As you know Experian is committed to protecting your credit health in everything we do. It's why we always share our thoughts and information about keeping you safe from cyber criminals.

In this 4-part series, there are dozens of misunderstandings that are constantly being repeated and all too quickly accepted as truth, without them being verifiable.

We have identified a number of common misconceptions and points out how to minimize the risks that result from a misunderstanding of IT security.

Myth #1: "My PC Firewall protects me from all attacks from the Internet."

Unfortunately, it is not so easy.

Without the right configuration, a firewall does not provide optimal protection against attacks from the Internet. The so-called "personal firewall" controls the incoming and outgoing data flow to protect the home PC against viruses and other malware. However, attacks from the Internet exploit any vulnerability in installed and used programs as well as in the firewall itself.

As with individual programs, the same applies to the firewall: Especially the configuration is crucial. Only with the right filter rules and settings can the security of the computer be guaranteed. Hence, the settings should be checked regularly and the filter rules should be defined so that only absolutely necessary accesses are allowed. If an unknown program requires access to the Internet, the user should review it critically. Do not forget the firewall of Internet routers.

Myth # 2: "If I have a recent antivirus, I do not have to install updates for other software immediately."

This thought is a fallacy.

Although anti-virus protection is important for safe web browsing, updates to the applications you are using should always be installed as soon as possible. Any program installed on your own devices carries the potential danger of being attacked from the Internet.

Current malware can exploit existing vulnerabilities before it is detected by anti-virus programs. For example, the attackers exploit the time window in which a newly developed malicious code is not yet recognized by the anti-virus software. Therefore, software manufacturers are constantly trying to update and so-called patches to close security holes in their programs.

This prevents malicious software from ever taking effect. Of course, anti-virus programs should always be up to date. Because they offer additional protection only if their virus signatures are kept up to date by updates. Information for update and patch management can be found here.

Myth # 3: "A single long letter and character password is perfect for my online services."

No, because if an online service is compromised and your password is stolen, all services protected by that password are in jeopardy.

Especially when using e-mail addresses for authentication, the username and password can be assigned to each other well. Therefore, a good and secure password is essential - but every online service should use a different password. Particularly with services, which contain or inquire sensitive data, is to pay attention to a strong password.

Examples include access to online banking or shopping, In general, it is recommended to choose a password with a length of at least 8 characters, uppercase and lowercase letters as well as special characters and numbers. The password should not appear in dictionaries and should not be a proper name.

It happens that providers impose restrictions on the allocation of passwords, such as the length or the use of special characters. Then the password recommendations should at least be implemented as far as the restrictions allow.

In addition, passwords should be changed at regular intervals and never multiple times for different online services are used. Password management programs help because they not only manage the passwords but also generate secure passwords. More information on handling passwords is given here.

Myth # 4: "I only surf on trusted sites, so I do not have to protect myself from cyberattacks."

Unfortunately, even trusted sites can be affected by malicious software from time to time.

For example, it can hide in banners and install itself unnoticed on the user's PC. It is advisable to stay only on trustworthy sites - but you are not protected from cyberattacks. Users who rely on popular and well-known internet sites with respectable content often find themselves in false security against cyberattacks.

Basically, protection is always required when users surf the Internet, regardless of which pages they visit. So-called drive-by downloads in which content is downloaded in the background without user intervention, and malicious scripts can also be made on popular Internet sites. Thorough protection by virus protection programs and firewalls - with the above restrictions - as well as regular security updates is recommended despite all precautions.


In the second part of our series "Security Errors on the Internet" we deal with the topic "Mobile Security". There are dozens of misunderstandings that are constantly being repeated and all too quickly accepted as truth, without them being verifiable. We have identified a number of common misconceptions and points out how to minimize the risks that result from a misunderstanding of IT security.

Myth #1: "My data is securely protected from unauthorized access in the cloud."

Data in cloud services is not always sufficiently protected.

The storage of user data in cloud storage or the automatic synchronization between mobile device and cloud storage is not sufficient backup of the data. Users have to expect in such services that this data is available unencrypted and the provider may use this data for their own purposes, although reputable cloud providers ensure the "security" of data in the cloud, dangers lurk in their access.

For one thing, criminals may have malicious programs that affect themselves on the smartphone, tablet or PC, can access the data even in the cloud. On the other hand, in the case of theft, the cloud data are only as secure as the protection of the mobile device: If, for example, thieves only have to crack the four-digit PIN or the simple blocking pattern and they succeed, they can effortlessly use the app for stored access data Steal, modify or delete cloud data. When accessing the cloud via public WLANs, personal information can also be intercepted by unauthorized persons when transmitting data.

Before deciding on a cloud service is to check in advance, who the provider is, where is the location and especially where the data centres are.

Myth # 2: "Surfing in public Wi-Fi not only saves money, it's also safe."

Unfortunately, that is only partially true.

The offer of free, public WLANs, for example, in train stations, cafes or hotels is tempting to save the monthly data volume and still use the Internet while traveling. However, public WLAN is often not secure because the data transfer between the mobile device and the router, which establishes the Internet connection, mostly unencrypted. In this case, unprotected data can be tapped or malicious software can be introduced into the user's device.

For this reason, never use confidential wireless LAN data over public WLANs unless they are previously encrypted locally on their own device or transmitted over a virtual private network (VPN). This is especially true if the home or company network is to be accessed. In general, mobile device users should only turn on the WLAN feature during use to minimize the risk of unauthorized access. Some devices provide advanced security settings for dialling into public WLANs.

