Friday, February 6, 2009

Phishing: Examples and its prevention methods.



Day after day, computer users are bomb with an increasing number of phishing-based emails and attacks.

WHAT ARE “PHISHING’?

Phishing is a high technology and criminal process of attempting to acquire people personal information such as information of the credit card, user name and password of ATM Card or personal sensitive or financial data. Once the thieves have the information’s, they may use it for the following things:-

1. opening credit lines using your name and use it to buy expensive item such as gold, jewelry;
2. applying loans form unauthorized financial institution;
3. declaring bankruptcy using your name; or
4. using your name commit criminal

Phishing is usually carried out by e-mail or instant messaging, and it often makes the users to enter details at a website without any doubt. Phishing is an example of social engineering techniques which takes advantage between people and technology. People often trust information they receive via e-mail or from a website.


EXAMPLES OF PHISHING


















An example of a phishing e-mail, from an official e-mail of a (fictional) bank. The sender is tried to trick the recipient into revealing secure information by “confirming” it at the phisher’s website. Note the misspelling of the words received and discrepancy.



Example PayPal Scam Email:


You've added an additional email address to your PayPal account.

If you don.t agree with this email
philip@adelphi.net and if you need assistance with your account, please click here to login to your account.

To make sure you can use your PayPal account the next time you make a purchase, all you need to do is confirm or not your email address. If your email program has problems with hypertext links, you may also confirm your email address by logging in to your account.

Thank you for using PayPal!

Sincerely,
PayPal Customer Service

----------------------------------------------------------------


Here is what PayPal suggests:


Look for a PayPal Greeting
PayPal will never send an email with the greeting "Dear PayPal User" or "Dear PayPal Member." Real PayPal emails will address you by your first name and the last name or the business name associated with your PayPal account.

Don't share personal information via email
We will never ask you to enter your password or financial information in an email or send such information in an email. You should only share information about your account once you have logged in to https://www.paypal.com/.

Don't download attachments
PayPal will never send you an attachment or software update to install on your computer.


PREVENTION METHODS
1. Be aware of any email requesting personal information. Don't reply to any suspicious looking emails or click on any links that you're unsure of.

Always ensure that you are on a secure connection to a web server when submitting personal information across the Internet. This is determined by:
· Seeing an https:// appear in the URL instead of http://
· Seeing a picture of a locked padlock in the lower right-hand corner of the BROWSER WINDOW, not the page itself. (Before careful, sometimes phishers display this icon on their website to trick users into thinking they have a secure connection!)


2. Be suspicious of any email with urgent requests personal information.

Phishers have been known to include upsetting statements in their emails to get people to react immediately. Some of them toned down their language as e-mail recipients in order to attract you to believe. Either way, the e-mail typically asks for information such as usernames, passwords, credit card numbers and social security numbers.

3. Be careful of emails that are not personalized and or contain spelling errors

Many phishing emails are sent in great bulk and, therefore are not personalized. If you are suspicious of email claiming to be from your institution that is not personalized, call your institution before responding to the email to confirm the validity.

4.
Be careful of personalized emails that ask for personal financial information.

Be suspicious of any email that contains some personal financial information such as a bank account number, and ask for other information such as a PIN. Your bank will never ask for or send you financial information by email.

5. Do not use links in an email to get to a banks webpage.

Call the bank via telephone to confirm the address. You may also log onto the banks website directly by typing in the web address in your browser.

6. Do not complete forms in email messages that ask for personal information.


Your bank would never ask you to complete such a form within the body of an email message.
Regularly log on to your online accounts and check your bank, credit and debit card statements to ensure that all transactions are legitimate.
The advantage of banking online is enabling you to regularly review your account for unauthorized or unusual activity. If anything is suspicious, contact your bank and appropriate card issuers immediately.
Ensure that your internet browser program is up to date and that the most recent security updates have been applied.
Always visit your browser provides homepage to download the latest security patches even if they don’t alert you to do so.

Thursday, February 5, 2009

The Application of 3rd Party Certification Program in Malaysia

3rd party certification program plays a significant role in boosting our confidence when dealing with online transactions. With a trusted online environment, you did not fear of having your personal data be stolen, information contaminated by third parties, and transacting party denying any commercial commitment with you. Furthermore, it assists in the development of greater Internet based activities.


The most famous application of 3rd party certification program in Malaysia is provided by the MSC Trustgate.com Sdn Bhd. It was incorporated in year 1999. It is under a Licensed Certification Authority (CA) of the Multimedia Super Corridor. Certification Authority is the body that given the license to operate as a trusted third party in the issuance of digital certificates.

The objective of MSC Trustgate is to secure the open network communications from both locally and across the ASEAN region. Trustgate provides digital certification services such as digital certificates, cryptographic products and software development. The products and services of Trustgate are SSL Certificate, Managed PKI, Personal ID, MyTRUST, MyKAD ID, SSL VPN, Managed Security Services, VeriSign Certified Training and Application Development.

The vision of MSC Trustgate is to enable an organizations to conduct their business securely over the internet, as much as what they have been enjoying in the physical world.

