DO NOT fall into fake MyBayar PDRM emails, scam leads to phishing website that steals money


DO NOT fall into fake MyBayar PDRM emails, scam leads to phishing website that steals money

The public is urged to practice caution as the Malaysia Computer Emergency Response Team (MyCERT) has issued an alert regarding a phishing website impersonating MyBayar PDRM’s official website that is circulated via email.

According to the alert notice, the email contains a link and if it is clicked, users will be redirected to a fraudulent website that mimics the legitimate MyBayar PDRM login page. This fake site is used to steal money from users’ bank accounts unsuspectingly.

Source: MyCERT

The sample shown by MyCERT shows the MyBayar PDRM fake website features a unique Uniform Resource Locator (URL) that reads “”.

Please note that the MyBayar PDRM’s legitimate, official website has “’’ as the URL.

Source: MyCERT

In the fake MyBayar PDRM website as shown here, users are asked to fill in their vehicle’s plate number to “search for a fine”, and it will reveal the fine or summon’s description including the amount that needs to be paid within 7 days with an additional cost if the fine is not paid within the stipulated time frame.

Source: MyCERT

Next, comes the riskiest part of the scammer’s modus operandi - users are asked to use a bank card to pay for the fine; which will require the user to enter their card number, expiry date, and CVV.

“The scammer's goal in this syndicate is not to obtain money from users when they pay the fine, which is RM50, but the bank card details. Scammers could manipulate the (details) harvested from the bank cards and make more money with that information,” said MyCERT.

Source: MyCERT

Please note that there could be more than one type of email or website that is being circulated to scam unsuspecting users.

Another suspicious email received by a fellow colleague shows similar attributes to the aforementioned fake email, as shown below.

To keep everyone safe in cyberspace, MyCERT highly recommends the public to not panic when receiving taunting emails or messages. Users are also advised to have their devices updated with the latest security measures announced by the vendor and to follow best practice security policies to determine which updates should be applied.

You can read the full notice here for more practical advice and next course of action should you come across a similar scam attempt.

Be safe out there, folks!