Phishing - examples and its prevention methods

Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well known and trustworthy Web sites such as PayPal, eBay and Yahoo. A phishing expedition, like the fishing expedition it's named for, is a speculative venture: the phisher puts the lure hoping to fool at least a few of the prey that encounter the bait.

Examples of phishing:
(1) PayPal

(2) eBay

(3) Yahoo!


How to prevent phishing?

Don’t click on links within emails that ask for your personal information.
Fraudsters use these links to lure people to phony Web sites that looks just like the real sites of the company, organization, or agency they’re impersonating. If you follow the instructions and enter your personal information on the Web site, you’ll deliver it directly into the hands of identity thieves. To check whether the message is really from the company or agency, call it directly or go to its Web site (use a search engine to find it).

Never enter your personal information in a pop-up screen.
Sometimes a phisher will direct you to a real company’s, organization’s, or agency’s Web site, but then an unauthorized pop-up screen created by the scammer will appear, with blanks in which to provide your personal information. If you fill it in, your information will go to the phisher. Legitimate companies, agencies and organizations don’t ask for personal information via pop-up screens. Install pop-up blocking software to help prevent this type of phishing attack.

Protect your computer with spam filters, anti-virus and anti-spyware software, and a firewall, and keep them up to date.
A spam filter can help reduce the number of phishing emails you get. Anti-virus software, which scans incoming messages for troublesome files, and anti-spyware software, which looks for programs that have been installed on your computer and track your online activities without your knowledge, can protect you against pharming and other techniques that phishers use. Firewalls prevent hackers and unauthorized communications from entering your computer – which is especially important if you have a broadband connection because your computer is open to the Internet whenever it’s turned on. Look for programs that offer automatic updates and take advantage of free patches that manufacturers offer to fix newly discovered problems.

Only open email attachments if you’re expecting them and know what they contain.
Even if the messages look like they came from people you know, they could be from scammers and contain programs that will steal your personal information.

Be suspicious if someone contacts you unexpectedly and asks for your personal information.
It’s hard to tell whether something is legitimate by looking at an email or a Web site, or talking to someone on the phone. But if you’re contacted out of the blue and asked for your personal information, it’s a warning sign that something is “phishy.” Legitimate companies and agencies don’t operate that way.

Act immediately if you’ve been hooked by a phisher.
If you provided account numbers, PINS, or passwords to a phisher, notify the companies with whom you have the accounts right away.

Report phishing, whether you’re a victim or not.
Tell the company or agency that the phisher was impersonating. You can also report the problem to law enforcement agencies. The information you provide helps to stop identity theft.

Some alert reference:
1.http://benardcometh.blogspot.com/2008/10/maybank2u-phishing-alert.html
2. http://www.cybersecurity.my/en/knowledge_bank/news/2005/main/detail/935/index.html
3.http://www.meshio.com/2006/09/public-banks-latest-phishing-scam/

the way to safeguard our personal and financial data

Nowadays, the computer and internet is very common to everyone. Most of the people will rely on computer to save their own data and using online financial service to do their financial transaction such as online e-banking. However, the information transmitted over the Internet is more vulnerable and has a higher degree of security risk than internal networks because they are open to anyone. For-example, the other people will easily know your bank account number if the hacker was incursion to the bank system. Therefore, safeguard of computer is important for the users to protect their data.

Here are some suggestions for the computer users to safeguard their data:
1. Password protection
The users may create some longer password because it is more security compare to the shorter password. Other than that, users may change the password frequently and do not disclose to other people, including friends and family.

2. Install and update antispyware and antivirus programs
Install an antivirus program such as Symantec and Norton antivirus, AVG antivirus or other more in order to protect theirself against viruses and Trojan horses that may steal or modify the data on their computer. The antivirus must be always up to date in order to keep the well protection.

3. Avoid accessing financial information in public
The users do not encourage to log in to the bank system to check the balance from the coffee shop that provide wireless access. This is because we don’t know how powerful their firewalls are.

4. Biometric device
It’s grant access to programs, computers or rooms using computer analysis of some biometric identifier. The examples of biometric devices and systems include fingerprint scanners, hand geometry systems, face recognition systems and others. The biometric devices are gaining popularity as a security precaution because they are a virtually foolproof method of identification and authentication.

5. Encryption
The individuals may use a variety of encryption techniques to keep data secure and private. Encryption is a process of converting readable data into unreadable characters to prevent unauthorized.

Related links:
1.http://www.us-cert.gov/cas/tips/ST06-008.html
2.http://www.msisac.org/awareness/news/2007-03.cfm
3.http://finance.yahoo.com/banking-budgeting/article/103893/Six-Ways-to-Safeguard-Your-Online-Assets

The application of third party certification programme in Malaysia

The most famous application of third party certification programme in Malaysia is provided by the MSC Trustgate.com Sdn Bhd. MSC Trustgate.com Sdn Bhd is a licensed Certification Authority (CA) operating within the Multimedia Super Corridor. MSC Trustgate was incorporated in 1999 to meet the growing need for secure open network communications and become the catalyst for the growth of e-commerce, both locally and across the ASEAN region. They offer complete security solutions and leading trust services that are needed by individuals, enterprises, government, and e-commerce service providers using digital certificates, digital signatures, encryption and decryption. Their vision is to enable organizations to conduct their business securely over the Internet, as much as what they have been enjoying in the physical world.

The products and services of Trustgate are SSL Certificate, Managed PKI, Personal ID, MyTRUST, MyKAD ID, SSL VPN, Managed Security Services, VeriSign Certified Training and Application Development. Digital certificate usually attach to an e-mail or an embedded program in a web page which verifies that user or website is who they claim to be. The common functions of a digital certificate are user authentication, encryption and digital signatures. User authentication provides other security than using username and password. Its session management is stronger. Encryption can make the data transmission secured by using the information encrypted. The intended recipient of the data is only person to receive the message. Digital signatures are like the hand signature in the digital world. It can ensure the integrity of the data. By using the digital certificate, the users will be able to make transaction on the internet without fear of having the personal data being stolen, information contaminated by third parties, and the transacting party denying any commercial commitment with the users. Furthermore, the digital certificates can assist the development of greater internet based activities.