There are many ways to impersonate reputed sites to gain an individual's personal details.
The usual tactic includes diverting one-time passwords to gain access to bank accounts or by creating misleading social media pages luring people with false advertising.
Such fake pages or accounts use reputable companies, organisations and even personalities to trick users into disclosing their personal information.
Has the MyKasih Sumbangan Asas Ramah (Sara) contribution initiative now become the latest to be misused as a phishing tool?
VERDICT:
TRUE
In a statement on social media, CyberSecurity Malaysia (CSM) said criminals had been found using false website links via Telegram to phish for personal information.
They discovered a phishing website that looks like a Malaysian eWallet service login page, this time targeting Telegram users with the aim of taking over the user's Telegram account for malicious purposes.
The site used this time is the Sara status check under MyKasih.
"Users will receive a message with a fake website embedded in their Telegram. When users click on the fake website, they are taken to a phishing website where the user is asked to enter a phone number.
"This information will be used by the 'threat actor' (individuals or groups that intentionally cause harm to digital devices or systems) to log into the victim's Telegram account and initiate an attempt to take it over.
"This phishing website is being shared across messaging groups via Telegram," the statement warned.
CSM also cautioned the public not to spread or share any dubious messages, links and information.
