Local Trends and Safety Advisories [Malaysia]
Avoid these latest scams in Malaysia! We update these safety advisories regularly to share with users what to look out for and how to protect themselves.
If you come across any suspicious accounts, please report it to our team.
[February 2025] - Stay Scam-Safe This Valentine’s Day!
1. What scams should I watch for?
- Fake deals on gadgets, luxury goods, or Pokémon preorders.
- Bogus offers desserts, cakes, or gift boxes.
- Phishing links promising “exclusive deals.”
2. How do I spot fake deals?
- If it’s too good to be true, it probably is.
- Verify sellers and check reviews.
3. How can I stay safe?
- Use secure payments and trusted platforms.
- Ignore suspicious messages or links.
Stay vigilant and scam-free this season! ❤️
- [October 2024] - Beware of the Gadget Scam: A New Modus Operandi
We want to alert our users to a scam that’s becoming more prevalent—known as the Gadget Scam. This type of scam where fraudsters offer discounted gadgets (such as smartphones, tablets, or other electronics) under false pretenses, often as part of a fake promotion or pre order. Don’t get lured in by an attractive offer. Keep the transaction within the platform.
Here’s how it works:
- Recruitment of Gadget Enablers: Scammers promise high commissions to individuals who post ads for gadgets like phones and laptops. Or they create the accounts themselves
- Directing Buyers to WhatsApp: Buyers are asked to complete their transactions on WhatsApp, where the enabler claims to be selling goods on behalf of a company.
- No Products, Only Losses: Both enablers and buyers are scammed. Enablers often pay upfront for products that never arrive, while buyers pay for items they will never receive.
We urge everyone to be cautious and verify any offer that seems too good to be true. Protect yourself by avoiding any transactions that ask for payments outside of secure channels and always research the legitimacy of the seller or company.
Stay informed, and don’t become the next victim!
- [August 2024] Reminder about rising phishing threats!
How do phishing attacks on platforms occur?
- Phishing attacks typically involve fraudulent emails, messages, or websites that mimic legitimate platforms to trick users into revealing sensitive information.
What are common signs of phishing attempts on platforms?
- Look out for suspicious URLs, urgent requests for personal information, grammatical errors in messages, and offers that seem too good to be true.
How can I protect myself from platform phishing threats?
- Verify URLs: Always check the web address for accuracy before entering login credentials.
- Enable Two-Factor Authentication (2FA): Add an extra layer of security to your accounts.
- Educate Yourself: Stay informed about current phishing tactics and warning signs.
- Be Cautious with Links and Attachments: Avoid clicking on links or downloading attachments from unknown sources.
What should I do if I suspect a phishing attempt?
- Do Not Respond: Avoid interacting with suspicious messages or emails.
- Report It: Report phishing attempts to the platform's security team or customer support.
- Monitor Accounts: Regularly check your accounts for unauthorized activity.
- Educate Others: Share information about phishing threats with friends and family to help them stay safe.
Remember, staying vigilant and informed is key to protecting yourself from emerging phishing threats on platforms.
-
[May - July 2024] Phishing Pattern Reminder
-
Why are new phishing patterns being updated?
-
Scammers constantly evolve their tactics to deceive users. We continuously give reminders about phishing patterns to help you stay ahead of these threats and protect your personal information.
-
- How can I spot these phishing patterns?
- Be cautious of unexpected emails, especially those urging immediate action or containing suspicious links, fake websites, asking for personal information (email, phone number and redirecting outside of the platform.)
- What should I do if I encounter a potential phishing email?
- Do not click on any links or be asked for personal information. Report users through report buttons or reaching out to our contact support teams to cater possible scammers on the platform.
- For more, check this out Frequently Used Messages and Images by Phishing Scammers on Carousell
-
- [Apr 2024] We have other local updates for ATO but we want to share more as an alert arises for ATO Phishing!! Here are some important reminders to help safeguard against account takeovers:
- Attackers send emails that appear to be legitimate. These emails contain links to lead you to fake login pages designed to steal credentials when users enter their information.
- Use strong and unique passwords, as much as possible activate a two-factor authenticator to safeguard your accounts.
- Verify the legitimacy of emails, especially those asking for login details or personal information. Avoid clicking links from unknown or suspicious sources.
- Regularly keep your device and applications up to date. Updates often include security patches that protect against known attacks.
- Educate yourself about common phishing techniques and other cybersecurity threats.
- What to Do If You Suspect an Account Takeover:
- If you think your account got compromised, change your password immediately.
- Notify the platform for any unauthorized access.
- Review your account settings and make sure no unauthorized changes have been made.
- If financial accounts are involved, monitor your statements closely for any unusual activities made.
- Being vigilant in all your activities and transactions can lead you to have a safe transaction and happy browsing experience!
- [Feb & Mar 2024] We have other local updates for ATO but we want to share more as an alert arises for ATO Phishing!!
Here are some important reminders to help safeguard against account takeovers:
- Be cautious of phishing attempts aiming to gain access to your accounts. Always verify the authenticity of messages and links before providing any personal information.
- Avoid sharing your email or other sensitive information to complete orders or transactions. All transactions in Carousell do not require an email address to complete orders!
- Keep your login credentials secure by using strong, unique passwords and enabling two-factor authentication whenever possible.
