A Woman Lost Most Of Her Money After Falling Prey To A "LHDN Tax Refund" Scam

Unfortunately, there is no way for her to recover the money that she lost.

Cover image via Facebook

A young woman took to social media recently to warn others of an ongoing scam, after she lost almost all her savings in her bank account

Facebook user Michelle Lee Shi Ni shared about how she became a victim of phishing as she unknowingly she opened a fake site and gave all information about her bank account, causing her to lose almost all her money in that account within a few minutes.

It all started when she received an email from 'Encik Fadzli Bin Abdul Wahit', who used the email address [email protected], on a supposed tax refund from the Inland Revenue Board of Malaysia (IRB), which is also known as LHDN in its Malay abbreviation.

According to the email, Lee had an overdue tax refund and she was directed to click on a link in the email in order to receive the refund

Image via Facebook

She clicked on the blue 'Proceed' link in the email, and she was directed to a page with logos of banks. At that particular webpage, she was instructed to select the bank and follow the instructions given.

"After I selected CIMB Bank, I was directed to CIMB Clicks. I keyed-in my username and password and was then asked to type in the TAC (Transaction Authorisation Code)," Lee said in her Facebook post.

"A few minutes later, I received an SMS from CIMB saying that almost all my money in the bank account was transferred out to a person whom I don't even know!"

Lee then called the CIMB customer service hotline and she learned that the transfer limit for her account was increased and the money in her account was subsequently transferred out.

"I was so shocked as both acts were not carried out by me! The only thing I saw on CIMB Clicks was just the page to type in the username and password. I didn't even click in to the transfer page nor the increase transfer limit page."

Following that call, CIMB had blocked her account and she was advised to lodge a police report on the matter. 

Lee took CIMB's advice and proceeded to make a report about her case at the nearest police station

Unfortunately, she learned that her hard-earned money, which was lost to the cybercriminal(s) behind the phishing scam, cannot be recovered.

"Sadly, the inspector told me that there is no way that I can get the money back. I can only hope that they can find the culprit and lock him up in jail."

"Even though I have always read about Internet scams, but I have never thought that I would one day fall victim to it. So be careful everybody, as it can happen to anybody," Lee said.

In light of the recent cases, LHDN has also reminded the public to be wary of bogus emails purportedly from the government body

Photo for illustration purposes only.

Image via Bernama via Malay Mail Online

In a statement on Monday, 6 November, LHDN said that a syndicate was using the name of its CEO, board members, and the official logos of the agency and banks to convince people into believing that they have overpaid taxes and that LHDN requires their bank account details to make a refund to them.

"It should be noted that IRB has never sent any e-mails asking for taxpayers to disclose their banking details. This is because the taxpayers' banking details would be obtained through a declaration by the taxpayer when they complete the Income Tax Return Form yearly.

"Also, overdue tax refunds that have been successfully processed would be credited by LHDN into the taxpayers' bank accounts using Electronic Fund Transfer (EFT), tax refund voucher, or crossed cheque, or telegraphic transfer (for those who are overseas)," the statement read.

The public has also been advised to verify the authenticity of these emails that claim to be from LHDN

Image via LHDN

One of the easiest ways to identify if an email is a fraud is to check the email address used by the sender, as official emails from LHDN would always use the domain Even then, the public should exercise caution as there have been cases in which cybercriminals spoof email addresses to make the emails look like they came from LHDN.

According to LHDN, some of the fake domains that are masquerading the government agency include and

When in doubt, the public can always call the LHDN hotline at 1-800-88-5436 or the nearest LHDN branch number listed on to verify the emails.

LHDN also urged those who have fallen victim to these scams to lodge a report with the authorities for further action.

Share to alert your family and friends!

More news on SAYS:

You may be interested in:

Leave a comment