BML ‘phishing’ website targets mobile banking customers

The Bank of Maldives (BML) yesterday issued a statement warning that fraudsters had created a false BML website to deceive the company’s mobile banking service customers, obtaining their bank account number, credit card number and its security code through the fraudulent website.

The fraudsters were inviting BML customers to their fraudulent website under the domain by sending text messages from 00455, claiming it was a registration website for the BML mobile banking service.

The fraud, known as ‘phishing’, is relatively common in the Western world and many banks instruct their customers to never access their website by clicking a link in an email. Technology analyst group Gartner estimate that 3.6 million adults fell victim to such scams in the 12 months ending August 2007, losing US$3.2 billion in the process.

Since then phishing attacks have become markedly more targeted and refined, with the emergence of ‘spear-phishing’, with individual and high-value targets such as corporate account executives being targeted.

BML warned that if any of its customers filled this registration form displayed in the fraud website, the fraudsters will be able to take advantage of them and misuse the information.

The statement said that the mobile banking was a service provided by BML “with high security and confidentiality.”

However, it is the responsibility of the customers to keep confidential information such as their card number, expiration date, pin number and security code, account number, internet banking user ID and its security and password, said the statement.

The BML said the most common method fraudsters used was to obtain information to misuse credit cards and debit cards after obtaining the data by sending emails from sources trusted by the victim, linked to fraudulent sources.

The fraudulent website is designed to appear just like the legitimate website.

BML warned customers to never use a link to access the bank’s website, and recommended its address be typed directly into the browser.


6 thoughts on “BML ‘phishing’ website targets mobile banking customers”

  1. Good one Xa-yanu, lol
    But jokes aside we should now seriously consider strengthening our internet laws. I sincerely hope one of the MP's got phished so that they might give some importance to this.

  2. Bank of Maldives should note that many Maldivians (excuse my using the term), just like naive business men from other countries have fallen victim, at times - flying to far countries, in the hope of earning quick money. (And of course many people in the west too... see I include them too)

    BOM should elaborate with prominent awareness and advocacy campaigns, about accessing their services with full security. I say it is their responsibility.

    My personal experience with them has not been good. They have been very irresponsible, even with the tremendous growth in its card market.

  3. BOM should buy,, and some other common domains and keep them safely with them...

  4. BML has been hacked several times without their knowledge at this year:D

    Tell the truth, Thier IT guys are not so tech savvy minds :#


Comments are closed.