- Regularly monitor your account and bank activity for any suspicious or unauthorized transactions. Report any unusual activity to the platform's support team immediately.
- Stay informed about the latest scams and security threats by staying up-to-date with security alerts and tips from trusted sources.
👉👉👉Being vigilant in all your activities and transactions can lead you to have a safe transaction and happy browsing experience!
- [Dec 2023 & Jan 2024] 🔥🔥🔥 Attention
- When using online platforms, be careful about potential phishing attempts originating from ATO (Account Takeover) accounts. These fraudulent activities aim to manipulate users into disclosing sensitive information, compromising account security. Stay alert and double-check if the communication is legit to keep your personal data and account safe.
👉Enable Two-Factor Authentication (2FA) for suspicious logins: When a Carousell account is being logged in through a new device, we have 2FA codes sent to the account’s email address to confirm and inform the account owner that there is an attempt to log into their Carousell account.
- Watch out for Fake Carousell websites that may mimic the platform's appearance but are designed to scam users. These fake sites often play around with individuals into providing confidential information, leading to identity theft or money loss. Always ensure that you are using the official Carousell website to conduct transactions and avoid falling victim to these such schemes.
👉How do I know if the website is from Carousell?
- Exercise caution when encountering to pretend as customer support sites that may be fraudulent. These fake support channels can mislead users into sharing sensitive details under the guise of assistance.
- Remember, legitimate customer support from Carousell will never request unnecessary information, such as your email address to complete transactions or process payments. Stay informed and prioritize your online safety by avoiding these potential risks. If you have any doubts, please always verify with official support team first
👉How do I contact Carousell Support Team?
- When using online platforms, be careful about potential phishing attempts originating from ATO (Account Takeover) accounts. These fraudulent activities aim to manipulate users into disclosing sensitive information, compromising account security. Stay alert and double-check if the communication is legit to keep your personal data and account safe.
- [Nov-2023] Phishing scammers are increasing using compromised accounts and sending out Line ID numbers for fraudulent activities , here's how these scams work:
- A compromised ATO (account takeover) account is used to send phishing messages.
-
These messages may request sensitive information, such as personal information (email address, passwords, phone numbers) and financial details.
-
Scammers use these data for fraudulent activities.
⚠️Safety tips to protect yourself:
✅ Always verify the sender's identity.
✅ Be cautious when sharing personal information.
✅ Use strong, unique passwords and enable two-factor authentication.
- [Oct-2023]🛡️Beware of Phishing Scams🛡️- Phishing attempts are continuously on a rise, especially on online marketplaces. Here's how these scams work:
1. Scammers are now requesting sellers to provide screenshots of their email addresses and phone numbers. You provide a screenshot that reveals your email address and phone number. (*please refer to below screenshot 1.)
2. Shortly after, you receive an email claiming payment has been made for one of your items. The email requests and your bank account details to receive payment. (*please refer to below screenshot 2 and 3.)
Remember, when using Carousell's payment system, you NEVER need to leave the app, send your email address, or mobile number to receive payment. Stay safe and protect your personal information. Be cautious about sharing your details with unknown parties. #OnlineSecurity #ProtectYourInfo
*Screenshot 1
*Screenshot 2
*Screenshot 3
⚠️Safety tips to protect yourself:
✅ Please be vigilant and do not share your personal information in the aforementioned way.
✘ Never scan suspicious QR codes that could lead to phishing scams.
- [July 2023] Concert season is around the corner and concert ticket scams are on the rise. Ticket buyers are encouraged to verify the authenticity of the tickets before making any payment. Opt for meet-ups to check the tickets physically – cross check the name on the ticket with the seller's name. Carousell would like to remind users that tickets purchased from third-party vendors do not guarantee entry. Be wary when sellers try to get you to pay a deposit or in-full immediately to secure the tickets – scammers will try to create a false sense of urgency by claiming that they have other buyers lined up to get you to transfer to them as soon as possible.
- [February 2022] Received an offer for your item via bank account transfer, but the buyer then transfers you an amount higher than the agreed price? It could be a scam! They may seem just like any other regular buyer, but if they ask you to then transfer the extra amount back to them, do ensure the bank account number provided is the same as the original beneficiary bank account number used to transfer you the money. Alternatively, sellers can always suggest buyers make payment via Carousell Protection to avoid this situation.
- [January 2022] We’ve noticed a group of K-Wave scammers who sell photocard / K-Wave merchandise. Their listings are mostly titled WTS with a generic description, and these scammers typically only accept payment strictly via shopeepay, with no bank account or phone number provided to buyers in chat. Do exercise caution by keeping all transactions within the platform.
- [December 2021] Be careful when purchasing electronic gadgets and computer parts (e.g. Airpods, PSP, PS4, and other various PC parts such as Ryzen 5). There have been scammers who request for the buyer’s phone number to communicate on WhatsApp instead. They tend to provide photoshopped bank account images and tracking slips, luring buyers with authenticity and warranty proof, but ultimately failing to deliver and respond after payment is received. Do exercise precaution when purchasing such items by always using Carousell Protection or checking the user’s bank account/mobile number in the CCID portal - https://semakmule.rmp.gov.my/. Make sure to also keep all communication in-app so you have a record of the conversation if things go downhill.