• +60​3​-​2272​-​2811
Fmos
English
English Bahasa Melayu
Fmos
File a Complaint
English
English Bahasa Melayu
Fmos
File A Complaint
Fmos
Complaint

Facebook Messenger Phishing Scam

Dolly received a message on her Facebook Messenger from someone impersonating her friend and asking for help. Intending to help her ‘friend,’ Dolly shared her credit card particulars and One-Time Password (OTP) without further checking.

Later, Dolly felt suspicious and contacted her friend only to realise she had been scammed. Dolly immediately contacted the bank and was told that her credit card had made six online transactions. She requested to block her credit card and lodged a police report.

Dolly denied performing all six transactions and requested a complete waiver from the bank. She contended that the transactions differed from her spending pattern and that the bank should have contacted her before approving them. The bank rejected her claim because the transactions were performed on a secured platform.

OUR FINDINGS

According to the bank’s records, the messages containing the OTPs for the disputed transactions were successfully sent to Dolly’s registered mobile number. Dolly admitted to disclosing all the OTPs the bank sent her to the scammer disguised as her friend.

Although Dolly requested the bank cancel the transactions, it could not as they were approved through the OTP verification. We noted that the six transactions were performed from 6.32 p.m. to 6.48 p.m., and the bank blocked her credit card at 7.31 p.m. the same day.

By then, all six transactions had already been approved and completed. The bank acts as a billing agent for transactions between the cardholder and the merchant, and it does not have direct relations with the establishment (merchant) concerned. Under the card scheme rules, there are no chargeback rights for a claim under unauthorised transactions approved under a 3-D secured platform.

Nonetheless, we noted that the bank proceeded to perform the chargeback on a goodwill basis. However, the chargeback failed.

OUTCOME

The Case Manager recommended in favour of the bank as Dolly disclosed both her card details and the OTPs to the fraudsters, facilitating their execution of the transactions. The case manager stressed the importance of Dolly safeguarding the confidentiality of her credit card details and OTPs at all times.