After completing the connection, the hotspot should be deleted from the list of preferred WLANs to prevent an unwanted connection at a different time.

Myth # 3: "When I buy a latest smartphone, I automatically have a secure device."

Unfortunately, a new device is not automatically safer.

When you buy a new smartphone is not always the current version of the respective operating system installed. Before putting the device into operation, always check whether the firmware is up-to-date and, if necessary, update it directly until all updates have been recorded. However, even with known security vulnerabilities, smartphone manufacturers do not always update all device types available, so that these gaps exist even with latest models. On the other hand, the security settings are often not activated when buying.

Users should review these settings and set up accordingly. This also includes PINs, codes or patterns for securing the SIM card and the device itself. If an encryption of the device is offered, this should be activated. Before disposing of old phone, data should be deleted and the old SIM card removed and destroyed if not used in the new device.

Myth # 4: "Of course, I've enabled automatic updates and updates to the operating system and apps, so I do not have to worry about vulnerabilities."

Automatic updates are useful, but not every detected vulnerability is immediately an update ready.

Although the manufacturers of operating systems and apps are mostly trying to provide updated versions of software after the disclosure of vulnerabilities. But because of the variety of device types and versions of software on the market and operating systems, it may take longer to deploy security updates, or none will be available for specific issues. Depending on the vulnerability, it may be recommended during this period not to use or disable certain features. Even with a preset automatic update, users should always be sure that the programs are up-to-date. Some app manufacturers do not provide updates for all operating system versions.


In the third part of our series "Security Errors on the Internet" we deal with the topic "Computer Security". There are dozens of misunderstandings that are constantly being repeated and all too quickly accepted as truth, without them being verifiable. There are a number of common misconceptions and points out how to minimize the risks that result from errors of IT security.

Myth #1: "If I have a virus or other malware on my computer, it will be noticeable."

It is not always possible for a user to determine whether a virus or other malicious program has taken root on his computer.

There are types of viruses or malicious programs that cyber criminals can infiltrate on computers or mobile devices in different ways. Many malicious programs that may be installed unnoticed on a computer have identity theft features. They usually have the goal of spying on the user, for example, to spy on access data or account and credit card numbers and can inflict considerable economic damage on the victims.

Inconspicuous for the user are malicious programs that allow an attacker to remotely control infected devices. This type of malicious code, for example, is secretly smuggled into the user's computer through e-mail attachments, the opening of a specially manipulated website or the click on an infected banner ad.

By infecting about thousands of computers with this malware, creators can launch attacks on websites (DDoS attacks) to disable them or misuse them for mass spam. While there is no one hundred percent protection against these threats, especially when so-called zero-day exploit. However, with measures such as anti-virus software and a firewall, as well as prompt installation of software updates and careful handling of e-mail attachments, users can increase their protection.

Users should also be very careful when downloading or installing software or other data from unknown sources. In case of doubt it should always be avoided.

Myth # 2: "I have nothing to hide and no important data, so I'm not a target for cyber criminals, so I do not need to protect myself."

This view is fundamentally wrong because cyber criminals can use all available data for their own purposes.

Anyone surfing, shopping, or banking online with an unprotected device uses and leaves behind a wealth of data that cyber criminals are interested in. These are not necessarily the vacation pictures, correspondence or other private documents stored on the computer. From an unprotected computer, criminals can easily steal and misuse access, account and credit card information stored or transmitted on the Internet.

On unprotected systems can also malicious programs such as ransomware nest. The authors of these programs can encrypt the infected computer in such a way that the user can no longer read his data.

The user receives only a message, a certain amount of ransom money, mostly via disguised channels such as the Internet currency Bitcoins to pay, so he comes back to his data. Many often find that they still have sensitive data such as holiday or family pictures. Also, insufficiently secured devices can quickly become part of a botnet and be abused for criminal purposes.

Myth # 3: "My data is in the cloud, so I do not need a back-up."

That's not true. Using a cloud does not guarantee that the data is always available.

Although data storage in the cloud offers a number of advantages: the security mechanisms provided by the provider, the ability to access one's own data over the Internet at any time and from any device, as well as saving storage space, especially on mobile devices.

There are cloud services whose security and availability are high. Nevertheless, the case may occur that the user can no longer access his data. Technical problems, failures at the service provider or even the attitude of a cloud service are possible reasons. It is therefore essential not only to store important data in one place - as in a cloud - but also to regularly create back-ups, i.e duplicates of the data, on an (external) storage medium. It should be kept in mind that even devices, hard disks and storage media can be unexpectedly broken or lost or stolen.

Myth # 3: "My data is in the cloud, so I do not need a back-up."

Myth # 4: "If I delete all the data from my device and then empty the trash, the data is gone forever."

Not correct. To remove data from a disk or device irretrievably requires additional steps.

If users want to sell or dispose of an old device or an obsolete external storage device, they should ensure that all data has been securely erased to prevent possible misuse. Moving files to the Recycle Bin keeps the files completely on the storage media.

Even after emptying the trash can be restored data with little effort, since this process only the references to the data in the index, the contents of the hard drive, deleted and the area is released for overwriting. Only the overwriting of data makes them disappear on certain storage media never to return.

To permanently and safely erase data, special programs should be used best. If a device or storage medium should not be forwarded in anyway or cannot be overwritten for other reasons, it should be physically destroyed. Only in this way can a restoration of the data be made impossible. However, users should be careful to avoid splinter injury from the storage drive.


