Someone tried to scam my Airasia BigPay ewallet account πŸ‘ŽπŸ“΅πŸ’Έ

 Do Not Reveal your OTP number to ANYONE, and I mean ANYONE. Not even your Mom and Dad πŸ‘Ώ."

While driving home one day, I received a whatsapp call from an unknown number with the whatsapp profile picture with the BigPay logo. BigPay is one of the ewallet providers in Malaysia which is affiliated with Airasia the airline company. The caller informed me that I just won some cash bonuses (worth RM2,000) from BigPay and need to confirm the PAC/TAC/OTP code from BigPay that arrives in my SMS in order to claim the reward in my BigPay wallet. He was speaking in Bahasa Malaysia and the number was πŸ“΅ 011-56498931 and πŸ“΅ 016-6876870. 


My phone then buzzed and I indeed did saw an SMS message from BigPay coming to my phone. I saw a warning message on the SMS which also mention to not share the code with anyone, including to BigPay employees. While I was busy concentrating on driving I'm glad I still had a clear mind.


Realizing it was a scammer, I dropped the phone line and continued on with my driving. After which I did some research on how the scam works. It seems that the scammers just need to have your phone number and will try reset your BigPay wallet app using your PAC/TAC/OTP. The PAC/TAC/OTP that the scammers trigger is via the "Lost Password" option when they try to sign in to BigPay app using your phone number.

Once they have done so they will be faced with the 6 digit security pin which they will try to guess it with 123456 or 654321, a number combination commonly used. Once the security pin is cracked, the scammers will have access to your account and can easily use the account to remit money overseas, one of the differentiating features of the BigPay wallet which focuses on remittance transfers.

I got the admit the scammer's call seem pretty genuine if I wasn't aware of such scams out there. This scam seems to be quite frequent on BigPay ewallet because the wallet can do overseas remittance, other ewallets like TouchNGo and BoostPay do not have this feature. In fact, the other ewallet players do not allow cash out to bank anymore for security reasons, it means you cannot withdraw money from your ewallet to a local bank account.

Lesson from this ordeal is :
1) Do not reveal BigPay SMS tag to anyone (and I mean virtually anyone) 
2) Set a strong PIN, do not use simple numbers like 123456 or 654321

Updates 20200804
The BigPay scammers seemed to be using another phone number to conduct their business : 016-6876870. This time however, the sob story is slightly different, the scammer calls you up and then says that there's recently been a lot of BigPay ewallet scammers out there and he needs to verify your security in the app by you reading out the PAC/TAC/OTP that is sent to your phone. The scammer also mentioned that I am not to tell anybody including BigPay employees about the PAC/TAC/OTP except him because he's from the IT security department. The whole sob story script sounded really genuine.  The photo of the profile also has been change to look like a call center worker/personnel. The scammers are really getting bolder by the day.


I recorded the whole conversation and will upload it to Youtube for reference. 




BigPay also has written a blog post about this type of scam here. The BigPay team is also aware of these scamming phishing cases and upon signing into BigPay ewallet they will give a popup warning.

 πŸ“΅BigPay Phishing Scammers Numbers :
+62822399432777
010-3297121
010-8524355
010-9433187
010-7149437
010-85590927
011-12078465
011-12313896
011-12694273
011-13478257
011-13496196
011-14300759
011-14300759
011-14300759
011-16058570
011-17684266
011-20523008
011-20538577
011-14388963
011-21081833
011-23029793
011-23234740
011-23349520
011-23541146
011-24217600
011-24221785
011-24228396
011-25274249
011-25291480
011-25340598
011-25383610
011-25409535
011-25546721
011-25835463
011-25835608
011-26198617
011-27900255
011-35182314
011-36445675
011-36445675
011-37240845
011-37294481
011-37640928
011-39532764
011-39809095
011-39839455
011-56403904
011-56498931
011-57960699
011-57963607
011-57964417
011-57970678
011-57982744
011-57983325
011-63841649
011-72471281
011-72609630
012-8687148
013-3211698
014-2437023
014-2815423
014-2825942
014-2836971
014-2837769
014-2848966
014-3281549
014-7121042
014-7379330
014-9054496
014-9923895
014-9923895
016-3200351
016-4066787
016-6876870
016-6876933
016-6876933
017-2480680
017-3029693
017-4648246
017-6307594
017-6349641
017-6349641
017-6554051
017-6562807
017-6565357
017-6565428
017-6565428
017-7539141
017-7833632
017-8054369
017-8135084
017-8312164
017-8314230
017-8368579
017-8435765
017-8638594
019-4445206
019-6961459
019-8526506
019-8526506
Note : I got these numbers from forums from Bigpay users on the phishing calls they are getting.

