If you suspect that your PMO login credentials or devices have been compromised, please report to us immediately via the channels below:
Cybersecurity Awareness
Public Mutual is committed to providing high standards of online security and confidentiality to our investors.
How do we protect you?
Public Mutual understands your concerns about the security and safekeeping of your online account. Here are some of the steps and precautions that we take in order to combat cybersecurity threats.
A user ID is a unique identifier, commonly used to log in to a website, app or online service. It may be a username, account number or an email address. It is the most basic security feature used for profile identification. Select a unique password that is different from your personal information. It is highly recommended that your password consist of upper- and lower-case letters, numerals as well as special characters to keep your profile even more secure. Do not reveal your user ID and password to anyone, including Public Mutual's staff and/ or unit trust consultants (UTCs) as they are not authorised to request for your password under any circumstances. |
The Personal Login Phrase (PLP) functions like a secret code that is displayed to you just before you enter your password to log in. It is important to keep PLPs confidential and avoid sharing them with others.
A strong PLP should be unique, difficult to guess, and easy for the user to remember. Never divulge your PLP to anyone under any circumstances, and do not use your User ID and/ or password as your PLP.
Personal Login Phrase (PLP) screen sample:
REMINDER! | |
If the PLP displayed does not match your PLP, do not key in your password. Instead, you should report such issues by contacting us for assistance via: |
a. Customer Service Hotline | : 603-2022 5000 |
b. Email | : customer@publicmutual.com.my |
A Personal Authentication Code, or PAC, is an authentication code generated by the system and delivered to your registered mobile phone via Short Message Service (SMS) when performing online transactions.
REMINDER! | |
If you receive a PAC without your consent, please report the issue to us immediately via: |
a. Customer Service Hotline | : 603-2022 5000 |
b. Email | : customer@publicmutual.com.my |
Public Mutual SecureSign is an enhanced security feature that helps you authenticate your login for Public Mutual Online (PMO).
SecureSign is now extended to selected PMO transactions and service requests, enabling you to authorise switching and redemptions, make updates to your personal profile, as well as manage your registered bank accounts within PMO.
Click here for Frequently Asked Questions related to Public Mutual SecureSign.
Sample of SecureSign approval screen
REMINDER! | |
If you receive a SecureSign request that you do not recognise or did not request, reject the SecureSign request and report to us immediately via: |
a. Customer Service Hotline | : 603-2022 5000 |
b. Email | : customer@publicmutual.com.my |
Your account will be automatically logged off if there has not been any activity for a certain period of time. This is to ensure that your account is safe and secure. Additionally, this also reduces the risk of data breaches when your account is left idle.
Session management sample screens:
Public Mutual will send transaction notifications to your registered e-mail address and/or the PMO PLUS notification module in order to keep you informed of the transactions which have been processed.
Sample of transaction notification sent via PMO PLUS:
Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are security protocols for establishing encrypted links between a server (website) and a client (web browser) on the Internet.
SSL/ TLS allows sensitive information such as your login credentials, credit card details and personal data to be transmitted securely as the data is encrypted. This will greatly reduce the risk of hackers intercepting or tampering with your data for harmful intentions.
How should you protect yourself?
Here are some cybersecurity threats and the corresponding tips to educate and protect you from falling prey to online scams.
Browser
If you are a first-time user who is logging in to the Public Mutual Online (PMO) website through a browser, you are advised to enter and key in the URL manually (https://www.publicmutualonline.com.my) to ensure that you are redirected to the official website.
Always clear your browser’s cache as it may store your account number and other sensitive information on computers or devices you have used.
Site Authentication
Observe the lock icon next to the browser’s address bar and ensure that the certificate is for https://www.publicmutualonline.com.my.
Credentials
Always keep your login credentials and passwords confidential.
PAC
You should never reveal your Personal Authentication Code (PAC) to anyone who asks or requests it, regardless of the communication channel.
Devices
Do not use unsecured mobile devices (e.g. devices that have been jailbroken or run on a rooted Operating System (OS)) to prevent your account from being tampered with or compromised.
SecureSign
Read carefully before approving any transactions or service requests via SecureSign.
Cybercriminals could use programs that mine public profiles for potential password combinations and use dictionary attacks that automatically try different words until they find a match on your password.
Prevention
|
Malicious software (Malware) is a program or file that is harmful to a computer system. It can originate from unsolicited or undetected sources, potentially installing itself on your computer or phone.
Malware is often disguised as a legitimate file download, typically through attachments or links shared from an unknown email source and/or a website that you visited.
Malware can steal your information and scammers will use the information obtained to steal money from your account and/or commit identity theft.
When a device becomes infected with malware, you may experience unauthorised access, compromised data or being locked out from the device.
Prevention
|
Email scams are generally delivered in the form of spam emails. However, some are tailored to look like legitimate messages. These scams are designed to trick you into disclosing information that could lead to defrauding or stealing your identity and/or performing malicious actions on your behalf.
These emails come with a link that direct users to a fake website designed to steal their user ID, password and One-Time Password (OTP).
Prevention
|
Phone scams refer to phone calls/ SMS that trick victims into revealing their sensitive information (e.g. user account, password and PAC/OTP)
Prevention
|
Investors should remain cautious when they come across advertisements on investment schemes promising high returns with minimal risk.
The scammer might seem perfectly legitimate, appearing knowledgeable about investment trends with positive testimonials and convincing marketing materials.
Be cautious if an investment opportunity is presented as exclusive or based on ‘inside’/ confidential information, especially if you are asked to make an upfront payment to a personal account due to the supposed time-sensitive nature of the offer.
Prevention
|
The QR Code Scam is another form of phishing scam using QR (Quick Response) codes. Fraudsters may trick users into scanning fake QR codes, which redirect users to download a malware onto their devices.
For example, a victim might unknowingly scan a fake QR code displayed outside a merchant’s premises to download an app for making payments.
This malicious software mimics the interface of an official app, tricking the user into entering sensitive information such as login credentials. Once entered, the malware captures this personal data, giving scammers full access to the user’s account. This allows scammers to steal sensitive information and conduct unauthorised transactions, such as withdrawing money from the user’s account.
Prevention
|
About PMO Online Security Stay vigilant, stay secured. Cybersecurity requires commitment from all of us. This page aims to provide helpful security tips and information to assist you in taking the necessary precautions to ensure the safety of your personal and sensitive information. |