In the fourth and final part of our series "Security Errors on the Internet" we deal with the topic "E-Mail Security". There are dozens of misunderstandings that are constantly being repeated and all too quickly accepted as truth, without them being verifiable. There are a number of common misconceptions and points out how to minimize the risks that result from a misunderstanding of IT security.

Myth #1: "If I only look at an e-mail but do not open an attachment, nothing can happen."

Unfortunately, this is not true.

Many e-mails are sent today in HTML format. In contrast to plain text emails, these are often colored, with different fonts and graphics. The danger lurks in the so-called source code of an HTML-formatted e-mail: for there can be hidden malicious code that is already executed when the HTML e-mail is opened on the recipient's computer without having to click on an attachment.

Also, spammers like to make use of HTML e-mails to verify the validity of an email address. This is done via so-called "Web-bugs", small mostly invisible images, which are loaded by a server of the spammers when opening the e-mail and thus signal the receipt of the e-mail, therefore users should in their e-mail program the display of e-mail in HTML disable format. the e-mails are then indeed only displayed in plain text and can ill appear legible and complete. But with trusted senders, the recipient can activate the HTML view of the e-mail with a click of a button and consider fully the contents.

Myth # 2: "Replying to spam emails poses no danger, you can also follow the links to delete them from the mailing list."

That's not true.

The term spam summarizes various types of unsolicited emails. These include unsolicited advertising for partially dubious products and services, messages with strange content and so-called phishing emails, which want to elicit the recipient under false pretences false access to online shops or payment services.

No matter what type of unsolicited email it is, recipients should ignore it and delete it immediately, preferably without even opening it in the first place. Under no circumstances should users follow links that are supposed to cause the recipient's address to be deleted from the list, because as soon as you respond to such an e-mail, the sender knows that your address is valid and active. The consequence is a higher amount of unwanted e-mails, i.e. spam, in the e-mail inbox. It may be advisable to create a second e-mail address for the use of online services, etc. so you can keep spam emails at least from this main e-mail inbox largely.

Myth # 3: "An e-mail always comes from the address in the sender field."

This is wrong, because sender addresses of e-mails can be faked with little effort.

The name of a person or organization displayed in an e-mail message may be concealed by a very different sender - this is usually the case with illegal activities, such as spamming or attempting to infect a user's computer with malicious software.

First indication of the sender is given to the user when he hovers the mouse over the displayed name. Depending on the e-mail program, the - supposedly - used e-mail address will be displayed next to the mouse or at the bottom of the screen.

The authenticity of the sender can be determined by the verification of the so-called e-mail header. The header or source text of the e-mail can be displayed in the e-mail program. In the lines marked "Received From", users can follow the sender and can be found in the last received from line. Further, attackers manipulate the received lines, making it harder to determine the actual source of the email. Therefore, if you have doubts about the origin of an e-mail, do not open it and delete immediately.

E-mails from apparently known senders can also be spam, for example if a computer has been infected by a malicious program that automatically sends messages to the persons in the victim's address directory. It often helps to look at the subject line to see how likely it is that the person uses a phrase, language or an expression that is typical of them.

Myth # 4: "Phishing emails are easy to spot."

That is not correct.

The aim of phishing is to elicit the victims' access to online shops, online banking, e-mail accounts or other Internet services, one of the most popular methods is to fake emails from services such as PayPal or Amazon and to ask the recipients to follow a link, for example, to make cancellations or an alleged security-related confirmation of user data.

The presentation of such e-mails and also of the web pages to which links contained therein often look deceptively similar to the original e-mails and web pages. An indication of whether it is a phishing mail, is the header of the e-mail mentioned in Myth#3, where the full sender address is visible and sometimes differs only marginally from the original sender. Sometimes the salutation in the e-mail text is missing. The senders of phishing emails, however, are acting more and more professional, so that a correct salutation or a plausible content cannot provide any certainty.

Under no circumstances should recipients follow links in such emails! In case of doubt, users can access the provider's website in the browser and log in directly to the platform there to make sure. It is also advisable to deactivate the HTML display in the e-mail program (see Myth#1).


Many sufferers experience it in the most disagreeable way: because out of the blue they get an invoice, a letter from a lawyer or even a debt collection company and they claim money for something they have never ordered or registered.

If someone appears on your behalf as a buyer on eBay or even opened their own online shop on your behalf in order to bark in good faith customers, you have little opportunity to recognize this in advance.

If you are worried that your data is already being abused, there are several ways to alleviate this suspicion.

You can have one Set up Google Alert for your name. This is an automatic search query. Then you will be notified by e-mail each time your name is found by Google in a new location on the web. This works without logging in to Google. However, only publicly accessible pages are found.

With the reverse Google Image Search also lets you see if your images are being used on other pages.

A clear definition of identity theft as a separate offense does not exist. Depending on the design, different case types are summarized below. The most important:

  • Someone logs on to online shops in their name and orders goods to another address. The bill goes to you.
  • Someone gains access to your email account or Facebook profile. Then he acts as you - with the aim of discrediting or damaging you to others. It may be, for example, that perpetrators insult others on your behalf or even announce a killing spree.
  • The "granddaughter trick" has also arrived in the virtual world: via the Internet, they receive the call for help from a supposed friend, who - often abroad - is in a sudden emergency and urgently needs money to get home. Behind it are scammers who have hacked or faked your friend's email account or Facebook profile.
  • The widest possible definition already leads to identity theft when hackers steal end masse enrolment data without necessarily being abused.

