Touch 'n Go eWallet Fraud: How Malaysians Are Losing Money to Scammers
Learn about the most common Touch 'n Go eWallet scams in Malaysia, including fake top-up schemes, phishing links on WhatsApp, and social engineering tactics. Protect banii tai today.
Touch 'n Go eWallet Fraud: How Malaysians Are Losing Money to Scammers
Touch 'n Go eWallet has become the heartbeat of daily transactions in Malaysia. From paying for nasi lemak at the mamak stall to splitting bills with friends, over 20 million Malaysians rely on TNG eWallet every day. But as adoption grows, so does the creativity of scammers targeting the platform.
Bank Negara Malaysia reported a 67% increase in financial fraud cases involving e-wallets in 2025, with Touch 'n Go eWallet being the most frequently impersonated brand. Here is how scammers operate and how you can protejeaza-te.
The Fake Top-Up Scam
This is the most widespread TNG eWallet scam in Malaysia. It works like this: you see an advertisement on Facebook, Instagram, or Telegram offering discounted top-ups. "Reload RM100, get RM150 in your eWallet!" The offer seems too good to pass up.
You contact the seller, who asks you to transfer money via bank transfer or another eWallet. They promise to top up your TNG eWallet instantly. Of course, after you pay, the seller vanishes. Your WhatsApp messages go unanswered, and the social media account disappears.
Why People Fall for It
The scam works because TNG eWallet does offer legitimate promotions and cashback. Scammers exploit that expectation. They use stolen logos, fake testimonials, and even create WhatsApp Business accounts that look official.
Cum sa eviti
- Only top up through official channels: the TNG eWallet app, authorised reload agents, or your linked cont bancar.
- No legitimate promotion requires you to transfer money to a personal account.
- Report suspicious ads on the platform where you see them.
WhatsApp Phishing Links
Malaysia's most popular messaging app has become the primary delivery system for TNG eWallet atac de phishings. You receive a WhatsApp message — sometimes from an unknown number, sometimes from a compromised contact — containing a link.
Common messages include:
| Message Type | Example |
|---|---|
| Prize notification | "Tahniah! You won RM500 TNG credit. Claim here:" |
| Account suspension | "Your TNG eWallet will be suspended. Verify now:" |
| Cashback offer | "Special CNY cashback RM88. Tap to claim:" |
| Security alert | "Unauthorized login detected. Secure contul tau:" |
The link leads to a website that looks exactly like the TNG eWallet login page. You enter telefonul tau number and PIN, and the scammer now has your credentials. Within minutes, they drain your balance or link your eWallet to their device.
Semnale de alarma
- The URL is not
tngdigital.com.my— look for misspellings liketng-digital.comortouchngo-wallet.my. - The message creates urgency ("Act within 24 hours or contul tau will be locked").
- You are asked to enter your PIN or password outside the official app.
- The message arrives from an unsaved number or a contact who would not normally send you such links.
Social Engineering via Phone Calls
A newer and more sophisticated attack involves scammers calling you directly, posing as TNG eWallet customer service. They might say:
- "We detected a suspicious transaction on contul tau."
- "Your eWallet has been flagged for money laundering."
- "You need to verify identitatea ta to keep contul tau active."
The caller sounds professional, may know your name, and might even reference a recent transaction. They ask you to share your TAC (Transaction Authorization Code) or guide you through steps that ultimately give them access to contul tau.
This is a form of social engineering. Real TNG eWallet staff will never call you to ask for your PIN, TAC, or password. Daca primesti such a call, hang up immediately and report it through the app.
The Fake Merchant QR Scam
At pasar malams and small stalls, scammers place their own QR code stickers over legitimate merchant QR codes. You scan what you think is the restaurant's payment code, but the money goes to the scammer's account. The merchant does not realize the swap until end-of-day reconciliation.
Cum sa identifici
- Look for QR codes that appear to be stickers placed on top of other stickers.
- Verify the merchant name that appears on your screen before confirming payment.
- If the display name does not match the business, do not proceed.
Protecting Your TNG eWallet Account
Here is a comprehensive checklist:
| Action | Why It Matters |
|---|---|
| Enable biometric login | Adds a layer beyond your PIN |
| Set transaction limits | Caps potential losses |
| Nu partaja niciodata TAC | This is your one-time password — treat it like cash |
| Check linked devices regularly | Remove any device you do not recognize |
| Enable transaction notifications | Spot unauthorized activity immediately |
| Use a strong, unique PIN | Avoid birthdays or repeated digits |
Ce sa faci daca ai fost inselat
Time is critical. Take these steps immediately:
- Open the TNG eWallet app and change your PIN.
- Call the TNG eWallet hotline at 03-5022 3888.
- File a report at the nearest police station — you will need the report number for further action.
- Report to Bank Negara's BNMTELELINK at 1-300-88-5465.
- Lodge a complaint with the Malaysian Communications and Multimedia Commission (MCMC) at aduan.skmm.gov.my.
Partajarea securizata a informatiilor sensibile
One reason phishing works so well is that people are accustomed to sharing links, account details, and transaction references over WhatsApp without any protection. If you need to share sensitive informatii financiare — like account numbers, transaction references, or verification codes — sending them in plain text over chat is risky.
Tools like LOCK.PUB let you wrap informatii sensibile behind a password. Instead of pasting your bank details directly into a WhatsApp message, you create a protejat cu parola link that expires after being viewed. The recipient needs the password you share separately — ideally via a different channel like a phone call.
This approach significantly reduces the risk of informatii sensibile being exposed if your WhatsApp account is compromised or if messages are forwarded accidentally.
Imaginea de ansamblu
E-wallet fraud in Malaysia is not just a TNG problem — it reflects a broader challenge as the country accelerates toward a cashless economy. The government's push for digital payments under the MyDIGITAL initiative means more Malaysians are transacting digitally than ever before, and not everyone has had time to develop strong digital security habits.
Stay sceptical of unsolicited messages. Verify before you click. And remember: if an offer sounds prea bun ca sa fie adevarat, it almost certainly is.
Ramai in siguranta online. Protect your links, memos, and sensitive data with protectia cu parola at LOCK.PUB.
Keywords
You might also like
Diia App Phishing in Ukraine: Cum escrocii Exploit Digital Government Services
Learn how atac de phishings target Diia (Дія) app users in Ukraine, from fake government notifications to digital document theft. Complete protection guide for Ukrainian digital ID users.
Monobank & PrivatBank Phishing: Cum escrocii Steal Ukrainian Banking Credentials
A complete guide to Monobank and PrivatBank inselaciune de tip phishings in Ukraine, from fake SMS messages to Privat24 credential theft and card cloning. Learn how to protect contul taus.
OLX Ukraine Scams: Fake Nova Poshta Deliveries and Payment Fraud
How scammers exploit OLX Ukraine with fake Nova Poshta delivery notifications, off-platform payment tricks, and phishing links. Complete safety guide for Ukrainian buyers and sellers.
Create your password-protected link now
Create password-protected links, secret memos, and encrypted chats for free.
Get Started Free