Over the weekend, three netizens have taken to Facebook to warn CIMB users of security hazards. According to them, they had debited thousands of Ringgit to PayPal accounts and lost all their hard earn money.
The bank online banking site, CIMB Click, user Qazreen Qazz (Facebook alias) said that he had lost about RM4,000 to RM5,000 on Saturday (Dec 15). He said it was all too late when he received an SMS stating that his money had been wired to a PayPal account.
Qazreen immediately called the bank as soon as he received the SMS notification. As he made the alert call, money continued to flow out of his saving accounts. All the bank could do was to inhibit his card access.
According to the SMS screenshot he shared, RM90.42 was transferred to a “ZODIACX” PayPal account on three occasions and RM452.09 was also wired to the suspicious account once. He stated that a total of RM4597.83 was stolen from his CIMB account on twenty transactions, stressing that he didn’t have a PayPal account nor made any online purchase recently.
Qazreen’s peculiar encounter wasn’t an isolated incident. Two other CIMB users had also lost a substantial amount of money in the same manner.
Amiratul Farhana Azizan said his savings account was left with about RM20 in 30 minutes and received seven SMSes in the period. He said he was forced to log out from the site when he was on it less than five minutes at 11pm Saturday. The money was transferred to a “JUANVIRA” PayPal account.
Similarly for Mohamad Nazri, he said he had lost a total of RM1500 under 20 minutes. Based on the SMS screenshot, Nazri’s money was wired to “ISAYATR” and “FRANSHE” PayPal accounts.
The three posts have been shared over 35,000 times at the time of writing. In an update, Qazreen said he had contacted PayPal and the online payment company had withheld the money, promising that there would “be a DEFINITE refund in full amount”.
However, CIMB in a press release wrote that their online banking site “remains secure and all customers’ transactions continued to be protected”.
“The bank would like to inform that it had, over the weekend, introduced a few additional measures to enhance the security of its CIMBClicks transactions.
“Apart from ensuring that the system is now able to accommodate passwords longer than eight characters and up to 20 characters, we have also added the reCaptcha security measure on CIMBClicks to ensure the user is not a bot,” said the statement signed off by its Head of Group Corporate Communication, Suria Zainal.
It urged that if users have any queries, they are reachable at +603-62047788.
But netizens are not accepting CIMB’s statement, claiming that the bank is in denial. On its Facebook post where the statement was published, netizens stated their accounts could be logged in using false passwords.
“How come you said is safe but i can log in using extra few (number) in my password?” commented one netizen, while another added, “I tested myself and its true that your portal is not secured. It only verifies eight characters of the password. Anything more (than) that is not verified. Please test it yourself before giving false statements like this.”
“Cimb bank.. My wife lost RM12,000 with transactions without TAC. Please investigate faster. We want (to) use that money. Report to polis has done (as well as) report your admin. What you are waiting for?”
“Untrue? I just tested my account just now using the wrong password. Then it does log me in. What the fxxk, CIMB!”
Wow, this is serious!