Although identity theft as such is not an offense, stolen identities may then commit crimes (such as document forgery or stalking).

How common is identity theft on the net?

That's hard to say. Because there is no uniform definition, there are no reliable figures here. According to Data from Cyber Security Malaysia (CSM), an agency under the Science, Technology and Innovations Ministry, it shows a total of 2,428 cybercrime incidences reported between January and April 2017, that's a 20% jump compares to 2015. On another report, CSM reported between 9,000-10,000 incident reports for data breaches each year. The dark figure is likely to be much higher.

It is clear: For years, there are more and more reports of identity theft in the network. But that's no surprise when more and more people use the Internet to communicate or shop. Our lives are increasingly digital, but digital identities are relatively unprotected.

How do perpetrators get data from other people?

Again, there are a number of ways:

  • Your online account is targeted by hackers.
  • You will be emailed to a fake company site where you will be asked to enter your customer information (phishing).
  • Your computer is infected via the Internet with a Trojan, a software that can intercept and forward your data.
  • Online shops lure with (fake) goods - this is apparently delivered without any problems. But your customer data given there will continue to be used by the perpetrators.
  • Vulnerabilities in companies that steal customer data on a grand scale.
  • You reveal data yourself (unintentionally): This can be the case, for example, if you divulge details on the net that you can use to identify yourself elsewhere (such as the popular pet security question). Or when scammers in a social network steal your photos to create a profile elsewhere on your behalf.
  • The perpetrators used only data that is already known to them from the real world or publicly available: As you call by first and last name, is now known to many people - and for some abuse that's enough. Your exact date of birth is known to everyone who was with you in a school class. If you get past your mailbox or dustbin, you can find out from which companies you are getting mail.
  • Fake emails from Amazon, PayPal or the bank probably had everyone in their mailbox before - so you recognize the sneaky fraudulent emails more.

How can I protect myself?

Even online, you can hardly protect yourself against criminal energy if you do not want to spend your life in an uncomfortable fortress. However, you should take a few precautionary measures in order not to make it too easy for malefactors.

  • Always log out of all websites if you use public Internet access.
  • Do not click on links and attachments in emails from unknown senders. Before entering user data: For links in the browser's address bar, check to see if it really has the correct Internet address, or if it's a fake page with a slightly different address.
  • Carefully consider where to use your real name and where a pseudonym is sufficient as a username.
  • Do not indiscriminately accept friend requests from unknown people on social networks. Be careful when a friend asks you again for a friend request because his account information has been lost. Occasionally check such requests outside the digital sphere.
  • Protect your digital identities: Do not use the same email address everywhere to sign up (and of course not the same password, but one that is as complex as possible). You can create several different free e-mail addresses. This will avoid a chain reaction if your email account has been cracked. See if you can protect your user account with so-called dual authentication with a mobile phone code.
  • If a web page offers you security questions - such as "What was your first job?" - choose a question that cannot be researched on the Internet.

What can I do if I become a victim of identity theft?

Even if nothing really bad happened, a lot of unpleasant work comes to you:

  • Report a fake profile on a social network immediately to the operator. (Like Facebook) Attention: You may need to prove by ID that you are the right owner. This can be difficult if you have signed up under a pseudonym.
  • Inform friends, colleagues and acquaintances about the forgery (the most important also by phone or in person). Ask them to also report the counterfeit to the operator.
  • Contact an operator of a website with someone on your behalf immediately and report to the police. If things get more complicated, consult a lawyer.
  • Check your computer for possible Trojans with an anti-virus program or have it done by a specialist.
  • Immediately change your passwords and check your remaining user data so that a fraudster has not entered their own e-mail address there.
  • Check your bank statements and request information from the Schufa. Repeat this more often in the next few weeks.
  • Make a police report immediately.
  • Call Cyber 999 at 1-300-88-2999 24x7 (Emergency): +6019 - 266 5850


If you've dug yourself into a financial hole and feel you cannot get out, you're not alone. Many people are bogged down in debt and bad credit, and the only solution they can fathom is bankruptcy. Unfortunately, bankruptcy is not the simple solution that people think. Bankruptcy cannot erase.

Unfortunately, bankruptcy is not the simple solution that people think. Bankruptcy cannot erase all your debts, and it can worsen your financial situation, as you will not be approved for new lines of credit, including a mortgage loan, until your loan is repaired.

Sulaiman did not think about bankruptcy, but he felt trapped in his financial situation. Sulaiman did not have health insurance because he could not afford it. While he was healthy, he had problems with his teeth. He had toothache and painful infections, which brought him to the emergency room several times. In the end, he raised RM1,500 in debt, and while the hospital set up the payment plans, he could not afford due to the minimum wages, so the accounts went into the collection.

Bad financial habits that keep you in debt

Debts are hard to fight but add bad financial habits to the mix and you will find yourself in an endless cycle of bad credit and debt. He discovered this fact after over-paying visits to personal cash loan lender. "It's so easy to go to a place like instant cash loan provided by the bank and get whatever you want, whether you can afford it or not," says Sulaiman. "Then there is the interest."

Cash loans and cash advances from credit cards are one of the fastest ways to drain your bank account. The average lender tries to downplay the 10% for personal loan and 18% annual interest rate for credit card. These rates are considered high and hard to get out of debts, so imagine how much harder a loan is to repay.

