SIM Swap Fraud Targeting Celcom, Maxis & Digi Customers in Malaysia
Malaysian telco customers are increasingly targeted by SIM swap attacks. Learn how criminals hijack your Celcom, Maxis, or Digi number to access your bank accounts and e-wallets.
SIM Swap Fraud Targeting Celcom, Maxis & Digi Customers in Malaysia
Imagine waking up to find your phone has no signal. You restart it, check the SIM — everything looks normal, but there is no network. A few hours later, you discover your bank account has been emptied, your e-wallet drained, and your email password changed. Welcome to SIM swap fraud.
SIM swap attacks have surged across Malaysia, affecting customers of all major telcos — Celcom, Maxis, Digi, and U Mobile. The Malaysian Communications and Multimedia Commission (MCMC) has acknowledged the growing threat, and banks have begun issuing warnings to customers about this specific type of fraud.
How SIM Swap Fraud Works
A SIM swap attack does not require any technical hacking. It exploits the process telcos use to replace lost or damaged SIM cards. এখানে রয়েছে the step-by-step:
ধাপ ১: Gathering Your Information
The attacker collects your personal details through:
- Data breaches — leaked databases containing IC numbers, phone numbers, and addresses
- Social media — your birthday, workplace, phone number shared publicly
- ফিশিং — fake emails or SMS designed to extract personal information
- Social engineering — calling you while posing as a bank or government officer
ধাপ ২: Visiting the Telco Outlet
Armed with your IC number and personal details, the attacker visits a telco outlet (or authorised dealer) and requests a SIM replacement. They may:
- Use a fake IC with your number but their photo
- Bribe or manipulate a telco employee
- Use the online SIM replacement process with stolen credentials
- Present a fraudulent police report claiming the SIM was stolen
ধাপ ৩: Activating the New SIM
Once the new SIM is activated, your original SIM is deactivated. Your phone loses signal. The attacker now receives all calls and SMS intended for you — including:
- Banking TAC (Transaction Authorization Code) messages
- OTP (One-Time Password) codes for e-wallets
- Password reset codes for email and social media
- Two-factor অথেন্টিকেশন codes
ধাপ ৪: Draining Your Accounts
With access to your phone number, the attacker:
- Resets your online banking password using SMS ভেরিফিকেশন
- Logs into your Maybank2u, CIMB Clicks, or other banking portal
- Initiates transfers to mule accounts
- Empties your Touch 'n Go eWallet, GrabPay, and other linked wallets
- Changes passwords on your email and social media to lock you out
The entire process — from SIM activation to account drainage — can happen in under 30 minutes.
Why Malaysia Is Particularly Vulnerable
Several factors make Malaysian telco customers especially susceptible:
| Factor | Explanation |
|---|---|
| IC-centric system | Almost everything ties back to your 12-digit IC number |
| Widespread ডেটা লিকes | Multiple large-scale leaks of Malaysian personal data |
| SMS-based TAC | Many banks still default to SMS for transaction ভেরিফিকেশন |
| Dealer network | Thousands of authorised dealers with varying security standards |
| Mandatory SIM registration | Linking real identity to SIM makes the number more valuable |
সতর্কতামূলক লক্ষণ of a SIM Swap Attack
| Sign | What It Means |
|---|---|
| Sudden loss of mobile signal | Your SIM has been deactivated |
| Unable to make or receive calls | The new SIM is active on your number |
| Unexpected password reset emails | Attacker is taking over your accounts |
| Bank transaction notifications you did not initiate | Money is being moved |
| Friends receive strange messages from your number | Attacker is using your number |
Critical: If you lose signal unexpectedly and it does not return within a few minutes, do not wait. Act immediately.
Immediate Response Plan
If you suspect a SIM swap:
- Contact your telco immediately from another phone:
- Celcom: 1111
- Maxis: 123
- Digi: 016-221 1800
- U Mobile: 018-388 1318
- Request immediate suspension of your number.
