More than RM2000 STOLEN through Boost e-wallet, here's how to prevent it from happening.

Boost e-wallet has been stolen more than RM2000!  Security vulnerabilities and protection solutions!

Boost is a free-to-use e-wallet which allows the user to make payments through the app to all participating merchants on its platform, such as 99 Speedmart, Steam, Shopee and more. In order to do so, users are required to top-up the e-wallet using either a credit, debit card, and online banking. That being said, there was an unfortunate case where a user from  Kluang, Johor had more than RM2000 stolen from her through the Boost app.

Based on the police report, the user noticed that her smartphone was showing notifications from Boost stating that the top-up was successful and subsequently transferred to another Boost account as well as mobile top-up. The bank officials and Boost customer service assured the victim that they are currently investigating the theft and will provide the update on whether the money stolen can be recovered.

How did it happen and how do you overcome this issue?

One of the theories of how the user’s information was stolen was through the use of phishing websites, which attempts to steal the victim's information by requiring them to enter private credentials such as phone number, IC, bank account number, passwords and more in exchange for illegitimate goods. Some examples of these websites include those that offer free products such as a free iPhone, Car and even laptops.

Not only that, it has been reported that more than 50% of the users on the internet use the same password for various websites, which is a huge risk factor in the event that your password gets stolen.


Example of a phishing text message which links to a illegitimate website

In order to protect yourself from threats such as this, it is advised to use different passwords for different websites so that if one of your accounts on that platform gets compromised, it will not put all the other accounts at risk. Using unorthodox passwords can also significantly reduce the chances of your password getting cracked by suspects using a cracking tool.

Last but not least, I personally feel that Boost must require every user to enter a TAC code in order to either make a top-up, transferring funds from one account to another or even when logging in from a new device.


Utilizing a pin to perform purchases or actions

There are still many more options you could utilize in order to protect yourself while surfing the world wide web, such as using a password management tool like LastPass and clearing your user data when using a public computer. But that’s all for now, stay tuned to for more updates like this.