Another bad financial habit that you will be in debt is pushing debt around. You may think you are keeping up to date with your debt being transferred to zero-fee credit cards, but you are not. "I was sucked into the loop of borrowing by one [lender] to pay the other," says Sulaiman. "In the end, no banks even let me open an account."

Here are some other bad financial habits that you will get into debt:

  • Missed payments: Missing payments, especially on credit cards and loans, will put your budget on hold and affect your credit score.
  • Spending more than you earn: We live in a "keep up with the Joneses" world, which makes it difficult to live under your means.
  • Wasting money for other habits: If you buy a coffee or lunch every day, it all adds up and you feel like you do not have enough money in your budget.
  • I'd like a higher paycheck: do you think a bigger paycheck will solve your problems? Think again. You must approach your spending and budgeting habits to change your financial situation. If you earn more, you just take your bad spending habits with you.

How to return from bad credit

It is never too late to repair your credit, even if your credit score is low. "About four years ago, I was tired of not being attractive to lenders," says Sulaiman. "Every time they check my name, they would come back with a no! I had to do something. "Sulaiman signed up for JagaMyID by Experian as he began to research how he could improve his credit rating. "I like the way it gives you an overview of what you look like for lenders,"

Sulaiman's credit profile was hard to see. He had several derogatory brands, accounts in collections and a score just under 500.

One of the best ways to improve a bad credit score is to use a credit card safely. It may seem reasonable to apply for a credit card if your score is bad and you are in debt. However, secured cards are especially for people who have bad credit or no credit. Usually, your line of credit is the amount of money you lie down. So, if you down RM2,000, your credit line will be RM2,000 even though you still have to pay off your credit card debt each month to improve your score.

Sulaiman was approved for a secured card and used this card responsibly. After six months of on-time payments, his credit card limit rose to RM5,000. He then applied for low-value cards and continued his routine of paying off the cards while paying off his old debts. He worked on his loan for three years and is now debt-free with a very good credit rating. He was even approved in January 2018 for a Rm130,000 loan. "Can you imagine that?" says Sulaiman. "To be turned down from borrowing RM500 a few years ago to be approved for RM130,000 loan?"

Sulaiman's credit score recovery was no coincidence. He has a personal development plan, an action plan based on awareness, values, reflection, purpose, and personal development planning. This allowed him to share and conquer parts of his life he wanted to improve.

He started paying down debts and started getting an education online. At the same time, he worked two jobs to accelerate debt repayment. He made self-assessments along the wat to track and measure his progress.

Sulaiman encourages others to pay their debts and be smart about money. "You need to know when to say," I cannot afford it now, "and if you're in debt, pay in time. You have to be accountable and you have to be honest with yourself because at the end of the day, your credit report defines you (in terms of borrowing) and proves your ability to pay a debt when the opportunity is given."

Learn more about how JagaMyID can help you track your credit rating.

Sign Up here:


Identity theft is a crime that is becoming more common with the rise of the Internet. In Malaysia, 1 in 10 fall victim to identity theft.

The misuse of foreign identities can cause enormous damage and not just financially: Careers and even lives can be destroyed if third parties misuse a person's identity.

In this article, we will discuss what us identity theft is, how to protect yourself, and how to resist being a victim.

Identity theft in practice

When criminals misuse the name or identity of third parties, they usually pursue one of two objectives.

Either they want to get financial benefits at the expense of the person concerned. Or they want to harm the person out of lower motives such as hatred, love jealousy, envy, resentment or revenge.

Example: The criminal or criminals' insult third parties under a false name, order goods or misuse credit card data. Also occurred: The perpetrators publish in the name of their victim attack or rampage announcements. Objectives: The police should be made to search the home of unsuspecting victim, or in the context of investigations to ensure its computer equipment.

What can you do as a victim of identity theft?

Those who have been victims of identity theft on the Internet should respond quickly and comprehensively, so that the damage does not get any bigger.

Accordingly, the forms of identity theft on the Internet differ:

  • Goods purchase: In this case, the criminal order goods or services under the name and address of the victim from online shops or auction houses — either for the person concerned or even for third parties.
  • Name abuse in forums, on social media like Twitter, Facebook, Instagram and etc. In this case, the offender writes under the name if the victim in blogs, forums or social networks — with the aim of discrediting the victim by the expressions.
  • Creating false profiles in social networks: Here the perpetrator creates in social networks such as Facebook, Twitter or WhatsApp profiles under the name of his victim. As a rule, he/she will then write posts under this fake account, write messages or even link up with acquaintances and friends of his victim under the false identity.
  • Misrepresentation or false facts: Here, the perpetrator misuses victims' names or personal details to claim false facts or initiate actions via internet — for example by filing criminal charges under the wrong name, asserting criminal matters, launching weblogs or websites and/or misrepresents this personal information.
  • False suspicion and accusation of criminal offenses: Sometimes the criminals pretend that their victims commit crimes on the Internet — or even commit actual offenses on behalf of the person concerned.

What can you do as a victim of identity theft?

Those who have been victims of identity theft on the Internet should respond quickly and comprehensively, so that the damage does not get any bigger.