- Call your bank's fraud hotline:
- National Scam Response Center (NSRC): 997
- Maybank: 03-5891 4744
- CIMB: 03-6204 7788
- Public Bank: 03-2170 8000
- Change passwords for email, banking, and e-wallets from a secure device using WiFi (not mobile data).
- Lodge a police report at the nearest station.
- Report to MCMC at aduan.skmm.gov.my.
কীভাবে সুরক্ষিত রাখবেন Yourself
Switch Away from SMS-Based অথেন্টিকেশন
This is the single most important step. Replace SMS TAC with app-based অথেন্টিকেশন wherever possible:
| Bank | App-Based Option |
|---|---|
| Maybank | Secure2u |
| CIMB | SecureTAC |
| Public Bank | PB SecureSign |
| RHB | RHB Mobile Banking |
| Hong Leong | HLB Connect SecureSign |
For e-wallets, enable biometric অথেন্টিকেশন (fingerprint or face ID) instead of relying on SMS OTP.
Strengthen Your Telco Account
- Set a SIM replacement PIN with your telco if available. This adds an extra ভেরিফিকেশন step before any SIM changes.
- Enable account alerts — some telcos notify you of account changes via email.
- Use the telco app to monitor your account status.
- Ask your telco about port-out সুরক্ষা — this prevents your number from being transferred to another carrier without additional ভেরিফিকেশন.
Reduce Your Exposure
- Limit the personal information you share on social media.
- Use unique passwords for every account — a password manager helps.
- Enable টু-ফ্যাক্টর অথেন্টিকেশন using an authenticator app (Google Authenticator, Microsoft Authenticator) instead of SMS wherever possible.
- Regularly check your CCRIS report for unauthorized credit applications.
Share Sensitive Data Carefully
When আপনাকে করতে হবে share your phone number, IC details, or account information with others, avoid putting them in plain text messages. Use LOCK.PUB to create পাসওয়ার্ড-সুরক্ষিত links that expire after a set period. This prevents sensitive information from sitting permanently in chat histories where it could be extracted if an account is compromised.
The Telco Industry Response
Malaysian telcos have introduced several measures to combat SIM swap fraud:
- Biometric ভেরিফিকেশন at outlets for SIM replacement
- Cooling-off periods — some telcos now delay SIM activation to give the legitimate owner time to respond
- SMS notifications to the existing number before a SIM swap is processed
- Stricter dealer audits to reduce insider fraud
তবে, implementation varies, and the dealer network remains a weak point. Authorised dealers may not always follow the same security protocols as official telco outlets.
The Future of SIM Security
MCMC is working on tighter regulations for SIM replacement processes, including:
- Mandatory biometric ভেরিফিকেশন for all SIM changes
- Real-time notification systems
- Centralised reporting for SIM fraud
- Penalties for telco employees involved in fraudulent SIM swaps
Until these measures are fully implemented, your best সুরক্ষা is proactive: switch to app-based অথেন্টিকেশন, monitor your accounts, and act fast at the first sign of trouble.
Protect your digital identity. Share sensitive information through এনক্রিপ্টেড, expiring links at LOCK.PUB.
Keywords
You might also like
SIM Swap Scam Targeting Globe, Smart & DITO Customers in the Philippines
Learn how SIM swap attacks target Globe, Smart, and DITO subscribers in the Philippines. Understand the risks, warning signs, and কীভাবে protect your accounts.
SIM Swap Fraud in Turkey: কীভাবে সুরক্ষিত রাখবেন Your Turkcell, Vodafone, and Turk Telekom Account
Learn how SIM swap attacks work in Turkey, how attackers drain bank accounts and e-wallets through stolen phone numbers, and কীভাবে set up carrier-specific সুরক্ষাs.
SIM Swap Fraud in Thailand: How Attackers Drain Your Bank Through AIS, TRUE, and DTAC
Understand how SIM swap fraud works in Thailand targeting AIS, TRUE, and DTAC customers. Learn the full attack chain from SIM swap to banking drain, plus carrier-specific সুরক্ষা steps.
Create your password-protected link now
Create password-protected links, secret memos, and encrypted chats for free.
Get Started Free