Security Tips


  • Keep your password/PIN code safe and memorize them. Make sure you change them regularly (recommended every 3 months)/ if you conduct Internet transactions in a number of websites, use different passwords for each website. Create unique passwords that are difficult to guess, e.g. use a combination of letters and numbers.
  • How do you know the website is secured?
    • Look for https:// in the URL and not the http:// when you login.
    • Look at the status bar of the security icon (locked padlock) when you visit the bank site. Double click on the padlock and ensure that it has a valid digital certificate.
  • Log out immediately after you have completed your Internet transaction. Then, clear the browser cache, cookies and history (refer to your bank?s website for online guidance). Ensure that you log out properly after every Internet banking session and not just close the browser.
  • Never leave your computer unattended when you are conducting your Internet transactions.
  • If you are unsure of the security of the computer, do not use it for Internet transactions.
  • Use an anti-virus, anti-spyware and personal firewall and keep it updated. Some of this software are freely available on the Internet.
  • Ensure that your PC and browser are updated with the latest pitches/fixes. Use the Automated Update feature of your Operating System (e.g. Windows Update for Windows users).
  • Do not be influenced by appealing offers, especially from unknown parties. Do not click on any links attached in your emails. Do not copy and paste any websites address (URL). Retype the websites address to surf or use your Bookmark.
  • Do not respond to email asking for personal information, log in information or on changing password notification.
  • If you decide to go to other websites linked via your Internet banking website, read the privacy and policy information of that website first before conducting any Internet transactions.
  • Always check your account balance/statement to ensure that no unauthorized withdrawal has taken place.
  • When visiting your Internet banking site, always check that the Date and Time, matches the date and time when you last signed in.
  • If your bank account has been compromised, act fast and inform the bank, please contact our Call Centre (tele-RAKYAT) at 1-300-80-5454 (local) or +603-5526 9000 (overseas) or e-mail us. Our operating hours are Monday - Friday : 7.30am - 9.30pm, Saturday and Sunday : 8.30am - 5.30pm. We are closed on Federal Public Holidays.

What is 'phishing'?

When a bogus organization goes ?phishing?, it is attempting to illegally obtain sensitive personal information from you such as your username, password and bank account numbers. They will then use the information you have provided to access your account for illegal purposes. An example is credit card fraud committed with the credit card numbers that customers mistakenly provide to the ?phishing? individual or organization.

How is 'phishing' usually done?

Common techniques that are used by the 'phishing' fraudsters include, but are not limited to the following:

  • Using false e-mail addresses, logos, and graphics to mislead you into accepting the validity of the e-mails and web sites;
  • Faking domain names to appear as representing the bank;
  • Duping you into providing personal details through one or more methods such as hyperlinks to fake websites or embedded forms in e-mails.

For example, you may receive an e-mail that claims to be from Bank Rakyat asking you to click on a link to a website within the e-mail to update sensitive information for certain reasons. When you click on the link, you will be directed to a bogus web site that may look exactly like ours where you will be asked to enter sensitive information. E-mails like these may look quite sophisticated and even carry our logos. However, do not trust them.

As a matter of security, Bank Rakyat will never send you an e-mail asking you to update your personal information.

How is it possible that the bogus website looks exactly like your Bank Rakyat Internet banking web site?

It is relatively simple to make a web site look exactly like a legitimate organisation's web site by merely duplicating what is available from the Internet.

How can I prevent myself from being 'phished'?

Do not follow any link(s) within an e-mail to the Bank Rakyat Internet Banking web site. It is not the bank's policy to request account holders to update their personal information through e-mail. Beware of any e-mails requesting for your information in this manner and please report such e-mails to the Bank immediately.

Below are some other steps that you can take to prevent yourself from being a victim of a 'phishing' scam:

  • Always enter the full URL, i.e. for Bank Rakyat Internet banking into your browser address bar.
  • Never reveal your Internet banking password to anyone. No staff of Bank Rakyat should ever ask you for your password for whatever reasons.
  • If you get an e-mail that warns you, with little or no prior notice, that your Bank Rakyat account will be closed unless you reconfirm your personal information, do not reply or click on the link in the e-mail.
  • Instead, type in the actual URL of the Internet Banking web site into your browser if you wish to verify this information. Do not follow any of the links provided in e-mails.
  • Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It signals that your information is secured during transmission.

Avoid e-mailing personal and financial information. Bank Rakyat will never solicit personal and financial information from you via a form in an unsecured e-mail.

Should I report a bogus 'phishing' site or suspicious e-mail?

Yes. If you suspect that you are being 'phished', Please contact our Call Centre (tele-RAKYAT) at 1-300-80-5454 (local) or +603-5526 9000 (overseas) during office hours or e-mail us. Our operating hours are Monday - Friday : 7.30am - 9.30pm, Saturday and Sunday : 8.30am - 5.30pm. We are closed on Federal Public Holidays.

Your report will help us identify phishing websites that seek to target Bank Rakyat?s customers. We will also publish and maintain a list of these fraudulent sites so that other customers may be warned.

What other security measures can I take?

  • Never use the same Bank Rakyat Internet banking password for other financial or non-financial web-based services such as for e-mail, online shopping, digital identity and other online subscription services.
  • Never use or choose a password that is easily guessed, such as your telephone number, mobile phone number, date of birth, username, dictionary word or other associated data (e.g. relative?s name, pet?s name, etc).
  • Install Anti-Virus software to protect your PC from viruses.
  • Install Personal Firewall software to prevent from malicious programs.
  • Avoid storing username/password when using Internet Explorer 5 browsers.
  • Do not write down your password or store it in any way, which is easy to access ? e.g. in computer hard-disk, diskette, mobile phone, etc.
  • Avoid using shared/public PCs or notebooks for Internet banking.
  • Check your account and transaction history details regularly.
  • Do not use the same password or PIN for other banks or financial institution.
  • Do choose a robust and unique password to make it difficult for anyone to guess. Alphanumeric passwords are advisable.
  • Avoid using a password you have used before.
  • Do not reveal your password to anyone.
  • Do not let anyone see you keying in your password.
  • Change your password regularly by using the Internet banking ?Change Password? service.
  • Change your password immediately if you suspect it has been exposed to others or if you suspect any unauthorized access.