VeriSign is one of the most recognized trust marks on the Internet. It not only builds confidence in one's brand with online customers, its comprehensive approach to securing networks and Web sites. Besides that, VeriSign is the leading Secure Sockets Layer (SSL) Certificate Authority which also enabling the security of e-commerce, communications, and interactions for websites, intranets, and extranets. It provides security solutions to protect an organization’s consumers, brand, website, and network.

Why is the 3rd party certification needed?

The major reason is the threats of internet security spreading over the network nowadays. For example, with the increase of phishing on the internet, customers want to make sure that whether they are dealing business with a trusted party. They are afraid of their personal information such as ID number, passwords, credit card numbers and so on will be sent to those companies which do not exist in this real world. Thus, the certification from 3rd party is needed to ensure their information traveled over the Internet reaches the intended recipients and is safe.

~ End of Post~

How to safeguard our personal and financial data?

In our digital age, it is commonly use computer to save personal data and use internet to do the financial transaction such as transfer money, checking account balance, pay monthly expenses and so on because it enable to save time from queue up and waiting up to an hour at eg. Post Office. But, are you sure all of the personal and financial data are secure from it. Besides, data can be classified into few categories, such as personal, public, confidential, top-secret or other categories. Therefore, the privacy data need to be protected to avoid ourselves becomes the next victim. Below is the ways should be taken in order to safeguard our personal and financial data.

1. Keep the personal, financial and sensitive data off from the computer
It is just simple and very effective way where keep bank account numbers, passwords, user name off your computer. It can save into Pendrive or CD Rom in a document form and keep it in a safe place. When data is needed we just plug in the drive to the computer. Besides, if do not want save into external hardware, try to stand by or turn off the computer when leave the computer for long time periods. It can avoid anyone to steal the data when not around but make sure there is password protected for your computer as well as encryption for the documents.



2. Clear your browser’s cache after an online transaction
Sometimes browser will save certain information, user name, passwords that we typed into forms, example for online banking in public bank website which I have learned. That is after all transactions had made, make sure to clear off all the browsing history. It is because to avoid next person easily to track our private user name and passwords. It just an easy way where click ‘tool’ on the web page, ‘internet option’, ‘browsing history’, then click ‘delete’ and ‘yes’. Then, it is successfully to clear browser history.



3. Turn your computer off or on standby when you are not using it
It is really an effective and easy way. If your computer is not turning on, then a hacker, virus, or anything else is can not do anything. For anyone has a desktop at home, make sure turn it off or put your laptop into sleep mode when you are not there. It is because some people have this habit to turn on their desktop 24 hours per day for their convenience. Therefore, why open it to get attack if you are not even using the computer.



4. Make sure your computer installed antivirus software and firewall
Antivirus software such as Avast, Kaspersky, BitDefender and others are use to protect the computer to against phishing, malware in order to protect personal and financial data from hacker and intention party. Beside that, make sure the antivirus software up-to-date as well as regularly scan the computer to remove any critical files which will affect the overall performance of computer and allow easily access to the private data without any notice to an individual. Apart from that, firewall helps protect the computer by preventing unauthorized users from gaining access to it through a network or the Internet. It also helps to protect computer against viruses and other security threats. In addition, both of the antivirus software and firewall are work together to help protect the computer.

The threats of online security: How safe is our data?

Due to the advance of technology and development of e-commerce, online security is a major issue and concern by the customers when make any transaction through online. Therefore, we need to consider about the security for our personal or private data as threats can come in from any direction.

There are few common threats of online security that we need to be aware such as spam mail, viruses, phishing attacks, social engineering, spyware attack and etc.

Spam mail

Spam mails sent without the alert of the recipients. According to survey, security-related threats and attack incident in year 2007, Malaysia, total 38601 emails is spam. Nowadays, the quality of spam has improved. It can be sent out together with attach of images, PDFs, documents, spreadsheets or videos which may links to malicious sites or malware.


virus
Computer virus is a dangerous virus and with the feature of able to generate and copies itself. In addition, it causes changes in the computer settings as well as slows down the performance of the computer. The most damaging viruses are the ones that are simply designed to cause as much destruction as possible, such as deleting important files.



Phishing attacks

A popular method of phishing is to steal consumers' personal identity data and financial account credentials through fake websites. Phishing messages pretend to be from eBay, PayPal and etc. The scams sent out e-mails to recipients by asking them log in to the fake websites in order to disclose their private information such as financial accounts number. If the private information entered, they will steal the username and passwords that you are sunk.



Spyware attack
Spyware is one of the online threats that is designed to steal the information from computer without your authorization. Spyware is dangerous in that it can steal your personal information, such as documents, passwords, credit card numbers, bank accounts numbers, for the sole benefit of the people behind the spyware.

In conclusion, online security should be pay attention by online users since threats will not say “hello” to you when it is come unless there are some prevention action such as using anti-virus programmed. It helps to detect viruses which contain in the file received and scanned it to ensure it is safe before open it.