Loading
Loading
Public Mutual Unit Trust

If you suspect that your PMO login credentials or devices have been compromised, please report to us immediately via the channels below:


Cybersecurity Awareness

Public Mutual is committed to providing high standards of online security and confidentiality to our investors.

How do we protect you?

Public Mutual understands your concerns about the security and safekeeping of your online account. Here are some of the steps and precautions that we take in order to combat cybersecurity threats.

A user ID is a unique identifier, commonly used to log in to a website, app or online service. It may be a username, account number or an email address. It is the most basic security feature used for profile identification.

Select a unique password that is different from your personal information. It is highly recommended that your password consist of upper- and lower-case letters, numerals as well as special characters to keep your profile even more secure.

Do not reveal your user ID and password to anyone, including Public Mutual's staff and/ or unit trust consultants (UTCs) as they are not authorised to request for your password under any circumstances.


The Personal Login Phrase (PLP) functions like a secret code that is displayed to you just before you enter your password to log in. It is important to keep PLPs confidential and avoid sharing them with others.

A strong PLP should be unique, difficult to guess, and easy for the user to remember. Never divulge your PLP to anyone under any circumstances, and do not use your User ID and/ or password as your PLP.

Personal Login Phrase (PLP) screen sample:



REMINDER!

If the PLP displayed does not match your PLP, do not key in your password. Instead, you should report such issues by contacting us for assistance via:

a. Customer Service Hotline : 603-2022 5000
b. Email : customer@publicmutual.com.my

A Personal Authentication Code, or PAC, is an authentication code generated by the system and delivered to your registered mobile phone via Short Message Service (SMS) when performing online transactions.



REMINDER!

If you receive a PAC without your consent, please report the issue to us immediately via:

a. Customer Service Hotline : 603-2022 5000
b. Email : customer@publicmutual.com.my



Public Mutual SecureSign is an enhanced security feature that helps you authenticate your login for Public Mutual Online (PMO).

SecureSign is now extended to selected PMO transactions and service requests, enabling you to authorise switching and redemptions, make updates to your personal profile, as well as manage your registered bank accounts within PMO.

Click here for Frequently Asked Questions related to Public Mutual SecureSign.

Sample of SecureSign approval screen

REMINDER!

If you receive a SecureSign request that you do not recognise or did not request, reject the SecureSign request and report to us immediately via:

a. Customer Service Hotline : 603-2022 5000
b. Email : customer@publicmutual.com.my

Your account will be automatically logged off if there has not been any activity for a certain period of time. This is to ensure that your account is safe and secure. Additionally, this also reduces the risk of data breaches when your account is left idle.

Session management sample screens:

Public Mutual will send transaction notifications to your registered e-mail address and/or the PMO PLUS notification module in order to keep you informed of the transactions which have been processed.

Sample of transaction notification sent via PMO PLUS:



Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are security protocols for establishing encrypted links between a server (website) and a client (web browser) on the Internet.

SSL/ TLS allows sensitive information such as your login credentials, credit card details and personal data to be transmitted securely as the data is encrypted. This will greatly reduce the risk of hackers intercepting or tampering with your data for harmful intentions.



How should you protect yourself?

Here are some cybersecurity threats and the corresponding tips to educate and protect you from falling prey to online scams.

Browser
If you are a first-time user who is logging in to the Public Mutual Online (PMO) website through a browser, you are advised to enter and key in the URL manually (https://www.publicmutualonline.com.my) to ensure that you are redirected to the official website.

Always clear your browser’s cache as it may store your account number and other sensitive information on computers or devices you have used.

Site Authentication
Observe the lock icon next to the browser’s address bar and ensure that the certificate is for https://www.publicmutualonline.com.my.

Credentials
Always keep your login credentials and passwords confidential.

PAC
You should never reveal your Personal Authentication Code (PAC) to anyone who asks or requests it, regardless of the communication channel.

Devices
Do not use unsecured mobile devices (e.g. devices that have been jailbroken or run on a rooted Operating System (OS)) to prevent your account from being tampered with or compromised.

SecureSign
Read carefully before approving any transactions or service requests via SecureSign.

Cybercriminals could use programs that mine public profiles for potential password combinations and use dictionary attacks that automatically try different words until they find a match on your password.

