Phishing is an automated form of social engineering; criminals use the Internet to fraudulently extract sensitive information from businesses and individuals, often by impersonating legitimate web sites. Phishing is a significant and growing problem which threatens to impose increasing monetary losses on businesses and to shatter consumer confidence in e-commerce. Phishing attacks have the potential to become much more sophisticated, making user-based protection mechanisms fragile given the user population of non-experts.
I myself did receive a phishing mail recently requesting for my details for my Maybank account.
The mail looks as follow:
Of course, I did not follow the instructions on the mail as I know it’s a phishing mail. The mail was in my junk mail box as the sender is known as unsafe for me. Furthermore, the link provided is directing me to another web which looks similar to the real one. However, the address is obviously different from the maybank2u.com.my makes me confirmed that this is a phishing mail. So, I did not get “phished”. Hehe…
Of course, I did not follow the instructions on the mail as I know it’s a phishing mail. The mail was in my junk mail box as the sender is known as unsafe for me. Furthermore, the link provided is directing me to another web which looks similar to the real one. However, the address is obviously different from the maybank2u.com.my makes me confirmed that this is a phishing mail. So, I did not get “phished”. Hehe… Below are more examples of phishing:
Ebay Phishing Example
Ebay/PayPal Phishing is very very common. A scammer sends out thousands or even millions of emails to his email list. The end user then clicks on the link in the email and is taken to a site designed to look like ebay. The user attempts to login and in doing so sends his username and password to the scammer.
Or
A scammer sends out thousands or even millions of emails to his email list claiming to be Ebay or PayPal and request your username and password. The novice user may send those details back to the address and their account is compromised.
How to protect yourself from this phishing example?
Of course, DO NOT reply to any email claiming to be ebay or paypal. Do not click on any link claiming to be from paypal. Instead type the url into your browser window, and go there directly. eBay/PayPal will never ask their users for personal information. If you are still concerned, contact ebay directly at 1-800-322-9266.
Bank Phishing Example
Bank Phishing scam attempts are very very common too. Scammer sends out thousands or millions of phishing emails. The email claims that the recipients account has been suspended, and that in order to return their account to normal standing they need to verify some information. The user clicks on a link and submits their user to the scammer. The scammer then compromises the users account. How to protect yourself from this phishing example?
DONOT reply to any email, do not click on any link claiming to be from the bank. As this is a pretty common occurrence you should be able to just ignore it. If you are still concerned or if you see strange activity with your bank account, then please contact your bank (by Phone) ASAP.
Quite interestingly, there is no effective way to stop phishers. I think it depends mostly on how the financial institution, banks and organizations educate their customers to not use any links from the emails or any other sources. They should be declaring their official sites to the public to avoid any mis-communication. Apart form that there are also a couple of tools like Google’s SafeBrowsing for Firefox and NetCraft Anti-Phishing Toolbar that can help the users in detecting the possibly phishing sites. Moreover, internet Explorer 7 which includes Microsoft Phishing Filter will helps to protect you from the web fraud and the risks of personal data theft by warning or blocking you from reported phishing Web sites.
There is also a standard called DKIM, which stands for DomainKeys Identified Mail (a merger of two protocols: DomainKeys, which was created by Yahoo!, an Identified Internet Mail, that allows an organization to cryptographically sign outgoing e-mail to verify that it sent the message. Though this standards does not provide a 100% fool-proof solution to phishing, it at least is working towards enhancing the user’s trust in email due to cryptographic signature in outbound e-mail that is associated with its domain name.
So, be aware of this technique and enter in the data only when you trust the source and you know that it is 100% official.
Read more on phishing…
IT-Sideways: Tech Blog Malaysia: Phishing
i have recently got an same email like yours mention in your blog.
ReplyDeletewell,i din knw it was phishing but i did ignore it cos i doesnt trust internet for requesting bank information..
i was only giving some suggestion,why dont includes some videos in your blog, a desmostartion is better than long explaination.