Learn about phishing and legitimate communications

Learn about phishing

What is phishing?

Phishing is a type of fraud in which cyber criminals attempt to steal sensitive information through email messages, websites or phone calls which appear to be legitimate.

The victim is typically duped into believing that the message or call is from a trusted source; criminals may even be pretending to be someone you know. Their aim is typically to get you to share your passwords or other personal data to steal your money, your identity or both.

How to identify phishing communications?

It’s important to be on the lookout for any suspicious signs of phishing. Here are some signs to look out for:


  • Unofficial “From” address. Look out for a sender’s email address that is similar to, but not the same as, a company’s official email address.
  • Urgent “calls to action” to try to get you to react immediately. Be wary of phrases like “your account will be closed,” “your account has been compromised,” or “urgent action required.”
  • Spelling errors, poor grammar, or inferior graphics.
  • Generic greetings like, “Dear Customer” or “Dear Member”


  • Incorrect company name. Often the web address of a phishing site looks correct but actually contains a common misspelling of the company name or a character or symbol before or after the company name. (for example, www.gra8.com instead of www.grab.com).
  • Pop-up windows asking you to enter your username and password. Phishing scams may direct you to a legitimate website and then use a pop-up to gain your account information.

Phone Calls and Texts

  • They are evasive if you have questions
  • The number is different from the official contact number
  • If you’ve received a call from a genuine source, they shouldn’t mind if you hang up and call back using their official contact channels.
  • If they provide you with a number to ring, you should verify that it belongs to a trusted source before calling it.
  • Beware of a caller who doesn’t want to end the call, or tries to put you off from calling back using the official number.

What should I do if I received a phishing communication?


  • Disconnect immediately and share the fraud number with us by calling our helpline
  • Call us immediately if you have mistakenly revealed your OTP details to someone.


  • If you get a SMS/call asking for sensitive information, do not provide these details.
  • Don’t open or forward these suspicious links via email, SMS or chat.

What should I do if I've been phished?

If you have shared your credit/debit card information with a suspected fraudster, please block your card immediately by contacting your bank and lodge a police report for further investigation.

If you have shared your Grab app login credentials or suspect any irregular activities/charges from your account, please reset the password or GrabPIN and report it to us here.


  • No-one should be asking for your password
    A reputable company will never ask for your password or PIN, either over the phone or by email. If they need you to reset your password, they’ll send you a link to a secure page on their official site, which will allow you to do it safely. You also shouldn’t have to give any individual person your password or PIN number.
  • Fraudsters often use threats
    In order to try to spur the victim into action, scammers may include threats in their calls. For example, they could say that your bank account will be permanently deleted if you don’t reset your password through a link that they’ve provided.
  • If the deal seems too good to be true, it is indeed
    Be cautious when you come across promotional offers that sound too good to be true. Fraudsters will claim to be from a real company with fake offers, or that you won a lucky draw.

Your security and privacy is our priority.

Activate GrabPay, a safe way to pay and keep your money.

Read other articles.

How to avoid scams, fraud and identity theft

Follow these simple steps to avoid falling prey to financial fraud

Why is verifying your account and setting up Grab PIN important

Grab PIN and biometrics adds an additional layer of authentication to access your funds

Enjoy 9% (RM8) Rebate at

  • Valid from 15 Jan 2022 – 28 Feb 2022
  • Minimum spend: RM88
  • Limited to 62,500 redemptions 
  • TWO(2) redemptions per user throughout the campaign

1. Campaign period is from 15 January 2022 (12:00am) – 28 February 2022 (11.59pm).
2. GrabPay users are eligible for a “RM8 rebate” in your “My Rewards” when you spend a minimum of RM88 on a single receipt via GrabPay Wallet.
3. The offer of “RM8 rebate” is limited to a total of 62,500 redemptions throughout the campaign period.
4. Offer is valid for TWO (2) in-store redemptions with a cap of ONE(1) redemption per user per day throughout the campaign. Shared across AEON Co, AEON BiG, AEON MaxValu Prime, and AEON Wellness throughout the campaign period. 
5. The “RM8 rebate” will be awarded instantly with a minimum transaction of RM88 with GrabPay at all outlets of AEON Co, AEON BiG, AEON MaxValu Prime, AEON Wellness; The rebate can be found under “My Rewards”. Rebate must be redeemed by clicking “use now” under “My Rewards” 30 days from the date of issuance.
6. The campaign will cease once all redemptions have been fully awarded or at the expiration of the campaign period, whichever is earlier.
7. Offer is based on a first come first served and while stocks last basis only.
8. Grab and AEON Group shall not be under any obligation to inform users, on any communication channels once the offer has been fully redeemed.
9. Offer is only available for AEON Co, AEON BiG, AEON MaxValu Prime, and AEON Wellness physical stores purchases at cashier counter only via GrabPay Wallet; offer is not applicable for online or GrabMart purchases.
10. Offer is not exchangeable for cash or replacements.
11. Offer is not valid with any other voucher, discount or promotion.
12. Grab and AEON Group reserve the right to alter, extend or terminate the promotion, or amend the terms and conditions at its sole discretion at any time without prior notice. In case of any disputes directly or indirectly arising from the promotion, the decision of Grab and AEON Group shall be final.
13. These terms and conditions shall be governed by the laws of Malaysia and any dispute arising out of or in connection with promotion shall be referred to the exclusive jurisdiction of courts of Malaysia.
14. This rebate is non-transferable to any party.