Thursday, June 19, 2008

Cybercrime --- Phishing!

Phishing -- the act of sending e-mail to a user fallaciously claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit the website, where they are ask to update personal information, such as password, credit card number and bank account number. The web site, however, is bogus and set up to steal the user private information.

There are number of cases where this cyber social engineering attracts the financial institutions and other e-commerce web site.

Case 1: In December 2003, a phishing scam that appears to be eBay claiming that the user has to be login in their account to win the prizes offered by eBay (A Mercedes-Benz!). The users thought they are being contacted by eBay and were subsequently login in their account through the provided link that is directed by the phisher. The goal of this scam mail is to capture the login and password number of legitimate eBay users.


Case 2: In December 2004, a mail entitled “Verified by Visa” sends to the Visa credit card holders to claim that the users have to be verified their Visa card to ensure the security of the card. This phish combines excellent execution, dangerous trick, and a flaw in Visa’s legitimate site to create the most dangerous phish scam. It is widely spread, as it is looks perfect!


Case 3: In June 2005, a mail pretended from Sky Bank sends to the bank’s customers, by claiming that their account has to be restoring as to the event that unauthorized third party may have been accessed into their account (another scam mail due to the security reason). A link is provided and directed to the web site that seems to be legitimate Sky Bank site, require the users to fill up a range of private information.

So, how to prevent it?

(1) The e-mail will contain a click able link with text suggesting you use the inserted link to validate your information. When you point to the hyperlink text, the bottom left of web page will show the real web site address to which you will go. It is important to note that the hyperlink does not point to the legitimate web site.

(2) The logon, help links, the tabs at the top and privacy links and other page elements help legitimise the page, especially the “secure verification” logon. You have to extra careful not to trap into this trick by just believe that the web site is secure. It is easy to put the “secure verification” logon in the page!

(3)In the absence of the “lock” icon in the status bar, indicating a secure, HTTPS session, it is most probably a phish site!

(4) Sometimes, the URL in the address bar is different from the legitimate company. It does not show the legitimate company URL.

(5) Always update your internet browser, install firewall and antivirus program that can enhance your computer security.

To avoid from being phished, the best prevention is that do not easily trust on the e-mail and web site. Examine first before you give your information as requested!


Click here to Maybank Security Alert!



By FuiChin

No comments: