account (the real one) and it says I got no new message (as expected). It also says that the bank will never contact their customers through email.

Luckily, my money is still there too, untouched. But, in order for them to steal/transfer my money, they also need a TAC code, which means they have to have my mobile phone because the TAC code will be sent to the account holder mobile phone. Quickly, I reset my old password and set a new one. DONE!. Fuhhh....

I used to get several fake emails like that when I use my HSBC account. Usually, I am really careful when it comes to internet banking and I'm aware of this kind of trick. I think I fall into the trap because I'm still new with CIMBclicks, I thought they will send such email and the email was sent to my new email (email given by my employer).

I'm so grateful that CIMBclicks require a TAC code everytime we want to make a transaction. So, knowing password alone won't give any good. Before this, I felt that TAC code is not needed (menyusahkan je) because I'm confident that I can take care of my password. But now, I think TAC code is extremely important, as important as the password.

So, next time, if you got an email from a bank telling bla bla bla, make sure you check the url of the page first before you key in your username and password.