Website, Email and Online Scam

Website, Email and Online Scam


It has been brought to AFFIN BANK attention that names/ particulars of directors, senior management, staff of the Bank, bank corporate address, bank logo and 'almost similar' website addresses of the Bank are being misused in various forms of communication including direct mail scams, email scams and dubious schemes involving but not limited to invitation to participate in non-existent fund transfers, inheritance fraud, 'black money' scams, transfers of funds from fraudulent and fictitious accounts with intention to cheat.

We wish to inform that the Bank shall not be responsible for any damages/ losses suffered by any party or parties relying or acting upon the contents of such emails and dubious schemes or websites belonging to cyber-squatters.

The information furnished herein is by no means exhaustive as it is based on cases received by Affin Bank Berhad and Affin Islamic Bank Berhad.


How to identify a scam

Inheritance claim or contest prize money

It ussually contains

  • Logins via email links to fictitious sites
  • Promises of money for little or no effort
  • Deals that sound too good to be true
    • inheritance claim or contest prize money of an exorbitant fund worth millions of US Dollars
  • Online application forms for account opening/ claims carrying a tampered logo of the Bank
    • victims will be required to complete the online forms providing their personal and financial information
  • Victims will be requested to pay a transfer fee worth several thousands of US Dollars before the inheritance funds or prize money promised could be transferred to their accounts. To effect the transfer, the beneficiary name, account number, Bank where the account is maintained, Bank address and Bank Swift Code will be furnished
  • Steps to login to an account set up for the victim online wherein the Personal ID, Access PIN and Activation Code will be furnished
    • Affin Bank Berhad will not provide ID/ passwords to customers. Customers have to obtain the password at either our ATMs or Branch. The Bank also does not have any activation code. We use the Transaction Authorization Code (TAC) for every transaction.
  • Private email addresses and mobile phone numbers of purported employees
  • Email addresses that does not belong to Affin Bank Berhad
  • Mailing addresses that does not belong to Affin Bank Berhad
  • Alert messages and threats of account closures if no claim is made

Notification of outstanding balance/ payment due

  • It usually contains logins via email links to a fictitious online banking; affinOnline site
  • For instance, victims will receive an email from paycard@affinOnline or any other invalid email addresses which do not belong to Affin Bank Berhad notifying them of their minimum credit card payment due or outstanding balance. Upon accessing the link, victims will be directed to the fictitious online banking site of which they will be requested to key in their user ID and password to access the required information or you will be required to disclose your personal and financial information, PIN, credit card numbers and/ or other confidential information.

    AFFIN BANK will never ask you to validate your account balances or inform you of any overdue payments via email links to our online banking site or pop-up windows. If you are an existing account holder and have entered any personal/ financial information in the fictitious site, please alert the Bank immediately.


List of some dubious domains reported in the last 6 months (list will be updated from time to time) - for reference only

  • affinbank.affinbmy-com
  • home2.affinbnmalay-com/myaccount/Login1.php
  • afany-my-com/affin/
  • afbworld-com/bank
  • afbakon-ws/my
  • wphcc-org/affindue/
  • home2.affinbnmalay-com/myaccount/Login1.php
  • info@afany-my-com
  • afbworld-com/bank
  • afbakon-ws/my
  • wphcc-org/affindue/2ebb8ac44315c6d3a10bea823e4a7a32/bb/
  • afinbakon-ws/online
  • afinnbk-com/my/account-enroll.html
  • affinbankinfo-tk
  • affinnb-com/my/form.html


Steps to be taken for protection

  1. Never access the Bank’s website from attachments or links in an email. Type the Bank’s correct address or manually at the address bar or bookmark the link.
  2. Do not provide any personal or financial information to an unsolicited request.
  3. Even if you have reasons to believe that the contact may be genuine, you are encouraged to contact the Bank to confirm.
  4. Do not disclose your passwords, PIN number and/ or credit card number without proper verification that the communication is made over a trusted and genuine website/ channel.


If you have fallen victim to a phishing attack, you may take these steps to minimize any damage:

  1. Change the passwords or PINs of all your online accounts that may have been compromised.
  2. Alert the Bank immediately via the following:
  3. If you know of any accounts that were accessed or opened fraudulently, arrange to close these accounts by approaching the Bank’s Branches.
  4. Lodge a police report where applicable for further investigation to be carried-out.
Please be alert for such scams and highlight the same to upon being aware of the same.

Retail Internet Banking

Corporate Internet Banking

Contact Us

Contact Centre
03-8230 2222

Tariff Charges insert_drive_file
Rates & Charges attach_money
Calculator phonelink_ring