Updates 20200805
I did some research on the BigPay phishing scams and I found more scenarios in Lowyat.net forum.

If my article provided some value to you in anyway, you can support me by signing up to BigPay ewallet using my referral/invite code NIA9FN807A. You will get a debit card which can be used for payments like a credit card.

Updates 20200810
I read up on Lowyat forum and found that BigPay scammer/phishing also has got SMS click baits that will link to a Google Form to fill in your BigPay ewallet details.



Updates 20200811
Another variation of the Big Pay Phishing scammers. Using BigPay logo with tagline.



Another variant is they try put a photo of the BigPay team to make it even like the caller is from the BigPay team to create legitimacy. 




The click bait SMS sent seem to be capitalizing on human greed by telling the BigPay wallet user that they have won some prize and need to click on the link (with BigPay word) which will divert the wallet user to another site or Google Forms where the wallet user is required to fill up all their BigPay wallet information.


Some of the BigPay scammers seems to be using overseas numbers and do whatsapp call to scam victims.






Updates 20200813
BigPay team seems to be aware that this phishing scams on BigPay wallet users is becoming extremely common now and have publish a blog post on this here.

Updates 20200824
More people getting SMS baits to scam their BigPay account.


Updates 20201026
The scam calls still keep coming in to other BigPay wallet members.


Updates 20201030
Another variation of the scammer is to use Airasia logo as the whatsapp profile picture.


Updates 20201121

More variations from phishing. Some of the numbers are also from overseas sim cards, most likely to avoid detection.








Updates 20201230
The latest phishing tricks scammers are up to is to try to convince BigPay users that they have been upgraded to a Red premium card from their standard BigPay card and to do so users have to provide the TAC number. The phishing Whatsapp call will use some executive person picture to make it look like a red carpet staff calling you.




Updates 20210222
Here's a live recording of a BigPay phishing scam in progress


Updates 20210501
Hari Raya is almost here and the scam starts changing to Hari Raya theme.

Updates 20210605

Heard about this in forums that the scammers were getting more creative by pretending to be warning people about the scam (social engineering) and then attempt to bluff about need your OTP for verification purposes.



Updates 20210702
The new style is to put  BigPay red picture on Whatsapp profile.









Updates 20210719
The scam/phish still does not show signs of abating.




Updates 20211006
It's the 4th quarter of 2021 and the scam is still running strong.



Updates 20211016
Scamming continues ...

Updates 20220505
I wrote a post about disabling the BigPay debit card for better security here.
πŸ“ŒAds - BigPay ewallet Referral 
If my article provided some value to you in anyway and have not signed up for BigPay wallet, you can support me by signing up to BigPay ewallet using my referral/invite code πŸ‘‰πŸ½ NIA9FN807A. You will get a debit card which can be used for payments like a credit card. Each of us will get RM10 upon successful sign up. While there's a lot of phishing scams right now it shows that many people are using BigPay for purchases and doing international remittance that is why scammers start targeting these gullible people.


πŸ”—Links
https://www.soyacincau.com/2020/07/12/bigpay-beware-of-scams-contest-prize-psa-security/