  • Check for a crime. If so, immediately report to the Police
  • In any case, tell your local police department that you are under the threat of a criminal. This can be very valuable in case the perpetrator commits or announces criminal offenses on your behalf, for example. Because it helps the officials to assess the situation correctly.
  • If your name has been misused in social networks, please contact the operators of the affected platforms ("Report" function) and ask them 1. to secure evidence (mail addresses at registrations, IP address, printouts, etc.) and 2. for timely deletion.
  • If your name is being abused on a social network: inform the incident on the same network on your real account and warn your family, friends as well as neighbors, business partners and employers about the fact that your name and / or personal data have been misused by third parties. This helps to avoid misunderstandings.
  • Check which personal or sensitive data you have in circulation and can be abused. Above all, tap and change social networks (Xing, Facebook, Twitter, Instagram and etc.) to personal data and privacy settings.
  • Change important passwords immediately: internet services like Email, Facebook, online banking, etc. It cannot be ruled out that the perpetrator has gained access to your services or wants to get away.
  • Think carefully and calmly who might be behind the deeds. In most cases, it is a person who is in some way related to you.
  • In the event that the stranger(s) actually commit crimes on your behalf or cause financial damage, engage a lawyer and file in a case.

Important: Stay calm, as hard as it may be! Panic and hasty actions do not help you but the culprit.

Subscribe to JagaMyID

JagaMyID provides you a peace of mind knowing that your identity is safe and you are in control of your own credit health.

Sign Up here:

According to statistic, cases involving identity thefts have increased over the past 10 years and many people do not aware and ignorant of the existence of identity theft.

With JagaMyID credit notification alert and credit profile movement service, you are enjoying 2-in-1 benefits at the same time.


  • Lock out identity fraud
  • Email alerts on changes in your credit profile
  • 12 x monthly update of CCRIS Information and your i-Score
  • 2 x Personal Credit Report Plus (PCRP)
  • Monitoring our credit card and other credit facilities utilisation
  • Tracking of credit applications made under your name
  • Monthly payment tracking
  • Maintain consistent and healthy i-Score
  • Negotiate for better interest rate and credit terms

Sign Up here:


It's interesting that while we always focus on getting a clean bill of health, an area always forgotten is in the area of financial health. Instead of just saving for a rainy day, do look into your credit responsibility, starting with knowing your credit report. A credit report is a snapshot of your payment discipline track record, highlighting your credit score that is based on both public and private information.

The 2016 Experian study found that 64% of consumers have never viewed their credit report while another 8% were unsure if they have viewed it. Only 28% of respondents had seen their credit reports. Worryingly, 56% did not know the function of a credit score and the impact it could have on their credit applications.

To help you, here are five top reasons why your credit report must be part of your life:

1. Securing a loan, now or in the future

One of the first few things you usually do when you wan to buy a car or a house is to obtain a loan from a financial institution. Financial institutions will first look into your repayment history and track record. A good credit score not only help you get a loan, but also determine the interest rates and other perks provided by the bank. If you have a low credit score, you run the risk of having your loan applications rejected. Getting the score up to a favourable may take a long period and this may hinder your ability to achieve your financial goal.

2. Potential employment opportunities

Don't be shocked but some employers have started reviewing the credit reports of their potential candidates. They do this not to check on your credit scores but on other aspects such as level of responsibility (lack of credit worthiness/bad paymaster), ethical standards (involved in theft, fraud or bankruptcy) and your financial maturity.

3. Correct wrong information

Under the Credit Reporting Agencies Act 2010, all the information in the credit reports must be accurate, complete and updated. If you find any incorrect information such as paid-up loans that is still listed, you should immediately get this corrected by obtaining the necessary supporting documents from the said institutions and forward them to the credit reporting agency.

4. Identity theft or fraud

With the advent of the cyber age and everything digital, there have been numerous cases of fraud, where customers suddenly find out they own a credit card or a loan which they never knew about. Early detection is important to safeguard your financial health and a credit report will highlight these credit facilities undertaken. In addition to this, some credit reports will also have in place a monitoring system which alerts the respective consumer every time their identification card is used to apply for loans.

5. Future use

With a good credit score it would allow you to gain easier access to funds. So, if you check your credit profile at least once every month, you will know where you stand financially, areas to improve and most importantly, ensuring that even if you don't need cash now, you still have this opportunity in the future.

When it comes to building wealth, it is not just about how many assets you own but also your responsibility in maintaining a healthy credit profile. If this is not managed, it will impact your overall financial well-being. Take the right steps today and work your way towards achieve your financial goals.


When it comes to furthering your tertiary education, many tend to opt for scholarships or even student loans to achieve their dreams. In Malaysia, the National Higher Education Fund Corporation (PTPTN) was setup in 1997 to help students gain monetary assistance to fund their higher education.

As of 31 December 2016, PTPTN has disbursed some RM48.5 billion to 2.6 million students (on average about 200,000 new students receive PTPTN loans annually). Out of RM18.8 billion in loans due, about 8.1 billion have not been paid [1]. In fact, it has also been announced that full loans could no longer be provided because of the poor rate of repayment, as only RM8 billion was recovered out of RM56.4 billion released since 1997 [2].

"So what?" you may think. Actually, while you may have enjoyed the ability to study at a tertiary level, if you have defaulted on your PTPTN loan, you may lose out on future opportunities.

1. Listed under the Central Credit Reference Information System

Once you default on your PTPTN loan, your name will be listed under the Central Credit Reference Information System (CCRIS), a database used by Bank Negara Malaysia's Credit Bureau which collects credit-related information on borrowers from lending institutions and furnishes the credit information collected back to these institutions. According to CCRIS, about 1.3 million PTPTN borrowers have a black mark on their credit reports as they have not paid up their installments on time or not at all.

2. Unable to obtain credit

Once your name has been listed on CCRIS, this information will be shared with other credit reporting agencies like Experian as well as financial institutions. Should you have a bad repayment track record, not only would you likely earn low credit score by the credit reporting agency, it will also impact your chances of approval for any credit or any loans for your future growth.

