Touch 'n Go eWallet Fraud: How Malaysians Are Losing Money to Scammers
Alamin ang tungkol sa the most common Touch 'n Go eWallet scams in Malaysia, including fake top-up schemes, phishing links on WhatsApp, and social engineering tactics. Protect your money today.
Touch 'n Go eWallet Fraud: How Malaysians Are Losing Money to Scammers
Touch 'n Go eWallet has become the heartbeat of daily transactions in Malaysia. From paying for nasi lemak at the mamak stall to splitting bills with friends, over 20 million Malaysians rely on TNG eWallet every day. But as adoption grows, so does the creativity of scammers targeting the platform.
Bank Negara Malaysia reported a 67% increase in financial fraud cases involving e-wallets in 2025, with Touch 'n Go eWallet being the most frequently impersonated brand. Narito kung paano scammers operate and how maaari kang protect yourself.
Ang Fake Top-Up Scam
This is the most widespread TNG eWallet scam in Malaysia. It works like this: you see an advertisement on Facebook, Instagram, or Facebook Messenger offering discounted top-ups. "Reload RM100, get RM150 in your eWallet!" The offer seems too good to pass up.
You contact the seller, who asks you to transfer money via bank transfer or another eWallet. They promise to top up your TNG eWallet instantly. Of course, after you pay, the seller vanishes. Your Facebook Messenger messages go unanswered, and the social media account disappears.
Bakit People Fall for It
The scam works because TNG eWallet does offer legitimate promotions and cashback. Scammers exploit that expectation. They use stolen logos, fake testimonials, and even create Facebook Messenger Business accounts that look official.
Paano to Avoid It
- Only top up through official channels: the TNG eWallet app, authorised reload agents, or your linked bank account.
- No legitimate promotion requires you to transfer money to a personal account.
- Report suspicious ads on the platform where you see them.
WhatsApp Phishing Links
Malaysia's most popular messaging app has become the primary delivery system for TNG eWallet phishing attacks. You receive a Facebook Messenger message — sometimes from an unknown number, sometimes from a compromised contact — containing a link.
Common messages include:
| Message Type | Example |
|---|---|
| Prize notification | "Tahniah! You won RM500 TNG credit. Claim here:" |
| Account suspension | "Your TNG eWallet will be suspended. Verify now:" |
| Cashback offer | "Special CNY cashback RM88. Tap to claim:" |
| Security alert | "Unauthorized login detected. Secure your account:" |
The link leads to a website that looks exactly like the TNG eWallet login page. You enter your phone number and PIN, and the scammer now has your credentials. Within minutes, they drain your balance or link your eWallet to their device.
Red Flags to Watch For
- The URL is not
tngdigital.com.my— look for misspellings liketng-digital.comortouchngo-wallet.my. - The message creates urgency ("Act within 24 hours or your account will be locked").
- You are asked to enter your PIN or password outside the official app.
- The message arrives from an unsaved number or a contact who would not normally send you such links.
Social Engineering via Phone Calls
A newer and more sophisticated attack involves scammers calling you directly, posing as TNG eWallet customer service. They might say:
- "We detected a suspicious transaction on your account."
- "Your eWallet has been flagged for money laundering."
- "You need to verify your identity to keep your account active."
The caller sounds professional, may know your name, and might even reference a recent transaction. They ask you to share your TAC (Transaction Authorization Code) or guide you through steps that ultimately give them access to your account.
This is a form of social engineering. Real TNG eWallet staff will never call you to ask for your PIN, TAC, or password. If you receive such a call, hang up immediately and report it through the app.
Ang Fake Merchant QR Scam
At pasar malams and small stalls, scammers place their own QR code stickers over legitimate merchant QR codes. You scan what you think is the restaurant's payment code, but the money goes to the scammer's account. The merchant does not realize the swap until end-of-day reconciliation.
Paano to Spot It
- Look for QR codes that appear to be stickers placed on top of other stickers.
- Verify the merchant name that appears on your screen before confirming payment.
- If the display name does not match the business, do not proceed.
Pagprotekta sa Your TNG eWallet Account
Here is a comprehensive checklist:
| Action | Why It Matters |
|---|---|
| Enable biometric login | Adds a layer beyond your PIN |
| Set transaction limits | Caps potential losses |
| Never share your TAC | This is your one-time password — treat it like cash |
| Check linked devices regularly | Remove any device you do not recognize |
| Enable transaction notifications | Spot unauthorized activity immediately |
| Use a strong, unique PIN | Avoid birthdays or repeated digits |
Ano to Do If You Have Been Scammed
Time is critical. Take these steps immediately:
- Open the TNG eWallet app and change your PIN.
- Call the TNG eWallet hotline at 03-5022 3888.
- File a report at the nearest police station — kakailanganin mo the report number for further action.
- Report to Bank Negara's BNMTELELINK at 1-300-88-5465.
- Lodge a complaint with the Malaysian Communications and Multimedia Commission (MCMC) at aduan.skmm.gov.my.
Sharing Sensitive Information nang Ligtas
One reason phishing works so well is that people are accustomed to sharing links, account details, and transaction references over Facebook Messenger without any protection. If kailangan mong share sensitive financial information — like account numbers, transaction references, or verification codes — sending them in plain text over chat is risky.
Tools like LOCK.PUB let you wrap sensitive information behind a password. Instead of pasting your bank details directly into a Facebook Messenger message, you create a password-protected link that expires after being viewed. The recipient needs the password you share separately — ideally via a different channel like a phone call.
This approach significantly reduces the risk of sensitive information being exposed if your Facebook Messenger account is compromised or if messages are forwarded accidentally.
Ang Bigger Picture
E-wallet fraud in Malaysia is not just a TNG problem — it reflects a broader challenge as the country accelerates toward a cashless economy. The government's push for digital payments under the MyDIGITAL initiative means more Malaysians are transacting digitally than ever before, and not everyone has had time to develop strong digital security habits.
Stay sceptical of unsolicited messages. Verify before you click. And remember: if an offer sounds too good to be true, it almost certainly is.
Stay safe online. Protect your links, memos, and sensitive data with password protection at LOCK.PUB.
Keywords
You might also like
Diia App Phishing sa Ukraine: Paano Inaabuso ng mga Scammer ang Digital Government Services
Alamin kung paano tinatarget ng phishing attacks ang mga gumagamit ng Diia.
Monobank at PrivatBank Phishing: Paano Nininanakaw ng mga Scammer ang Banking Credentials ng Ukraine
Kumpletong gabay sa Monobank at PrivatBank phishing scams sa Ukraine.
OLX Ukraine Scams: Pekeng Nova Poshta Deliveries at Payment Fraud
Paano inaabuso ng mga scammer ang OLX Ukraine.
Create your password-protected link now
Create password-protected links, secret memos, and encrypted chats for free.
Get Started Free