" ❌ Do Not Reveal your OTP number to ANYONE, and I mean ANYONE. Not even your Mom and Dad πΏ."
While driving home one day, I received a whatsapp call from an unknown number with the whatsapp profile picture with the BigPay logo. BigPay is one of the ewallet providers in Malaysia which is affiliated with Airasia the airline company. The caller informed me that I just won some cash bonuses (worth RM2,000) from BigPay and need to confirm the PAC/TAC/OTP code from BigPay that arrives in my SMS in order to claim the reward in my BigPay wallet. He was speaking in Bahasa Malaysia and the number was π΅ 011-56498931 and π΅ 016-6876870.
My phone then buzzed and I indeed did saw an SMS message from BigPay coming to my phone. I saw a warning message on the SMS which also mention to not share the code with anyone, including to BigPay employees. While I was busy concentrating on driving I'm glad I still had a clear mind.
Realizing it was a scammer, I dropped the phone line and continued on with my driving. After which I did some research on how the scam works. It seems that the scammers just need to have your phone number and will try reset your BigPay wallet app using your PAC/TAC/OTP. The PAC/TAC/OTP that the scammers trigger is via the "Lost Password" option when they try to sign in to BigPay app using your phone number.
Once they have done so they will be faced with the 6 digit security pin which they will try to guess it with 123456 or 654321, a number combination commonly used. Once the security pin is cracked, the scammers will have access to your account and can easily use the account to remit money overseas, one of the differentiating features of the BigPay wallet which focuses on remittance transfers.
I got the admit the scammer's call seem pretty genuine if I wasn't aware of such scams out there. This scam seems to be quite frequent on BigPay ewallet because the wallet can do overseas remittance, other ewallets like TouchNGo and BoostPay do not have this feature. In fact, the other ewallet players do not allow cash out to bank anymore for security reasons, it means you cannot withdraw money from your ewallet to a local bank account.
Lesson from this ordeal is :
1) Do not reveal BigPay SMS tag to anyone (and I mean virtually anyone)
2) Set a strong PIN, do not use simple numbers like 123456 or 654321
Updates 20200804
The BigPay scammers seemed to be using another phone number to conduct their business : 016-6876870. This time however, the sob story is slightly different, the scammer calls you up and then says that there's recently been a lot of BigPay ewallet scammers out there and he needs to verify your security in the app by you reading out the PAC/TAC/OTP that is sent to your phone. The scammer also mentioned that I am not to tell anybody including BigPay employees about the PAC/TAC/OTP except him because he's from the IT security department. The whole sob story script sounded really genuine. The photo of the profile also has been change to look like a call center worker/personnel. The scammers are really getting bolder by the day.
I recorded the whole conversation and will upload it to Youtube for reference.
BigPay also has written a blog post about this type of scam here. The BigPay team is also aware of these scamming phishing cases and upon signing into BigPay ewallet they will give a popup warning.
π΅BigPay Phishing Scammers Numbers :
+62822399432777 010-3297121 010-8524355 010-9433187
010-7149437
010-85590927 011-12078465 011-12313896 011-12694273 011-13478257 011-13496196 011-14300759 011-14300759 011-14300759 011-16058570 011-17684266 011-20523008 011-20538577
011-14388963 011-21081833 011-23029793 011-23234740 011-23349520 011-23541146 011-24217600 011-24221785 011-24228396 011-25274249 011-25291480 011-25340598 011-25383610 011-25409535 011-25546721 011-25835463 011-25835608 011-26198617 011-27900255 011-35182314 011-36445675 011-36445675
011-37240845 011-37294481 011-37640928 011-39532764 011-39809095 011-39839455 011-56403904 011-56498931 011-57960699 011-57963607 011-57964417 011-57970678 011-57982744 011-57983325 011-63841649 011-72471281 011-72609630 012-8687148 013-3211698 014-2437023 014-2815423 014-2825942 014-2836971 014-2837769 014-2848966 014-3281549 014-7121042 014-7379330 014-9054496 014-9923895 014-9923895 016-3200351 016-4066787 016-6876870 016-6876933 016-6876933 017-2480680 017-3029693 017-4648246 017-6307594 017-6349641 017-6349641 017-6554051 017-6562807 017-6565357 017-6565428 017-6565428 017-7539141 017-7833632 017-8054369 017-8135084 017-8312164 017-8314230 017-8368579 017-8435765 017-8638594 019-4445206 019-6961459 019-8526506 019-8526506
Note : I got these numbers from forums from Bigpay users on the phishing calls they are getting.
