EPF Warns Members Not To Fall For “RM6,000 Incentive” Phishing Scam

The Employees Provident Fund (EPF) has debunked the viral message.

The Employees Provident Fund (EPF) has clarified that a viral message about a RM6,000 incentive is a scam

A screenshot of the viral message.

Image via Twitter @RazSalleh

The message, which is written in Bahasa Malaysia, claims members who worked between the years of 1990 to 2018 are eligible for a RM6,000 incentive from EPF.

The message encourages members to check if their names are listed among those who are eligible by clicking on an attached link which takes users to a fake website that looks similar to EPF's official website.

EPF believes the message is an attempt to phish for members' personal details through the fake website

For members to check if they are eligible for the "incentive", they are required to fill in a survey and further spread the message on WhatsApp.

In their media statement, EPF stated that they believe the message is intended to "phish for members' personal data for fraudulent purposes".

EPF also urged members "not to respond to such surveys nor provide their
personal data to any unverified third party" and to stop the spread of the message. 

A screenshot of the fake website.

Image via Twitter @wethehellbrah

EPF also advises members to contact them through official channels for whenever they come across such messages

EPF has an official website, Facebook page, and Twitter account.

For enquiries and clarifications, the EPF Contact Management Centre (CMC) can be reached via phone at 03-89226000 or through their email form

The Malaysian Communications and Multimedia Commission (MCMC) has a dedicated website to educate the public on phishing attempts

A screenshot of MCMC's Network Security Centre

Image via SKMM Network Security Centre

According to MCMC, phishing is a "a fraudulent attempt, usually made through email, to trick you to reveal your credentials to the attacker".

MCMC advises members of the public to protect themselves from a phishing attack by practising the following:
- Avoid providing personal information when responding to an unsolicited request.
- If you are convinced that the contact is legitimate, initiate your own communication with the financial institution’s official contact to find out.
- Never provide your password over unsolicited and unverified communication channels.
- Always review your account statements regularly to spot any unauthorised activities.

Read more here.

Leave a comment