Your User ID, Password,
and PIN are

Types of Cyber Crime

Lately, the number of cyber crime has been increasing significantly. Awareness of its various types and prevention steps are very crucial to avoid falling victim to this scheme. By fully understanding the common criminal and fraud cases that often occur within the cyberspace, your future banking transactions will be much more secure in the days to come.



  1. CIMB Niaga and its third parties will never ask you for your personal information such as User ID, Password, Passcode, and PIN for any reason.
  2. CIMB Niaga will never contact you to provide the above information on system maintenance or data update.


Malware or Malicious
software is a
software or…


Malware or Malicious software is a software or program that is created with 2 intentions: to infect the target’s computer or gadget and steal user’s information by disguising itself as an official bank website.



Phishing is a type
of email
that aims…


Phishing is a type of email that aims to deceive the customer by getting his/her personal and confidential information (such as user ID, password, mPIN, passcode, etc) on behalf of another website or any other legitimate institutions.



Social engineering
is a cyber
crime whereby…


Social engineering is a cyber crime whereby the fraudster engages in various fraudulent ways such as offering gifts, updating data, or cancelling certain transactions with the objective to gain access to customer’s confidential data. Once the fraudster gains access to information such as your user ID, passcode, password and mPIN, they will be able to conduct transactions from your bank account with ease.

Some examples of Malware virus:

  • Trojan is a type of virus that disguises itself as another file (e.g. a microsoft word document attached to an email). When the user opens this email, trojan virus will automatically enter the electronic device and impair the data within.
  • Worm is a program that can automatically duplicate itself within the user’s computer system or gadget that normally utilizes the LAN/WAN/Internet network.
  • Spyware is a program that can monitor user’s activities and retrieve their passwords as well as other confidential information which will be sent to the fraudster’s device.

How does Malware spread?

  1. Email
    Nowadays, email can be considered as the main channel for electronic communications. This is why email has become the ultimate media to spread virus from computer devices or gadgets, in the form of an attachment that attracts email recipient.
  2. Data storage media
    Data storage media such as USB Flash Drive and External Hard Drive often contain malicious viruses – those viruses can impair your electronic devices. Removable media is especially prone to virus as the user often recklessly connects it to a computer device that already contains virus or to a device that doesn’t have an updated anti-virus program.
  3. Website
    Websites that provides cracks, torrent and pornography are some of the sites that generally contain malware. But it doesn’t mean that normal websites do not contain malware too. Therefore, it is not advisable to access uncommon features within a website.
  4. Messenger Apps
    Messenger Apps can also be a malware storage media, by spreading malicious link to the chat.
  5. Local Area Network (LAN)
    Virus can also spread through local area network that is connected to several devices at the same time. When a virus infiltrates computer device that is connected to LAN, it will spread easily to other devices that uses the same LAN.

How does phishing occur?

In some cases, customer is usually informed to update his/her account. For instance, an email can be sent under the name of CIMB Niaga or CIMB Clicks, requesting the customer to update the information on his/her CIMB Clicks account. The customer will then be directed to access a link that is given by the fraudster which will lead him/her to a false website of CIMB Clicks. In this website, the customer will be asked to enter confidential data such as user ID, password, and mPIN. Having such information, the fraudster will be able to access the customers’ bank account with ease.

Important to note: mPIN is solely used to authorize financial transaction or change of password, and it is not meant for CIMB Clicks login.

Some examples of social engineering:

  1. Countless fraud cases occur through gift offering and many are deceived by this method. The fraudster pretends that he/she is representing the bank while calling the customers to tell them that they have won a recent event held by the bank. By taking advantage of the victim’s psychological state, the fraudster will carry out the scheme in order to obtain classified information.
  2. The fraudster usually conducts false data update by disguising himself/herself as bank authorized representative to call and inform customer to change or update their data. Normally, the fraudster will ask for confidential information such as user ID, passcode, password and mPIN to be able to update the customer’s account. By possessing such classified information from the customer, the fraudster is able to alter customer’s bank account.
  3. Transaction cancellation is another form of social engineering fraud. In this case, the fraudster informs the customer on behalf of the bank that there is an unusual transaction recorded in the customer’s bank account. In order to cancel this transaction, the criminal asks for the customer’s confidential information such as user ID, passcode, password and mPIN to be able to access the customer’s account.

