Monday, July 6, 2009

Example and prevention methods of phishing

Phishing is a process in which criminal sending a fake email to user and acting as if a legitimate body to request for personal confidential information such as credit card password, bank account number and user name. basically, the bogus email will direct user to a website and request for personal information update in fact it is a trap.

One of the real cases was reported on 31 March 2009 where a lot of Maybank customer including non-customer were received a phishing scam as follow:



As we can see the phishing email is trying to grab the recipient's confidence by adding the logo as well as image copied from the legitimate website as convince recipient to observe the steps given by the scam artists. The trap under step 4, most of the recipients may click in the link and being
directed to a new website to update their personal information with procedures provided.

Besides, a similar case in Malaysia (Malacca) was reported in thestar news on 23 of June 2009. A man loses RM 5000 to online phishing scam in a local bank.

In order to prevent phishing scams effectively we need to be acknowledged on some prevention
method:

  1. Install an anti-phishing software such as GFI MailEssentials which is an anti-spam and anti-phishing solution for Exchange Server and other email servers.
  2. Don't trust and be suspicious toward e-mail headers, which can be forged easily.
  3. Never ever click the link within the text of the email.
  4. Avoid filling out forms in e-mail messages where requesting your confidential information.
  5. Verify the legitimacy of a web address with the legitimate company directly before submitting your personal information.
  6. If u had clicked the link provided by an unsolicited email you should check whether there is an 's' after the http in the address and a lock at the bottom of the screen that indicates the link is secure and encrypts data. Because in an an online form of asking consumer to submit sensitive personal information should always be encrypted.
  7. Contact the legitimate company named in the email to double confirm whether the email is sent them for information request. In fact, most of the companies do not ask customers to confirm personal information by sending an email.
  8. If you have accidentally provide the sensitive personal information to cyber-thief you should contact the legitimate company to suspend your account, change password as well as change your user name.
  9. lodge a report about the suspicious email to the Federal Trade Commission's address for unsolicited commercial email.
  10. Notify the Internet Fraud Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov
Year-in-year-out the case of phishing is tremendously increase. As we can see in 2007, There were 147 phishing cases while there were 1,057 in 2008, an increase of 619% . Apparently, the case of phishing is tremendously increase. As a naive user, we need to strengthen our awareness toward every phishing email.



Sources from:

3 comments:

Anonymous said...

Good!! Good!! Good!! I'll pay more attention to this issues!! Thanks ya...



From: Fish~~

Emay Tai said...

Haha.. please take note of it.

Weijian Lee said...

Phishing is increasing exponentially, soon it will become prevalent crime in the cyber space.Everyone of us should aware about this type of cyber fraud which can cause substantial loss.