Security Tips to Protect Yourself

Be vigilant

Keep yourself informed on the latest online security alerts and advisories at www.mycert.org.my.

Use Private Network

Never use a public computer or an unsecured wireless network (WiFi) when performing online transactions.

Use Supported Web Browsers

Ensure your web browser is always up-to-date when accessing online banking services. AmAccess Corporate and AmAccess Biz are accessible using Google Chrome, Microsoft Edge, Safari and Mozilla Firefox.

SSL Encryption

Use up to 256-bit encryption with 128-bit minimum enabled by EV SSL certificate to secure online transactions. Ensure that your browser shows a secure connection (look for the padlock icon) before proceeding with any transaction.

Password and Access Security

Use a separate password for your online banking and non-banking websites. Ensure no one is watching when you enter your password. Memorise your username and password instead of writing them down and never share them with others. Create a complex password with a combination of alphabets, numbers, and special characters, and update it regularly for additional security.

Verify the URL

Always access AmAccess Corporate and AmAccess Biz directly through their official URLs: https://corporate.amaccess.com.my/ and https://biz.amaccess.com.my/, respectively. Do not use links or attachments from emails to log in. Look out for other signs of malicious sites such as outdated designs, broken links, poor grammar, and other errors.

Account and Transaction Monitoring

Regularly monitor your account and transactions to detect any unusual activity early. Always review your account details and transactions to ensure no unauthorised transactions have been made. Set up account alerts for transactions debited from your account to receive immediate notifications of any activity. By keeping a close eye on your account history, you can quickly identify and address any potential security issues.

Device and Data Security

Regularly backup your device and critical data to prevent loss in case of a cyber attack or hardware failure. Always make sure your computer's operating system and browser software are updated with the latest security patches, and enable automatic updates to protect against vulnerabilities. Additionally, ensure your mobile device has built-in security features to safeguard your information on the go.

Mobile and Application Security

Review the privacy policy of mobile devices and applications and understand what data an application can access on your device before you download it to ensure your personal information is not compromised. Be vigilant against SIM card swap fraud, as cyber-criminals may request SIM card swaps from telecommunication companies to gain access to customers’ mobile numbers.

Anti-Virus

Install robust anti-virus, anti-spyware, and firewall software on your computer and devices. Set them to update automatically. Regularly scan your devices to remove any detected viruses or malware.

Safeguard Your Token

If you are a Token User, keep your token secure at all times. Never share your token PIN with anyone.

Deactivate User ID (Kill Switch)

If you suspect your AmAccess Corporate or AmAccess Biz account has been compromised, you can immediately suspend your account.

Disable the Auto-Complete

Disable auto-complete or auto-save function for login information. Key-in your login details for every login.

Sign Out

Sign out from AmAccess Corporate or AmAccess Biz when you have finished; do not leave the active session unattended.

Clear Browser Cache

Clear your browser cache and history after each session to protect your information. This option is typically under the “Internet Options” of your browser.

Identity Fraud

Phishing

Phishing is a method used by fraudsters to deceive one into revealing their sensitive information. Phishing emails are designed by fraudsters to appear legitimate to gain the trust of the recipient. The content of the email typically attempts to inflict a sense of urgency and panic in order to trick customers into revealing confidential information on a fake website or pop-up or clickable hyperlink.

  • AmBank will never send you an email or SMS asking for your personal or financial information.
  • Do not click on any embedded links in SMSes or emails sent to you.

Pharming

Pharming is a type of cyber attack where internet users are redirected to fake websites that look like legitimate ones. These fraudulent sites are designed to steal personal information such as passwords and account numbers.

Pharming can happen in two main ways:

  • Host File Changes: Malicious software can alter your computer’s host file, redirecting you to fake websites.
  • DNS Server Exploits: Cybercriminals can exploit vulnerabilities in DNS server software to redirect traffic from legitimate websites to fraudulent ones.

To ensure your safety when accessing AmBank corporate internet banking, always check that the website address starts with https://. This indicates a secure connection.

Malware

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network; leak private information; gain unauthorised access to information or systems; deprive access to information; or which unknowingly interferes with the user’s computer security and privacy. Common types of malware are viruses, worms, trojan horses, ransomware, spyware, and keyloggers.

  • Perform online activities or transactions only after directly logging onto the website and sighting the security icon (a padlock) at the address bar.
  • Use security software such as firewalls, anti-virus, and anti-malware programmes to prevent data breaches to your online banking account.
  • Do not download files (including email attachments) without verifying that they are from a legitimate source.
  • Only install applications from verified sources/providers

Social Engineering Scams

Social engineering scams are deceptive tactics fraudsters use to manipulate individuals into sharing confidential information or performing actions that compromise security. These scams often involve impersonation, where fraudsters pretend to be trusted contacts or reputable organisations, including banks, to gain the victim’s confidence. Social engineering messages may create a sense of urgency or exploit emotions to pressure recipients into disclosing sensitive details or performing unauthorised transactions.

  • AmBank will never request for your personal or financial information via unsolicited communication channels such as phone, email, or SMS.
  • Verify the identity of any requester and be cautious with unfamiliar communications, especially those with urgent instructions.

Keylogging

Keylogging is a cyber-criminal activity where keylogger technology tracks and records keystrokes on a keyboard. Also known as "Keyboard Capturing," it often goes unnoticed by users, especially when logging into online banking. Keyloggers are used to fraudulently access confidential information such as personal details, credit card data, and access credentials.

On mobile devices, cyber-criminals often use keyloggers to capture and transmit information, including emails, SMS messages, and keystrokes, without the phone user knowing it.

Protect your account by:

  • Installing Anti-Spyware Applications: Use anti-spyware software that can detect and remove keylogging software from your devices.
  • Staying Vigilant: Be cautious of suspicious emails, links, and downloads that could install keyloggers on your devices.

AmBank corporate internet banking is secure from keylogging attacks, as each PIN is invalidated immediately after use, ensuring your transactions remain safe.

Report to Us!

If you suspect any unauthorised access of your account(s) online or notice any online transactions that you did not initiate or perform, please contact our Contact Centre immediately at (603) 2178 3188 or the National Scam Response Centre (NSRC) at 997. You may also email to [email protected].

You may expedite the investigation by providing the following details:

  • Your name
  • Your Business Registration Number
  • The affected account number
  • The date of the disputed transaction
  • The amount of the disputed transaction
  • The reason you believe the transaction is disputed
  • A copy of the police report

If you are not satisfied with the resolution, you may refer the matter to the Ombudsman for Financial Services (OFS) at +603 2272 2811 or email to [email protected].

cta background