Potential lenders will usually review your payment history, be it from other financial institutions or even simple things such as mobile phone bills. The credit report shows a less than satisfactory track record, many may hesitate to offer you credit facilities as concern will arise on your ability to make prompt payments.

3. Unable to obtain credit

What's even more daunting is that you will also be barred from travelling overseas by the immigration. As at 31 January 2017, 586,863 borrowers have been barred by immigration from travelling overseas, renewing or obtaining a new passport, amounting to RM11.6 billion in unpaid PTPTN loans. Out of this, only 55% have come forward to negotiate with PTPTN [3].

Learn to be more responsible and start thinking about your future for the long-term, including those financially-related goals. If you have not paid your loan as you are finding difficult to make ends meet, it is best to come forward and speak to PTPTN to reach an amicable payment amount

Remember, good payment habits will be reflected positively in your credit scores. Do not jeopardise the future you have long-awaited for being an irresponsible paymaster.

[1] The Star, February 24, 2017: Why it's vital to pay back student loans

[2] The Star, September 24, 2017: PTPTN borrowers now blacklisted

[3] The Star, March 26, 2017: Talk to us, PTPTN urges defaulters


Throughout our life, we were always told to save up as much as you can to be financially independent, and where possible, avoid any debts to achieve your dreams. We don't realise that there are other facers in this financial equation that will help us achieve financial health.

For starters, credit scores play an important role as it reflects your financial health. The score is a numeric representation of your credit worthiness. Potential lenders or credit grantors will use this score to envisage whether you will be a good paymaster, and if they do, the terms and interest rates offered.

Nevertheless, the Experian's Consumer Survey 2016 highlighted that 30% of Malaysian consumers only checked their credit report when their credit applications were rejected! Though this could happen to anyone, perhaps it is time to have a better understanding on credit scores instead of constantly being faced with rejection.

Here are the top three things to know about credit scores and how you should deal with it.

1. You have been "blacklisted"!

This often-used term is something you will face usually upon rejection of a loan or credit card. In reality, none of the credit reporting agencies in Malaysia have the right or ability to blacklist any individual who has not complied with their credit financing payments.

Though the term blacklisted is loosely used, in actual fact, it means you have a low credit score and not eligible for the credit facility. Low credit scores are due to several factors including, defaulted on payments, past adverse litigation history, high numbers of credit applications made in a short span of time or perhaps maxed out credit cards. If this is the case, then you will not be able to obtain any further financial assistance because you will be viewed as a high-risk individual.

For your information, credit scores are calculated based on the following:

  • Banking and non-banking credit payment records (credit cards, housing loans, car loans, personal loans, telephone bills and etc.) and the age of your accounts.
  • Payment habits (on-time or bad paymaster)
  • Amount of credit being used
  • Outstanding debt
  • Active application of new credit facilities
  • Litigation records
  • Bankruptcy records
  • Skim Potongan Gaji ANGKASA (SPGA) (if any)
  • Central Credit Reference Information System (CCRIS)
  • Dishonoured Cheques (DCHEQS) from Bank Negara Malaysia (if any)

So you have had issued with any of the above mentioned, then it would be best to take immediate steps to rectify the problem to ensure your credit scores are improve.

2. They have all my information — is this even legal?

To ensure your credit score reflects a holistic view of your financial status, credit reporting agencies will collect, process and store credit information obtained via public and private records, essentially from companies, businesses or individuals.

This information will then be forwarded to financial institutions, professional bodies and credit grantors to evaluate your financial health by analysing your credit score as well as your credit standing before any credit financing or facilities is offered to you.

Your next question, would naturally be "Do they have the right to do this?" Yes. The credit reporting agencies are regulated by the Credit Reporting Agencies Act 2010. The credit reports produced is a collection of information obtained publicly and privately as it is only given to financial institutions or other credit grantors upon consent granted by Subject, for them to assess the financial health of its customers.

3. You have a thin credit file

At times, there may also the case that your loan has been rejected because you have a thin credit file. What this actually means is that while you have lived a debt-free life all this while, financial institutions are unable to track your payment behaviour. Potential lenders actually view the lack of credit history as a negative.

To help overcome this, you could consider the option of applying for a credit card that suits your spending habits and lifestyle. However, do ensure that you pay your credit card payments on time or in full. This will help you build a credit history and in the long term, provide financial institutions with information to help them understand your risk profile.

Break down the walls of ignorance and take time to understand how your credit score can help you achieve not only financial success, but also be more credit responsible.


Managing cash flow is ultimately one of the key areas in running any business, no matter how good your product or services are. A business must ensure it registers into profits to ensure a surplus cash to prepare for volatile periods

In some cases, many small to medium sized enterprises (SMEs) turn to trade credit facilities. Trade credit is essentially provided by suppliers or vendors to encourage frequent and higher volume purchases. It is often used by the smaller enterprises who may lack sufficient funds to stock up on inventory. Trade credit facilities still require payment to be made as it is like a loan and companies have to pay for the services or goods obtained. Nevertheless, they could default on payments once cash flow becomes tight.

While managing cash flow is important in ensuring sustainability of their business, SMEs need to be more vigilant in their payment collections, taking into consideration the average i-DTC for their debtors' industries.

