Generally, phishing is a criminally fraudulent process illegally acquires sensitive information. Phishers try to lure unsuspecting users to fake websites hoping that their victims would try to supply login information, credit card details or social security numbers while trying to use the service.
Examples in Malaysia
Figure 1: Citibank Phishing scam
Figure 2: HSBC Phishing scam
Figure 3: Maybank2u.com scam in hotmail account
Figure 4: Another Maybank2u.com scam
From the examples, receivers are asked to click the link provided to update their data. Once the link is click, users' login name and password is divulged and embezzled by phisher.
Prevention method
References :
http://blog.saimatkong.com/index.php/2008/08/01/maybank2ucom-email-phishing-scam/
http://ezinearticles.com/?Phishing-Techniques&id=1818216
http://www.antiphishing.org/consumer_recs.html
http://www.ghacks.net/2007/02/16/introduction-to-new-phishing-techniques/
http://www.mycert.org.my/en/services/advisories/mycert/2004/main/detail/464/index.html
http://www.mycert.org.my/en/services/advisories/mycert/2004/main/detail/465/index.html
Examples in Malaysia
Figure 1: Citibank Phishing scam
Figure 2: HSBC Phishing scam
Figure 3: Maybank2u.com scam in hotmail account
Figure 4: Another Maybank2u.com scam
From the examples, receivers are asked to click the link provided to update their data. Once the link is click, users' login name and password is divulged and embezzled by phisher.
Prevention method
- Be suspicious of any email with urgent requests for personal financial information - if users are unsure if that is a valid message, always confirmed with the bank and check whether it’s a scam or not.
- Avoid filling out forms in email messages that ask for personal financial information - bankers will not require their client to update personal information through e-mail.
- Don't use the links in an email, instant message, or chat to get to any web page - for e-mail link, before click on the link provided mouse over or view source the link and the real link will be revealed (for example in Figure 3 at above).When you reach the website thru the link in the email, try to login using wrong login name and password, if it’s logged in then you know it’s a phishing scam, if not then it should be safe.
- Get in the habit of looking at the address line - remember your bank's URL or bookmark it. if the URL from e-mail message is different, it might be a phishing message.
- Always ensure that the website is secured when submitting credit card or other sensitive information via Web browser - secured website will shown with a yellow lock near the bottom screen on a secure site. By double-clicking the lock, security certificate of the site will be displayed.
References :
http://blog.saimatkong.com/index.php/2008/08/01/maybank2ucom-email-phishing-scam/
http://ezinearticles.com/?Phishing-Techniques&id=1818216
http://www.antiphishing.org/consumer_recs.html
http://www.ghacks.net/2007/02/16/introduction-to-new-phishing-techniques/
http://www.mycert.org.my/en/services/advisories/mycert/2004/main/detail/464/index.html
http://www.mycert.org.my/en/services/advisories/mycert/2004/main/detail/465/index.html
No comments:
Post a Comment