Updates 20200805
I did some research on the BigPay phishing scams and I found more scenarios in Lowyat.net forum.
If my article provided some value to you in anyway, you can support me by signing up to BigPay ewallet using my referral/invite code NIA9FN807A. You will get a debit card which can be used for payments like a credit card.
Updates 20200810
I read up on Lowyat forum and found that BigPay scammer/phishing also has got SMS click baits that will link to a Google Form to fill in your BigPay ewallet details.
Updates 20200811
Another variation of the Big Pay Phishing scammers. Using BigPay logo with tagline.
Another variant is they try put a photo of the BigPay team to make it even like the caller is from the BigPay team to create legitimacy.
The click bait SMS sent seem to be capitalizing on human greed by telling the BigPay wallet user that they have won some prize and need to click on the link (with BigPay word) which will divert the wallet user to another site or Google Forms where the wallet user is required to fill up all their BigPay wallet information.
Some of the BigPay scammers seems to be using overseas numbers and do whatsapp call to scam victims.
Updates 20200813
BigPay team seems to be aware that this phishing scams on BigPay wallet users is becoming extremely common now and have publish a blog post on this here.
Updates 20200824
More people getting SMS baits to scam their BigPay account.
Updates 20201026
The scam calls still keep coming in to other BigPay wallet members.
Updates 20201030
Another variation of the scammer is to use Airasia logo as the whatsapp profile picture.
More variations from phishing. Some of the numbers are also from overseas sim cards, most likely to avoid detection.
Updates 20201230
The latest phishing tricks scammers are up to is to try to convince BigPay users that they have been upgraded to a Red premium card from their standard BigPay card and to do so users have to provide the TAC number. The phishing Whatsapp call will use some executive person picture to make it look like a red carpet staff calling you.
Updates 20210222
Here's a live recording of a BigPay phishing scam in progress
Updates 20210501
Hari Raya is almost here and the scam starts changing to Hari Raya theme.
Updates 20210605
Heard about this in forums that the scammers were getting more creative by pretending to be warning people about the scam (social engineering) and then attempt to bluff about need your OTP for verification purposes.
Updates 20210702
The new style is to put BigPay red picture on Whatsapp profile.
Updates 20210719
The scam/phish still does not show signs of abating.
Updates 20211006
It's the 4th quarter of 2021 and the scam is still running strong.
Updates 20211016
Scamming continues ...
Updates 20220505
I wrote a post about disabling the BigPay debit card for better security here.
πAds - BigPay ewallet Referral
If my article provided some value to you in anyway and have not signed up for BigPay wallet, you can support me by signing up to BigPay ewallet using my referral/invite code ππ½ NIA9FN807A. You will get a debit card which can be used for payments like a credit card. Each of us will get RM10 upon successful sign up. While there's a lot of phishing scams right now it shows that many people are using BigPay for purchases and doing international remittance that is why scammers start targeting these gullible people.
πLinks
https://www.soyacincau.com/2020/07/12/bigpay-beware-of-scams-contest-prize-psa-security/https://www.bigpayme.com/post/the-number-1-rule-to-keep-your-bigpay-money-safe?fbclid=IwAR1QDxKqoVwErX7-EudnKU_SH2kGQiXW8db70Dhd683ow9EMB3I7fm97GDA
π±Android Playstore
π±Apple Appstore