In the latest Experian i-DTC 2017 that measures the average number of days companies in various industries take to pay their creditors, the pace of payment defaults for total business corporations has slowed to an average of 0.39% per month, representing a compounded growth rate of 4.56% over the last 12 months as compared to the 7.41% in the previous year.

Hence, the Trade Credit Pledge was introduced in Malaysia in 2016 to encourage prompt payment habits amongst business owners. Here are three reasons why it makes complete sense to make payments promptly:

1. Strengthens your reputation and relationship

Trade credit is often given out based on reputation, relationships and trust. Suppliers and vendors usually extend this facility to those who have had a trustworthy or dependable payment track record. Hence, it is important to communicate and have a good relationship with them as this allow them to get to know the business owner, details on the business and the reputation of the business owner.

2. Pay on time

In business, nothing should be taken for granted and creditors must be promptly paid. Those who extend trade credit are business owners themselves and as such, also have bills and salaries to pay. In most cases, they have extended trade credit as they may have checked on the payment track record prior to this, either from their files if they have had long relationship or even the company's credit profile.

It is important to ensure prompt payments and where possible, made in advance. If the possibility arises for delay in payment deadlines, be transparent by calling and informing the creditors in advance of the situations. Reassure and let them know when payment can be expected.

3. Keeps the cash flow healthy

During slow payment collection periods or tightened lending environment, sufficient cash flow is important to help SMEs. In a more macro context, SMEs not only enhance the vibrancy of the economy but also form backbone for the country's economy.

That is why the trade credit facility is used to improve the short-term cash flow within the business. In most cases, cash is used for start-up purposes, purchase supplies or even pay down debts. So, to preserve cash flow, the trade credit facility is used to minimise the cash outflow.

It is important to have a good payment history to provide potential suppliers, vendors or business partners a positive view of the business. Prompt payment habits increases business reputation and improve access to financing, resulting in a good credit profile. With these healthy practices in place, it becomes a powerful tool in managing the overall finances of the business.

Be an accountable, responsible business owner and take the Trade Credit Pledge today.


"I lost my wallet that contained my identification card, debit and credit cards while out shopping. Three months later, I received a call from a bank on outstanding payment on a loan I never signed up for!"

Identity theft is a serious matter and needs to be urgently addressed. Essentially, identity theft involves the illegal use of your personal information including your name, date of birth, address and other details used to open bank accounts, obtain credit cards and loans, start an illegal business and even commit serious crimes.

Identity theft occurs through outright stealing to gain your personal information, phishing (email), vishing (call) or smishing (text) as well as hacking your computer, smartphone or other mobile devices.

A consumer survey done by Experian Information Services (Malaysia) Sdn. Bhd. in 2016 showed that 14% of the respondents experienced identity theft, while 26% knew someone who had been a victim. Most often, we discover this too late and we are left with the painful process of clearing our name which could take up to several months or even years to complete.

While 70% admitted to knowing of credit reports, only 28% took the trouble to view theirs and of these who viewed, only 30% did it when their credit application was rejected. And, 13% suspected that it could be identity theft.

One reason why identity theft happens is because thieves could apply for loans or credit cards using victim's identity. These transactions if goes undetected will not show up on any bill until the loans are approved and paid out to the thief and repayment bill is sent to the victim.

Here are some steps on protecting yourself:

  1. Do not log-on to personal and financial accounts or even shop online while using public Wi-Fi. Encrypt and password protect your internet services at home.
  2. Never write down your passwords and keep them in places such as in your phone or wallets. The best thing is to remember them by keeping them in your head. Ensure your passwords are well-protected and if possible, change them every month. Consider using numbers and symbols in your password.
  3. If you frequently use online services for shopping and banking, be alert for phishing, where so called "banks" or "businesses" try to obtain your personal information once you click on pop-ups when you're online. If possible, disable the pop-ups application on your browser as people can spy on you or track your movements.
  4. Never give out your personal details to people you don't know, either in person or over the phone. If you receive a call from someone you don't know who claims to be from your bank, never give them your details. Instead, call back the organisation and confirm if there really was a call made to you.
  5. Monitor your bank and credit accounts regularly to ensure the purchases or transactions made are legitimate. If you detect suspicious transactions, do alert your bank immediately. In addition, do check on inactive or dormant accounts to make sure you have not been compromised.
  6. Sign Up for a credit report and scrutinise your credit report once a month or at least, once annually for any unauthorised activity. For more comprehensive protection, do think about subscribing to Experian's as it checks and monitors your credit report daily and provides alerts on important changes made.
  7. It is better to apply credit card or any loans directly with the banks and not via a third party who usually promises special "gifts". These third party vendors will usually ask for all your details — salary slip, EPF/income tax and copy of identity cards — to be emailed or WhatsApp to them. Never do that.

If you do become a victim of identity theft, here's what you must do:

  1. Contact the affected entity or organisation(s), for instance your bank if you have detected an unauthorised transaction on your credit card or even a loan you didn't sign up for.
  2. Make a police report as a crime has been committed. This is important to enable further investigations to be conducted.
  3. Work closely with the respective authorities and the relevant organisations to clear your name and get back on your feet.
  4. Review all of your other accounts (even the inactive ones) and charge all account passwords to be stronger ones to avoid history repeating itself.

To avoid all of the above and to protect your credit health, it's not a bad idea to subscribe to a credit monitoring tool such as JagaMyID for a peace of mind. It detects any suspicious activity or discrepancy in your account and can prevent against any identity theft.

Be diligent, protect your personal information or suffer the consequences.

You may visit, to know more about the tools available to prevent any identity theft