Phishing is a type of scam where it attempts to trick users to submit their personal details such as their usernames, password and their bank details. It is usually carried out using e-mail or instant messaging and often direct users to enter their details in a fake website where it looks identical to the original ones.
Phishing usually occur when users receive e-mails stating that the bank is currently performing verification exercise where the user are required to enter their bank details in the link provided to verify their bank account. The linked website will look like the original bank’s website where it is almost impossible to be distinguished. Users who are not careful will most likely be tricked and are exposed to the likely hood of having their money in the bank stolen.
In fact, this had actually occurred in Malaysia. The victim received an e-mail requesting to update the victim’s account because it was upgrading its server. The message looked genuine, so the victim had no doubts in entering the bank details into a website which was a perfect replica of the original. After the victim had updated the details, the victim was told not to log in for a few hours. A few days later, the victim found out that the victim’s account was empty.
Examples:
Maybank – The first example will be a phishing e-mail from Maybank. The sender was Maybank (maybank@security.com.my)
Taken from http://www.shaolintiger.com/2009/03/23/maybank-phishing-scam-e-mails-in-malaysia/
Citibank – another phishing e-mail example is from Citibank.
Subject: Citibank Identity Theft Solutions
Recently there have been a large number of identity theft attempts targeting Citibank customers. In order to safeguard your account, we require that you update your Citibank ATM/Debit card PIN.
This update is requested of you as a precautionary measure against fraud. Please note that we have no particular indications that your details have been compromised in any way.
This process is mandatory, and if not completed within the nearest time your account may be subject to temporary suspension.
To securely update your Citibank ATM/Debit card PIN please go to:
https://www.citibank.com/signin/citifi/scripts/login2/update_pin.jsp
Please note that this update applies to your Citibank ATM/Debit card - which is linked directly to your checking account, not Citibank credit cards.
Thank you for your prompt attention to this matter and thank you for using Citibank!
Regards,
Madeline Walter
Head of Citi® Identity Theft Solutions
Copyright © 2004 Citicorp. All rights reserved.
Taken from http://antivirus.about.com/cs/allabout/a/citiphish_2.htm
*For more examples of phishing e-mail, please refer to http://www.millersmiles.co.uk/scams.php
Prevention Method:
As there are millions of Internet users in the world, it is almost impossible to completely prevent incidents like these to occur. However, Internet users should be educated to have better knowledge in identifying phishing sites. Users should be aware that banks never request for personal information such as personal identification numbers and passwords for banking accounts through e-mail, SMS or phone calls.
Several precaution steps users should take are:
1. Ensure the address of the website is the original website when logging in
-Always make sure you are in the correct address before logging in.
2. Never reveal your username and password on e-mail or sms
-Do not trust e-mail or sms that request for your personal details.
3. Change password frequently
-You are advised to change your password periodically.
4. Always use anti-spyware, anti-virus and personal firewall
-Install anti-virus, anti-spyware and personal firewall to ensure security on your personal computer.
5. Clear your Internet cache regularly
-Always clear your internet cache after you have logged out from internet banking. It is to ensure there are no traces of internet banking activity on your computer.
-For Internet Explorer, it can be done by clicking Tools > Internet Options > Delete Cookies and Delete Files
-For Mozilla Firefox, it can be done by clicking Tools > Clear Private Data
Please refer to the follow links for more information.
Hong Leong Bank – Online security tips - http://www.hlb.com.my/pfs/hlobtips.htm
Phish, your money’s gone - http://thestar.com.my/news/story.asp?file=/2009/1/18/focus/3011417&sec=focus
0 comments:
Post a Comment