E-CoMm3eRcE

FISHING?? Or Phishing?

Most of the average home computer users like us are always bamboozled by the technology jargon. Why is it they have to use such technology jargon? The best answer will be to WARN people about the most serious security problem! That is what we so called “GEEK SPEAK”, to confuse the net users. Lol…

So, what is PHSHING actually?

In computing, phishing is a form of criminal activity using social engineering techniques. Social engineering is a type of nontechnical attack that uses social pressures to trick computer user into compromising computer networks to which those individuals have access. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. It is often done by impersonating legitimate web sites such as eBay, PayPal and online banking. Phishing is typically carried out using email or an instant message.

Phishing is a significant and growing problem which threatens to impose increasing monetary losses on businesses and to shatter consumer confidence in e-commerce. Phishing attacks have the potential to become much more sophisticated, making user-based protection mechanisms fragile given the user population of non-experts.

Wants to know the victims of phishing in Malaysia?

In September 2004, a Citibank phishing e-mail started to spread around via e-mail in Malaysia, trying to warn the customers of possible fraud which affecting their accounts and urge them to log in to check the status.

Remark: Click to enlarge

In year of 2006, RHB Bank was also once became the target of phishing scam. Such fake e-mail is sent by unauthorized party to deceive the users.

Remark: Click to enlarge

Of course, the most recent case happened in Malaysia is Phishing scams e-mail from Maybank Malaysia. This took place during March 2009. The fake e-mails are widely sent to mislead customers and even the public who are not Maybank's customer.


Prevention is better than cure!! Therefore, there are several steps available for computer users like us to avoid being phished.

1. Don’t ever TRUST
Don’t ever trust e-mails that urgently requesting personal financial information. Phishers want you to react immediately and therefore include many upsetting or exciting statements which trigger fear or happiness. The most popular method is by presenting you as the winner of a lottery. (So don't be silly, there's no free lunch in the world).

2. Don’t CLICK anything

Avoid clicking any links directly from your e-mails. Rather, open a new browser to open the links. This is because users may overlook the links which sometimes being masked, meaning that the link you see does not take you to that address but somewhere different, and usually an illegitimate Web site.

3. Check the SENDER’s e-mail
When the users receive any e-mail asking them to verify their account information, the users should check the sender’s e-mail address. When the e-mail address is not the domain of a legitimate bank, then the possibility of a phishing e-mail is obviously ascertain.

4. Check for “Https” rather than “http”
Users should always check whether there is an “s” after the “http” in the URL. When there is a “https” appears, most probably that it is a phishing e-mail. To make the phishing e-mail messages look even more legitimate, they may place a link in the e-mail which appears to go to the legitimate Web site, however, it actually brings you to a phony scam site or possibly a pop-up window that looks exactly like the official site.



References:
Don't Click Anything

Anti-Phishing Game To Help Raise Awareness

Recognize Phishing Scam and Fraudulent E-mail

Mobile Device To Defends Against Phishing