Cybersecurity

Scammers use fake Sumbangan Tunai Rahmah site to hijack Telegram accounts

By Angelin Yeoh
Ayiezola said that if the victim submits the OTP, the scammer can gain full access to the victim’s Telegram account, including their contacts and private messages, describing the method as a classic man-in-the-middle technique. — Pixabay

A netizen has flagged a fake Sumbangan Tunai Rahmah (STR) website targeting recipients of the cash aid programme in Malaysia.

According to a post by self-described security enthusiast Ayiezola on the developer platform GitHub, potential victims are lured to the fake site through links shared on Telegram.

On the website, victims will be prompted to enter their full name and phone number to supposedly check their eligibility for the STR payout. Once the phone number is entered, the backend triggers a legitimate Telegram login request to the victim’s device.

They will then be redirected to a second page where they are asked to input a one-time password (OTP).

Ayiezola said that if the victim submits the OTP, the scammer can gain full access to their Telegram account, including contacts and private messages, describing the method as a classic “man-in-the-middle” technique.

The website displays the logos of the Inland Revenue Board (LHDN) and the Malaysia Madani initiative, which may lead some users to believe it is legitimate. According to Ayiezola, these logos are used to create a “false sense of authority”.

The site also shows a list of “Penerima STR 2026”, featuring testimonials with names of purported users who allegedly received their payments.

The security enthusiast also identified a second identical phishing page by the same threat actors, believing that this indicates "a wider coordinated campaign targeting Malaysians".

Ayiezola said the fake STR website has been reported to Google Safe Browsing, a service that identifies and flags dangerous websites involved in phishing, malware, or other online scams.

Once a site is reported and verified, Google Safe Browsing can warn users when they attempt to visit the page through browsers such as Google Chrome or Mozilla Firefox.

Checks by StarLifestyle showed that the website is still accessible as of time of writing.

On March 9, the Finance Ministry announced that STR Phase 2 payouts would begin on March 10, covering 5.2 million recipients.

Payments range from RM100 to RM600 depending on various eligibility categories with the total allocation for 2026 standing at RM15bil. 

The ministry has reminded public to be aware of fake links and scams. 

STR eligibility status check is available through https://bantuantunai.hasil.gov.my by clicking Log Masuk on the main page. 

They will then be redirected to a MySTR portal to sign in or register a new account.

Related stories:
Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Tech News
Some newlyweds are trading dance floors for gaming floors
UK lawmakers vote to reject social media ban for under-16s
Canal+ taps Google and OpenAI for AI-driven video production, content recommendation
How AI-generated videos are distorting your child’s YouTube feed
Inside the birthplace of your favourite technology
AI incites a new wave of grieving parents fighting for online safety
China moves to curb use of OpenClaw AI at banks, state agencies
Health advice from AI Chatbots is frequently wrong, study shows
OpenAI plans to launch its Sora video tool in ChatGPT, The Information reports
'Stealth hit' Pok�mon game sends Nintendo shares soaring

Trending in Tech

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.