GrabPay users are falling for fake ads offering cheap iPhones and PS5 consoles; accounts get hijacked

In response to reports about GrabPay users falling victim to unauthorised transactions, Grab assured that the platform remains secure and uncompromised.

“We are aware of the reported cases and are working closely with the authorities and our partners in the investigations,” a Grab spokesperson said to AsiaOne.

Several police reports had been lodged in October, in which users of the e-wallet described having their stored funds transferred without authorisation.

It is understood that the company is aware of a new variant of scams involving Grab impersonators who ask users for the one-time password (OTP) required to be keyed in before making an online payment. With the OTP, scammers then perform unauthorised transactions from the victim’s account.

[embed]https://www.facebook.com/Grab/photos/a.243552129130112/1769326843219292/[/embed]

Fake advertisements purportedly posted by Grab had offered deals like cheap iPhones and PlayStation 5 consoles, where users would be directed to a fake Grab website. Users were then asked to key in their phone number and GrabPay OTP, and scammers then use the information to get access to the account.

Grab affirmed that it does not and would not ask for personal information or OTP in any of its promotional campaigns and advertisements.

“As a golden rule, do not share your personal account information such as GrabPIN or OTPs with anyone,” Grab noted in a blogpost on Nov 13.

“Scammers will not be able to unlock your GrabPay wallet, as long as you do not give away your personal account information,” the company guaranteed, urging users to stay vigilant as they shop online during the festive buying season.

Grab also maintained confidence that its system has not been hacked or compromised in any way, pointing to past fraud cases where all the affected users had shared their OTP for the fraudulent transactions to be completed.

However, in another online spam incident reported by Business Times and involving e-commerce marketplace Qoo10 and Razer Gold, some victims claimed they had not provided any OTP for the unauthorised transactions that were made through GrabPay. Police are currently investigating the reports.

“As fraudsters are known to evolve constantly and find new ways to target users, we have implemented artificial intelligence and machine-learning to detect and study fraudulent activities,” the Grab spokesperson also informed AsiaOne.

“This will enable us to  continuously put in place more stringent preventive measures to keep our users’ accounts safe.”

ilyas@asiaone.com