SIM Swap Fraud Targeting Celcom, Maxis & Digi Customers in Malaysia
Malaysian telco customers are increasingly targeted by SIM swap attacks. Learn how criminals hijack your Celcom, Maxis, or Digi number to access your cont bancars and e-wallets.
SIM Swap Fraud Targeting Celcom, Maxis & Digi Customers in Malaysia
Imagine waking up to find telefonul tau has no signal. You restart it, check the SIM — everything looks normal, but there is no network. A few hours later, you discover your cont bancar has been emptied, your e-wallet drained, and e-mailul tau password changed. Welcome to SIM swap fraud.
SIM swap attacks have surged across Malaysia, affecting customers of all major telcos — Celcom, Maxis, Digi, and U Mobile. The Malaysian Communications and Multimedia Commission (MCMC) has acknowledged the growing threat, and banks have begun issuing warnings to customers about this specific type of fraud.
How SIM Swap Fraud Works
A SIM swap attack does not require any technical hacking. It exploits the process telcos use to replace lost or damaged SIM cards. Here is the step-by-step:
Step 1: Gathering Your Information
The attacker collects your personal details through:
- Data breaches — leaked databases containing IC numbers, phone numbers, and addresses
- Social media — your birthday, workplace, phone number shared publicly
- Phishing — fake emails or SMS designed to extract informatii personale
- Social engineering — calling you while posing as a bank or government officer
Step 2: Visiting the Telco Outlet
Armed with your IC number and personal details, the attacker visits a telco outlet (or authorised dealer) and requests a SIM replacement. They may:
- Use a fake IC with your number but their photo
- Bribe or manipulate a telco employee
- Use the online SIM replacement process with stolen credentials
- Present a fraudulent police report claiming the SIM was stolen
Step 3: Activating the New SIM
Once the new SIM is activated, your original SIM is deactivated. Your phone loses signal. The attacker now receives all calls and SMS intended for you — including:
- Banking TAC (Transaction Authorization Code) messages
- OTP (One-Time Password) codes for e-wallets
- Password reset codes for email and social media
- Two-factor authentication codes
Step 4: Draining Contul Taus
With access to telefonul tau number, the attacker:
- Resets your online banking password using SMS verification
- Logs into your Maybank2u, CIMB Clicks, or other banking portal
- Initiates transfers to mule accounts
- Empties your Touch 'n Go eWallet, GrabPay, and other linked wallets
- Changes passwords on e-mailul tau and social media to lock you out
The entire process — from SIM activation to account drainage — can happen in under 30 minutes.
Why Malaysia Is Particularly Vulnerable
Several factors make Malaysian telco customers especially susceptible:
| Factor | Explanation |
|---|---|
| IC-centric system | Almost everything ties back to your 12-digit IC number |
| Widespread scurgere de datees | Multiple large-scale leaks of Malaysian personal data |
| SMS-based TAC | Many banks still default to SMS for transaction verification |
| Dealer network | Thousands of authorised dealers with varying security standards |
| Mandatory SIM registration | Linking real identity to SIM makes the number more valuable |
Semne de avertizare ale unui atac SIM swap
| Sign | What It Means |
|---|---|
| Sudden loss of mobile signal | Your SIM has been deactivated |
| Unable to make or receive calls | The new SIM is active on your number |
| Unexpected password reset emails | Attacker is taking over contul taus |
| Bank transaction notifications you did not initiate | Money is being moved |
| Friends receive strange messages from your number | Attacker is using your number |
Critical: If you lose signal unexpectedly and it does not return within a few minutes, do not wait. Act immediately.
Immediate Response Plan
Daca suspectezi a SIM swap:
- Contact your telco immediately from another phone:
- Celcom: 1111
- Maxis: 123
- Digi: 016-221 1800
- U Mobile: 018-388 1318
- Request immediate suspension of your number.
- Call your bank's fraud hotline:
- National Scam Response Center (NSRC): 997
- Maybank: 03-5891 4744
- CIMB: 03-6204 7788
- Public Bank: 03-2170 8000
- Change passwords for email, banking, and e-wallets from a secure device using WiFi (not mobile data).
- Lodge a police report at the nearest station.
- Report to MCMC at aduan.skmm.gov.my.
Cum sa te protejezi
Switch Away from SMS-Based Authentication
This is the single most important step. Replace SMS TAC with app-based authentication wherever possible:
| Bank | App-Based Option |
|---|---|
| Maybank | Secure2u |
| CIMB | SecureTAC |
| Public Bank | PB SecureSign |
| RHB | RHB Mobile Banking |
| Hong Leong | HLB Connect SecureSign |
For e-wallets, enable biometric authentication (fingerprint or face ID) instead of relying on SMS OTP.
Strengthen Your Telco Account
- Set a SIM replacement PIN with your telco if available. This adds an extra verification step before any SIM changes.
- Enable account alerts — some telcos notify you of account changes via email.
- Use the telco app to monitor contul tau status.
- Ask your telco about port-out protection — this prevents your number from being transferred to another carrier without additional verification.
Reduce Your Exposure
- Limit the informatii personale you share on social media.
- Use unique passwords for every account — a manager de parole helps.
- Enable autentificarea in doi pasi using an aplicatie de autentificare (Google Authenticator, Microsoft Authenticator) instead of SMS wherever possible.
- Regularly check your CCRIS report for unauthorized credit applications.
Share Sensitive Data Carefully
When you need to share telefonul tau number, IC details, or account information with others, avoid putting them in plain text messages. Use LOCK.PUB to create protejat cu parola links that expire after a set period. This prevents informatii sensibile from sitting permanently in chat histories where it could be extracted if an account is compromised.
The Telco Industry Response
Malaysian telcos have introduced several measures to combat SIM swap fraud:
- Biometric verification at outlets for SIM replacement
- Cooling-off periods — some telcos now delay SIM activation to give the legitimate owner time to respond
- SMS notifications to the existing number before a SIM swap is processed
- Stricter dealer audits to reduce insider fraud
Cu toate acestea, implementation varies, and the dealer network remains a weak point. Authorised dealers may not always follow the same security protocols as official telco outlets.
The Future of SIM Security
MCMC is working on tighter regulations for SIM replacement processes, including:
- Mandatory biometric verification for all SIM changes
- Real-time notification systems
- Centralised reporting for SIM fraud
- Penalties for telco employees involved in fraudulent SIM swaps
Until these measures are fully implemented, your best protection is proactive: switch to app-based authentication, monitor contul taus, and act fast at the first sign of trouble.
Protect your digital identity. Share informatii sensibile through encrypted, expiring links at LOCK.PUB.
Keywords
You might also like
SIM Swap Attacks Targeting Kyivstar, Vodafone UA, and lifecell Customers
How SIM swap fraud works in Ukraine, targeting customers of Kyivstar, Vodafone Ukraine, and lifecell. Learn how criminals hijack telefonul tau number to access banking and Diia accounts.
Bangladesh Freelancer Payment Security: Protecting Your Earnings on Upwork, Fiverr, and bKash
A guide for Bangladeshi freelancers on securing payments from Upwork, Fiverr, and other platforms. Learn to protect bKash withdrawals, avoid payment scams, and safeguard your income.
Online Banking Security in Bangladesh: Protecting Your DBBL, City Bank, and BRAC Cont Bancars
Learn how to protect your online banking accounts from phishing, app fraud, and credential theft targeting Dutch-Bangla Bank, City Bank, BRAC Bank, and other Bangladeshi banks.
Create your password-protected link now
Create password-protected links, secret memos, and encrypted chats for free.
Get Started Free