How to make
Secure Transactions

  1. Ensure the operating system, antivirus or anti malware software on your device are updated regularly.
  2. Download applications only from credible websites and make sure to read the review and application details before downloading it.
  3. Use a user ID and password that is difficult to guess so that it would be hard to infiltrate into your computer system.
  4. Never leave your Bluetooth or Wifi on if you are not using it, especially in public place.
  5. Install credible and suitable security applications on your computer and gadget.
  6. Never enter your personal information into a suspicious website.
  7. CIMB Niaga never asks for your personal information such as PIN code and password through phone calls or emails.
  1. If you suspect any unusual display or changes in the transaction steps, please stop your transaction immediately and call 14041. We never conduct any changes that will affect the verification and transaction steps without prior information.
  2. Always access CIMB Clicks through our official website,
  3. The CIMB Clicks website uses SSL Web Certificate feature whereby you will see a lock symbol next to the address bar on our official website display.
  4. Please take note of the Secure Word feature, which is a secret phrase that you created during your CIMB Clicks registration process. Only the official website of CIMB Clicks is able to display the secure word you’ve created.
  5. Change your password regularly.
  6. mPIN can only be used to authorize financial transaction or change of password.
  1. Download the application from the official application store on your smartphone. Go Mobile is only available on Google Play, Apps Store and Blackberry World or you can also access it by clicking the following link:
  2. Make sure that the registered phone number is your own personal contact number.
  3. Do not trust any SMS or incoming calls promising you certain prizes, on behalf of CIMB Niaga or another company that directs you to conduct financial and non-financial transactions through ATM.
  4. User ID and mBanking PIN are very confidential. Make sure that you don’t reveal your User ID or your mBanking PIN to anyone.
  5. Do not store your User ID and mBanking PIN in places that others can find easily, especially your mobile phone.
  6. If you lost your phone, report it immediately to Phone Banking 14041 and visit the nearest branch to perform preventive measures.
  7. In order to maintain your security in doing transactions, change your mBanking PIN regularly using the Go Mobile application (select the following menu: “Additional Services – change mBanking PIN”).
  8. The Bank never asks for User ID, mBanking and personal information via phone call or SMS.
  9. mBanking PIN is a unique code created by customer (or user) in the form of a 6-digit number, which is only used to authorize transactions in Go Mobile. Customer will be asked to enter 2-digit number randomly before completing transaction. The Bank never asks customer to inform their mBanking PIN information.
  10. For customers who are using Go Mobile SMS menu, immediately delete the SMS record from your inbox.
  11. To maintain the security of customer’s data, it is not recommended to use Go Mobile on mobile phones which have had the following modifications:
  • Non-official operating system
  • Non-standard configuration
  • Root Access
  • Jailbreak


Questions in regards to the security
of banking transactions
that are often asked:

  • If your computer had been infiltrated by malware, you will be prompted to enter some confidential information at another webpage. For instance, PIN to log in or an additional page on “additional security verification” which is not the bank’s official webpage. You may also be forced to log out upon completing your transaction.
  • Your computer programs run very slow or often crash for no reason.
  • Suspicious network traffic which results in a slow Internet connection.
  • Anti-virus warning (the updated version of Anti-Virus can detect the presence of malware up to 75-80%).
  • Difficulty in accessing your account after entering your login credentials into the official CIMB Niaga online banking page.
  • Receiving a message that indicates “The transaction may take 1-10 minutes to complete”, “Security verification is in progress” or any other unusual message.
  • Receiving multiple prompts to re-enter your login information.
  • Redirected to another site to key in your login credentials.
  • First, cease any banking, shopping, or other online activities that involve sensitive information (close your browser immediately and inform the bank). Make sure that your Anti-Virus program is active and up-to-date. Scan your computer and let the anti virus program delete any virus and malware that are present.
  • Second, if you suspect that your computer is still infiltrated by virus even after running the Anti-Virus scan, it is recommended that you refrain from using the same computer in conducting online banking transactions.
  • Third, change your password immediately with one that is difficult to guess. Refrain the use of first name, surname, or birth date as your password.
  • You are also advised to directly contact us at our Phone Banking line at 14041 if you know any suspicious activities such as the following:
  • Your account balance changes while you did not perform any transfer of fund or other financial activities
  • You received an SMS that contains mPIN, while you did not perform any activity on your online banking account (mPIN is solely needed to conduct financial transaction, not for login)
  • You received an SMS stating that you have done a transfer of fund through online banking that you did not recognize.
  • You are forced to log out after putting in your transaction details together with your mPIN.

While the bank has the latest online security features, we still advise you to protect your devices by installing the latest Anti-Virus and update it regularly.  Avoid using the same computer or gadget to access the banking site and to download files from illegal sites.

Malware is able to infiltrate your computer through many ways, such as by:

  • Installing an application from a suspicious source (for example: when you are opening a website, a pop-up advertisement appears with an indication that the computer is infiltrated by a virus).
  • Visiting less credible websites, such as those related to gambling and pornography (the URL starts with “http” instead of “https”).
  • Clicking a survey advertisement or free gift advertisement that directs you to a malware website.
  • Downloading files (movie, music, etc) from less credible websites.
  • Viewing an attachment on a phishing email.

And many more.

As a reminder, CIMB Niaga Bank will never ask its customers to reveal confidential information, such as User ID, Passcode, Password and mPIN. Hence, if there is any party that contacts you who claims to be the bank’s representative to assist you in adjusting your data as required by the bank’s policy and ask for confidential information such as User ID, Passcode, Password and mPIN, you should not reveal the information and immediately report the situation to our Phone Banking line at 14041.

For customers who have already provided such information (User ID, Passcode, Password and mPIN) to any suspicious person who claimed to be from the bank, immediately call Phone Banking line at 14041 to block your CIMB Clicks / Go Mobile facilities. Once blocked, the fraudster will not be able to access your bank account.