My cart

0 item(s): $0.00

  • Your shopping cart is empty!

Have you ever gotten this kind of message?

Have you ever gotten this kind of message?

Posted by: Amirul Izwan Created Date: 01 Mar

Last year, the government created an RM50 ePenjana incentive through the Pelan Jana Semula Ekonomi Negara (PENJANA) initiative and Touch ‘n Go is among the selected platforms. Some of you might even have seen their campaign banner before. In case you don’t remember, here’s a screenshot of the banner to help jog your memory.



Some people might even receive the announcement message through WhatsApp as in the screenshot below. If you notice, in the message, there is two(2) provided internet link. One to the campaign webpage above and another to a registration webpage. But wait! Don’t fill in your password yet!


Did you notice that the domain for the two internet links is not the same? The first one pointed to a webpage under the official website domain, while the other one pointed to some other domain. Now try to search the keyword “tng login” on a new tab and open up the page. Now open up another tab then copy and paste the second internet link from the message from before or you can just click here.


Looking at the two tabs side by side to compare, they look almost the same, don’t they? The domain name of Malaysia notable organization is usually ended with “.com.my”  while the Malaysia Government sector will use “.gov.my”.

Spoofing led to phishing

In the previous article, we talked about a type of Cyber Threat called Phishing. This one, as you might have guessed, is also a type of Cyber Threat that is called SpoofingSpoofing is an act of disguising oneself as a trusted entity of some sort to get the most basic of sensitive information that is usually the login ID and password. Once these pretenders get your login ID and password, the rest of your personal information can simply be retrieved from the account itself. In this case, from your Touch‘nGo account. With all that information, don’t you think their phishing act will be even more convincing?

Now then, you might think successfully spoofing a Touch’nGo account, or any such kind of account, doesn’t amount to too much damage, most people don’t even put that much money into their Touch’nGo account. But imagine this, these spoofing criminals now have almost all your personal information. Your registered address, phone number, email, linked bank card or bank account and such.

All this information makes it easier for them to crack, say your social media account, or worse, your work or business-related account. This could lead to an even worse cyber threat called ransomware attacks, even if it doesn’t, a company data breach through your stolen credential certainly isn’t something you ever want.

But you don’t have to worry about the internet link and the message above, those are our handiwork as a demonstration. There is no extensive backend to do such criminal work in it. It just goes to show that preparing such things is possible with the right knowledge. In fact, it’s not even that hard if you have experience as a web designer. It is no different than setting up a new website with a look-alike appearance and with a look-alike URL. As simple as that.

How to avoid falling victim to this cyber threat?

The next time you see this kind of message, do not immediately click on the link provided. Because some spoofing links or URLs have integrated automatic functionality to download a virus or malware into your devices. Check and confirm with your acquaintances about the validity of the message. Search online about the offer or campaign or whatever it is.

Usually, the official webpage will provide the instructions and the real link or URL for redemption. If you find this tedious then you can just ignore the message altogether. Today, the RM50 ePenjana campaign has already ended and replaced with the RM150 eBelia campaign. Regardless, please be careful and always be aware of the danger of such a threat while navigating yourself through the cyber world.

If you received a suspicious message or if you found any website link or URL that you think is suspicious, please report it to us through our WhatsApp or just put it in the comment. We aim to create a list of spoof sites then keep it updated on this website as a reference by the public. Please look forward to our live stream soon where will talk more about the topics of Cyber Security.