MCMC: Use 2FA authentication for social media accounts to stop phishing attacks

Estimate Reading Time: < 1 minute

KUALA LUMPUR: The public is again urged to activate two-factor authentication (2FA) for social media accounts and messaging applications to avoid falling victim to an account takeover by fraudsters.


The Malaysian Communications and Multimedia Commission (MCMC) in a statement also advised the public to not share any verification code and not to click on any suspicious uniform resource locator (URL) or link.

According to MCMC, the takeover of messaging application accounts occurred through camouflage tactics and persuading the victim to submit a four-digit, five-digit or six-digit verification code or security code sent by a messaging application provider either through the service short messages (SMS), email or other settings.

“Among the tricks and modus operandi often used include fraudsters impersonating an authority using fake messaging accounts and using intimidation or extortion to obtain verification codes.

“Masquerading as a friend or family member by using a messaging account that has been taken over, they plead to the victim to submit a verification code claiming it was theirs and that the messaging provider had mistakenly sent the code to the victim,” said MCMC in the statement here on Thursday (Aug 11) night.


The MCMC added that the perpetrator may also disguise as an authority and inform that the victim has been chosen to be part of a secret group created by the government.

The victim is then directed to share the verification code sent via messaging or SMS to gain access to the secret group.

Perpetrators would fish for data (phishing) by informing “…that the purported victim has committed a privacy or copyright violation before being told to click on the bogus link provided for correction,” said MCMC.

Victims can make a complaint directly to the platform operator or at

Notice: ob_end_flush(): failed to send buffer of zlib output compression (0) in /home/capitalp/public_html/wp-includes/functions.php on line 5309