Prevention
  1. Avoid using the same password for different online accounts.
  2. You can set up a strong password for your online account as a first security measure. A strong password should consist of upper- and lower-case letters, numerals as well as special characters.
  3. Do not use repetitive passwords with commonly-known combinations such as '1111', '1234', 'password', 'football', etc.
  4. Change your passwords regularly.

Malicious software (Malware) is a program or file that is harmful to a computer system. It can originate from unsolicited or undetected sources, potentially installing itself on your computer or phone.

Malware is often disguised as a legitimate file download, typically through attachments or links shared from an unknown email source and/or a website that you visited.

Malware can steal your information and scammers will use the information obtained to steal money from your account and/or commit identity theft.

When a device becomes infected with malware, you may experience unauthorised access, compromised data or being locked out from the device.

Prevention
  1. Do not click on any suspicious links sent to you via SMS, communication applications (e.g. WhatsApp, WeChat, Facebook Messenger) and other social media.
  2. Only download mobile apps from legitimate platforms such as the Google Play Store, Apple App Store, Huawei App Gallery, etc.
  3. Install reliable anti-virus software and always update to the latest definition on your computer systems and devices.

Email scams are generally delivered in the form of spam emails. However, some are tailored to look like legitimate messages. These scams are designed to trick you into disclosing information that could lead to defrauding or stealing your identity and/or performing malicious actions on your behalf.

These emails come with a link that direct users to a fake website designed to steal their user ID, password and One-Time Password (OTP).

Prevention
  1. Always check the sender's email address and ensure that it is from a legitimate company email (e.g. xxx@publicmutual.com.my).
  2. Public Mutual does not send emails to customers/ investors requesting for their personal details or to change their passwords.
  3. Do not open/ forward emails with non-specific greetings such as "Dear customer" and which you suspect are scams with unknown sources.
  4. Do not click on any URL links embedded in the email body directly, but re-type it at the browser instead. Check for grammatical errors such as "Pub1ic Mutual" as these phrases are meant to lure you into believing that it is from a legitimate source.

Phone scams refer to phone calls/ SMS that trick victims into revealing their sensitive information (e.g. user account, password and PAC/OTP)

Prevention
  1. Never reveal your personal data during unidentified phone calls/ SMS.
  2. Public Mutual will not ask investors for personal information such as passwords and user accounts via phone calls/ SMS from investors.

Investors should remain cautious when they come across advertisements on investment schemes promising high returns with minimal risk.

The scammer might seem perfectly legitimate, appearing knowledgeable about investment trends with positive testimonials and convincing marketing materials.

Be cautious if an investment opportunity is presented as exclusive or based on ‘inside’/ confidential information, especially if you are asked to make an upfront payment to a personal account due to the supposed time-sensitive nature of the offer.

Prevention
  1. Do not trust ‘investment schemes’ that promise high returns with minimal risks.
  2. Verify the investment schemes/firms that are registered or licensed with the legitimate regulators before accepting their offer of an investment plan.
  3. Avoid transferring money if the scammer asks for upfront payments or fees.
  4. Stay calm and ask someone you trust for a second opinion.
  5. When investing with Public Mutual, you should refrain from paying cash to a Unit Trust Consultant (UTC), staff or any other individuals. Any monetary transactions should be conducted at Public Bank branches, through the Public Mutual Online (PMO) website or via the PMO PLUS mobile application.

The QR Code Scam is another form of phishing scam using QR (Quick Response) codes. Fraudsters may trick users into scanning fake QR codes, which redirect users to download a malware onto their devices.

For example, a victim might unknowingly scan a fake QR code displayed outside a merchant’s premises to download an app for making payments.

This malicious software mimics the interface of an official app, tricking the user into entering sensitive information such as login credentials. Once entered, the malware captures this personal data, giving scammers full access to the user’s account. This allows scammers to steal sensitive information and conduct unauthorised transactions, such as withdrawing money from the user’s account.

Prevention
  1. Always look for any signs of tampering on the original QR code displayed by the merchant.
  2. Ensure that the merchant’s displayed name is genuine.
  3. Verify that the links, publisher and the requested permission details are all genuine before proceeding with the app installation.
  4. Do not provide your banking credentials if you are directed to an unknown website or asked to download an app from a third-party website.

About PMO Online Security

Stay vigilant, stay secured. Cybersecurity requires commitment from all of us. This page aims to provide helpful security tips and information to assist you in taking the necessary precautions to ensure the safety of your personal and sensitive information.