Several banks, including CIMB and Bank Rakyat, have also issued reminders to the public that banks will not send links via SMS.
KUALA LUMPUR – Many have heard of phishing by now, an online method of fraud often used by criminals to fish for your data and steal personal information.
But have you ever heard of smishing?
Smishing, or SMS phishing, is exactly that. Phishing via SMS.
Phishing is typically carried out through emails or fake links sent to popular messaging apps like WhatsApp or Telegram. Victims receive links to fake websites that they click on which then request their personal information.
However, more have become aware of such scams and adopt vigilance around these platforms.
As a result, criminals have shifted their tactics to use more trusted platforms, such as SMS.
POSING AS TELCOS & BANKS
The links sent in smishing attempts are usually designed to obtain identity verification from victims.

Clicking on these links makes users more vulnerable to theft of personal information such as bank account numbers, credit card details and passwords.
In 2024, smishing attempts revolved more around luring users by impersonating as telecommunications companies (telcos).
They would send SMS to users of links to suspicious websites offering cheap electronic goods.
In March last year, it was reported that the Bukit Aman Commercial Crime Investigation Department Director Datuk Seri Ramli Mohamed Yoosuf said that victims tend to get drawn in by the low prices. They would then proceed to make payments via a payment gateway.
“Victims who fail to double check the payment total before proceeding will lose their money immediately. They won’t receive the ordered items either,” he said.
These scammers have recently switched from posing as telcos to using the names of banking institutions to lure victims.
A recent example is of users receiving SMSes purportedly from CIMB Bank, urging customers to redeem reward points before they expire. The SMS read as follows:
“CIMB Bank reminds you that your 5,340 reward points are expiring today. Please visit the customer center to redeem a variety of exclusive gifts. To redeem now, please visit: https://cimbpoints.xxxx/xxxx.”
However, a check by MyCheck Malaysia with CIMB confirmed that the SMS was not from the bank. Further investigations revealed it was a smishing attempt.
OLD METHOD, NEW NAME
According to the President of the Malaysian Cyber Consumer Association Siraj Jalil, smishing is a type of fraud that has been around for several years now
“Smishing aims to commit fraud by disguising communication as being from a legitimate entity.
“It’s nothing new. We used to say ‘SMS phishing’ and now we say ‘smishing’. The method remains the same, albeit more advanced,” he said.
Siraj said SMS-based scams tend to lure victims more easily compared to emails, voice calls, or video calls.
This was because it allowed cybercriminals to exploit users’ force of habit.
“For example, if there’s a phone call, we’ll answer it. But if we’re aware of scams, we’ll be cautious. More experienced individuals might even screen the call.
“However, it’s different with SMS. The automatic response towards receiving an SMS is to open and click on it, including the links inside-that’s what makes smishing the preferred method of today’s scammers,” he said.
They would then play on the emotions of victims. This includes sending SMS messages notifying victims of prize wins to create excitement, or messages requesting bank account updates or investigations into misconduct to induce worry or fear.
“Scammers tend to capitalise on recent or current events. For example, when the government announces a certain aid, smishing messages will start flooding in, claiming to be from the government, complete with links for recipients to claim the aid.
“The easiest to prey on are the greedy. When scammers send SMSes claiming the user has won a cash prize, greedy individuals tend to fall for it,” he said.
MANY AT RISK OF BEING SCAMMED
Siraj said SMS-based scams are more dangerous than many realise because of the sheer number of people using smartphones in Malaysia.
The 2023 Survey on ICT Use and Access by Individuals and Households conducted by the Department of Statistics Malaysia revealed that 99.3 per cent of Malaysian households have access to mobile phones, with 97.6 per cent being smartphone users.
These figures indirectly show how many people in Malaysia are exposed to the risk of smishing.
Aware of the growing prevalence of smishing, the Malaysian Communications and Multimedia Commission (MCMC) issued a directive on April 1, 2023 to all telcos to prohibit any content containing links via SMS.
The directive, enforced in stages, was issued to prevent users from falling victim to scams.
On Sept 2, 2024, MCMC fully enforced the ban on sending such links, along with other prohibitions such as requests for personal information and contact phone numbers.
Several banks, including CIMB and Bank Rakyat, have also issued reminders to the public that banks will not send links via SMS.
Those who still receive SMS messages with prohibited content can lodge complaints with MCMC through official channels.
PREVENTING SMISHING
Even with the enforcement of such bans, the public remains at high risk of falling victim to smishing scams.
Siraj said while the government’s efforts are commendable, criminals remained emboldened by their anonymity.
“When one method fails, cybercriminals will try another. Scamming has become like a career to them, so they’re unlikely to stoop,” he said.
He said the public must remain vigilant about cybersecurity and cannot rely solely on action by authorities.
“Empowering ourselves with cybersecurity knowledge helps us avoid scams like these,” he said. – BERNAMA
Download Sinar Daily application.Click Here!

source