Phishing: Examples and its prevention methods

Phishing is act of sending an e-mail to a user untruly claiming to be an established lawful enterprise in an attempt to scam the user private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the lawful organization already has. However, the web site is false and set up only to steal the user’s information.

Phishing examples: PayPal

An example of a phishing e-mail targeted at PayPal users.

PayPal phishing attempt can be notice by the spelling mistakes in the e-mail and IP address in the link which is the visible in the tooltip under yellow box. Another clue is lack of personal greeting, even though the company personal details would not be security of legality. Other signs are misspellings of simple words and threat of consequences such as account suspension if recipient fails to fulfill the message requests.

Preventions:

Social responses

By training people to recognize phishing attempts and to deal with them such as in education where training provides directs feedback. To avoid phishing attempts, people can slightly modify their browsing habits such as when contacted about an account needing to verified, it is wise able to contact the company. Almost all legal e-mail messages from companies to their customers contain an item of information that is not readily available to phishes. For example, PayPal always address their customers by their username in e-mails.

Website forgery

Some phishing scams uses JavaScript instructions to change the address bar. This can be done either placing a picture of a legitimate URL over the address bar or by closing original address bar and open new one with legitimate URL.

Besides, attacker can use flaws in trusted website’s own scripts. This type of attack is known as cross-site scripting. They direct user to sign in at their bank or services own web page where whole from web address to security certificates appears correct.

Augmenting password logins

Furthermore, to prevent phishing transaction numbers (TANs) is to combine each TAN with “lock number”. The bank server sends the lock number as a challenge, and user provides matching TAN as response. Server selects key-lock pair randomly from the list to prevent obtains two repeated TANs. Lock number are not sequential, so phishers can only guess correct numbers.

Threat of Online Security:How Safe is our data?

Many people, known as Hackers, want nothing more than to break through ours computer security and expose the sensitive information. With widespread use of personal computers, the pool for "hackers" to target grows every day. We hear about worldwide computer Virus, Trojan, or Worm wreaking havoc on machines across the globe.
For Examlple:
The mail attacker - David L. Smith
Smith was the writer of the Melissa Worm, which in 1999 became the first major e-mail macro virus. He deliberately posted an infected document to an alt.sex usenet newsgroup from a stolen AOL address. The worm, believed to be named after a stripper he knew in Florida, forwarded itself to the first 50 accessible addresses in Microsoft Outlook address books.
Companies like Microsoft, Intel, Lockheed Martin and Lucent Technologies were believed to have had to shut down their email gateways due to the large amount of email the virus was generating. In his federal plea, he acknowledged that he cost caused more than $80 million to North American business, and was sentenced to 20 months in jail.
The Canadian teen – MafiaBoy
MafiaBoy was the alias for a 15-year old Canadian boy who launched a denial-of-service attack that crippled sites such as Amazon, Dell, eBay eBay and Yahoo in 2000, which led to an estimated $1.7 billion cost in damages. The affected sites were bombarded with thousands of simultaneous messages, preventing users from accessing for up to five hours.
Although by Canadian law his name was not released by authorities, media outlets later revealed that his name was Mike Calce. Courts sentenced him to eight months custody in a youth detention centre.
There have have many cases that we can found in internet. How our safe is our data?Even though the large international companies have compactness security system but they still the threats of online security problem there. Thus, as we know that how safety our data.........

Protect our personal/financial data now

How many day you can live without computer or internet? Nowadays, computer and internet have already become a necessary part of our life. It seems that everything relies on computer and internet now such as communication, entertainment and business transactions. Therefore, a lot of our personal data (passwords, records or confidential information) are stored either on our own computer or on someone else’s system. Nobody can guarantee that these data can be stored safely as there are many problem of cyber security now. Have you heard the news about credit card numbers or personal data was stolen by outsider? If you don’t want to be one of the victims of these cases, here are some steps we found from website that can help us to protect our data:

1. Use a strong password to protect access to your data.
2. Use and maintain anti-virus software/spyware and a firewall.
3. Regularly scan your computer and keep software up to date.
4. Avoid unused software programs
5. Dispose of sensitive information properly.

Want to know more? Go to HERE for further information.

Besides above steps, we can provide some tips that based on our experiences. Set a new password regularly for accessing your own computer. Some people like to save their password in computer such as msn password It create a risk that other people can sign in your msn and chat with your friends. Next, do not open or reply the unknown email, website or any online request. These requests might contain some virus/ Trojans that disclose your personal data to someone else. In addition, do not tell any password (e.g. Credit card password) to your friends through internet.

This is our tips, how about you?
Do you have any good tips in protecting our personal/financial data? Tell us ~

Few months ago, there is a big news which happened in Hong Kong entertainment industry. A famous celebrity, Edison Chen’s personal data was stolen by someone else and uploaded it to internet. According to the news, Edison Chen saved his personal data in his computer. One day his computer had some problems and he sent it to the computer shop for repairing. The computer shop’s worker found those data and copied it and uploaded to internet. There is a problem here, how we can protect our personal data when we want to repaired our computer? Our answer is:

DO NOT SAVE ANY CONFIDENTIAL DATA IN OUR COMPUTER!
(^^)

3rd party certification programme in Malaysia

Certification Programme is performed by the third party in order to verify and authenticate the web site.
VeriSign and MSC Trustgate are two popular 3rd party Certificate Programme.

VeriSign is a truster provider of internet infrastructure services for digital world. VeriSign offerings included SSL, SSL Certificate, digital content solutions, Extended Validition, two-factor authentication, identity protection, managed network security, public key infrastructure (PKI), security consulting, information management, and solution for intelligent communication and content.
Now, Internet Users also benefit from VeriSign EV SSL Protection as Mozilla Launches Firefox 3. When visit a site protected by VeriSign EV SSL Certificates, the "Site Identity" button attached to the location bar changes color to indicate the level of identity information provided, offering immediate reassurance that they've reached a site whose authenticity has or has not been verified by VeriSign. By deploying VeriSign EV SSL Certificates, online banks, retailers and other businesses help build trust and confidence among consumers by offering them immediate and visible assurance that they are dealing with reputable e-commerce sites. ----->

http://money.cnn.com/news/newsfeeds/articles/marketwire/0407512.htm

MSC Trustgate.com was established in 1999 as a licensed Certification Authority (CA) in Malaysia under the Digital Signature Act 1997 . It provide security solutions and trusted services to help companies build a secure network and application infrastructure for their electronic transactions and communications over the network.
Besides that, it also develop E-banking Security Deployment, E-procurement Integration, User Authentication and Customer Clearance Approval System,PKI. ---->

http://www.trademal.com/global/index.php/id/17463/MSC_Trustgate_com_Sdn_Bhd/index.html

In my opinion, 3rd party certification programme can help us identify which one is fake or true and it will increase the confidence when customer surfing the website. Customers also can trust the website and give the relevant or confidential information to the authority website as compare with those no such thing like that. Not only protect customers, but the company also need to protect themselves by retain their customers.