How I Escaped from Maybank2u Email Phishing Scam

I would like to share with you all from my experience of handling another phishing email scam which was sent from Maybank2u, one of the largest bank in Malaysia. Of course the email was not sent by them, it is clearly a scam and sent by someone who tries to pretend as the Security Advisor for this bank.

First and foremost, the email landed on my mailbox and it was filtered by Google Spam. I always check my spam box to ensure that I do not miss any email from anyone and there I found Maybank2u’s email over there. I move it to Inbox and take a look at the email content. Below is what I found.

phishing emailClick on the image to enlarge

Notice that the sender’s name though is Maybank2u which seems to be legitimate, but the email domain is ‘’ instead of the actual one. If I follow the phishing game, this email basically asked me to update my information by clicking on the ‘Continue’ link which somehow linked to another domain which is also NOTΒ the Maybank2u official site.

I had thrown the phishing URL to Virus Total for a URL scan and found that there is no Malware hosted on the URL. However, for safety precaution, I used a virtual machine to visit the URL and found that the login page looks exactly like the actual Maybank2u login page just like below.

maybank2u phishing page

Click on the image to enlarge

This screen still appear to be normal but the next screen started to get fishy where I randomly hit a username to try this page, I see the screen as below.

maybank2u phishing 2

Click on the image to enlarge

Two things that I find fishy here:

  1. It says no image where usually, Maybank2u does not do this.
  2. There is spelling error of ‘avialable’ instead of ‘available’.

I escaped from the phishing scam easily simply because Google helped me to filter this email as Spam. However, if you took my series on URL investigation and analysis, you should also experienced enough to handle this piece of email with care. Last but not least, you should always listen to Maybank2u where they do not send any email out. As a result, any email that has to do with Maybank2u should be treated as not legitimate.

Like my Facebook page and get a Free antivirus!

Featured Image Credit: Maybank2u (Image link)

Build Your Own Security
Subscribe to my newsletter and get a copy of my eBook for free.
We hate spam just as much as you

Related posts:

  1. Phishing Scam Wipes out Bank Accounts Worth 240k
  2. New Security Feature in
  3. Watch Out for Google Adwords Phishing Scam
About Alan Tay

This blog is owned and operated by myMediaInc. My Media operates content based online portals for IT professionals, technology managers and decision makers as well as business leaders. We publish original quality content focused in Software Development, IT Security, SaaS, Cloud Computing, Outsourcing, Project Management and Mobile and Wireless. Our mission is to explore how to help you optimize your resources in each of these areas.

Find us here IT Security Column.


  1. Peter Lee says:

    Lucky escaped Alan? Countless people fall victims to Phishing scams each year. These scams end up costing the victims millions of dollars. If anyone does receive an e-mail message that proves to be a Phishing scam, they should always report the message to the company that the message claims to be from. Doing so makes the company aware of the scam so that they can report it to the proper authorities and help keep other people from being ripped off. Thanks for the share Alan.

    • Alan Tay says:

      Well, not to say I escaped by luck. As I don’t usually click on links and had anti-phishing enabled, I will most probably not going to get into this scam. However, the reason I share is to give a real life experience out. I believe this is a better way to warn rather than just tell people about the problem. Those type of posts will be ignored and thanks for reading there, Peter. πŸ™‚

  2. Ashok says:

    Normally a phishing mail will lead to a site that does not contain malware, since otherwise that malware site can be easily detected by modern browsers such as Chrome, IE, Firefox, etc. This will defeat the main purpose of the phishing attempt, and that is to make you input your username and password. So, the whole exercise of phishing scams is to collect usernames and passwords and not to spread malware.

    It is good that you took precautions and did not fall prey to the phishing attempt. Unfortunately, not everybody on the web is so cautious as you were.

  3. Tan

    I used to report their site to hosting provider each time I receive the email. I stop to do so after a while, because they do this daily and I just feel tired. By the way, they seem like just switch to new target – “Islam Bank” as I still receive fake email DAILY.

  4. stargazer says:

    Nice article. If i face this matter, I follow their game but enter fake user name/password to see what happened after that. hahaha…

Speak Your Mind


CommentLuv badge

This blog uses premium CommentLuv which allows you to put your keywords with your name if you have had 3 approved comments. Use your real name and then @ your keywords (maximum of 3)