Phishing: examples and its prevention methods


Phishing, it is a brand of spoofing or carding, which variation under the word - ‘fishing’. The idea was generated which that the bait is thrown out with hopes, so that some will be tempted into biting.

In the field of computer security, phishing is the criminally fraudulent of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT Administrators are commonly used to lure the unsuspecting public.

Phishing is typically carried out by e-mail or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication may require tremendous skill to detect that the website is fake.

Beside that, it is also an example of social engineering techniques used to fool users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

Example of phishing


Since phishing scams are now a part of everyday life. It is very important for us to know how to spot one and avoid becoming a victim.

It is easy to uncover a crude phishing scam. For example, if you get an email from a bank that you are never opened an account at, then do not follow the link and enter your personal information.

However, if you actually have an account at the institution it gets more interesting. You’ll want to look at the message carefully to see if it is a phishing scam. Are words misspelled? Sometimes scammers operate in a second language and they give themselves away by using poor grammar.

You should also examine the link provided. Does it really go where it appears to go? For example, I could tell you that I’m giving you access to the government’s Top Secret Database at https://www.TopSecretDatabase.gov but if you click the link you’ll find that you’ve been directed to a different site. The best way to prevent this is to copy and paste the link (don’t click it) to your address bar. However, you can still get tricked by URL’s that look legitimate but have one or two letters switched.

The best way to avoid becoming a phishing scam victim is to use your best judgment. No financial institution with any sense will email you and ask you to input all of your sensitive information. In fact, most institutions are informing customers that “We will never ask you for your personal information via phone or email”.

The 8 tips to avoid phishing:

1) Never reply to e-mail message that request your personal information.

2) Don’t click links in suspicious e-mail; the link might not be trustworthy.

3) Use the strong or different password for each of your accounts & change them frequently.

4) Don’t send personal information in regular e-mail messages.

5) Do the business only with companies you know & trust.

6) Help protect your PC, keep your PC updated & use antivirus software.

7) Monitor your transaction; using just one credit card for online purchases makes it easier to track your transactions.

8) Use credit cards for transactions on the internet instead of debit cards to avoid the big credit limit from your bank account.

Labels: task 3

Safeguard and financial data


Today's world of technological advances and virtual everything - banking, bill paying, etc. - it's more important than ever to make sure we protect our personal data. In recent years, the Internet has become an appealing place for criminals to obtain identifying data, such as passwords or even banking information. In their haste to explore the exciting features of the Internet, many people respond to "spam" - unsolicited e-mail - that promises them some benefit but requests identifying data, without realizing that in many cases, the requester has no intention of keeping his promise. In some cases, criminals reportedly have used computer technology to obtain large amounts of personal data.

With enough identifying information about an individual, a criminal can take over that individual's identity to conduct a wide range of crimes: For example, false applications for loans and credit cards, fraudulent withdrawals from bank accounts, fraudulent use of telephone calling cards, or obtaining other goods or privileges which the criminal might be denied if he were to use his real name. If the criminal takes steps to ensure that bills for the falsely obtained credit cards, or bank statements showing the unauthorized withdrawals, are sent to an address other than the victim's, the victim may not become aware of what is happening until the criminal has already inflicted substantial damage on the victim's assets, credit, and reputation.

To reduce or minimize the risk of becoming a victim of identity theft or fraud, there are some basic steps you can take. For starters, remember the word SCAM:S: Be Stingy about giving out your personal information to others unless you have a reason to trust them, regardless of where you are.C: Check your financial information regularly, and look for what should and shouldn't be there.A: Ask periodically for a copy of your credit report.M: Maintain careful records of your banking and financial accounts

This below is the 10 ways to safeguard our personal and financial data
1. Take Stock. Know what personal information you have in your files and on yourcomputers. Never leave sensitive papers in a common area unattended.
2. Scale Down. Keep only what you need for your business. If you don't have alegitimate business need for information, don't collect it.

3. Lock It. Protect the information that you keep. Limit access to employees with alegitimate business need. Control who has a key, the number of keys and knowwhen information is being accessed.
4. Pitch it. Properly dispose of what you no longer need. If you collect applicationswith personal financial information, make sure the paperwork is unreadablebefore you dispose of it. Crosscutshredding is an effective way to preventidentity thieves from stealing it from your trash.
5. Email Restrictions. Regular email is not a secure method for sending sensitivedata. Never send personal financial information via Email.

6. Protect It. Use antivirusand antispywaresoftware, as well as a firewall, andupdate them all regularly. Also, use a passwordactivatedscreen saver to lockyour screen whenever you are not in front of it.

7. Use "Strong" Passwords. The longer the password, the better. Use passwordswith a mix of letters, numbers & characters and frequently change yourpassword. Do not use the same password for all of the various accounts youaccess with a password.

8. Limit Team Roles. Only allow certain employees to access sensitive personalfinancial information wherever it is. Manage the user permission of youremployees carefully on places like the Member Solutions or banking websites.
9. Make Sure Your Vendors are PCI Compliant. Any financial institution,software provider, merchant processor, or other company that you do businesswith should be taking steps to be PCI compliant. Any company or softwareapplication that contains cardholder data must comply.
10. Treat it Like it Was Your Own. Safeguard all personal financial information ofyour customers, employees or anyone else like is was your own personalinformation.

Even though financial institutions are required to maintain copies of your checks, debit transactions, and similar transactions for five years, you should retain your monthly statements and checks for at least one year, if not more. If you need to dispute a particular check or transaction, especially if they purport to bear your signatures, your original records will be more immediately accessible and useful to the institutions that you have contacted.

Labels: task 3

The threat of online security: How safe is our data?

There are some of the threats to online security like botnets. Botnet is a huge number of hijacked Internet computers that have been set up to forward traffic, including spam and viruses, to other computers on the Internet. The computer is compromised via a Trojan that often works by opening an Internet Relay Chat channel that waits for commands from the person in control of the botnet. The combined power of bot, computer robots can scan for and compromise other computers and perpetrate DOS attacks.

Virus is a pieces of software code that inserts itself into a host, including the operating systems; running its host program activates the virus. It spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a users sent it over a network or removable medium.

A virus might corrupt or delete data on your computer, use your e-mail program to spread itself to other computers or even erase every things on your hard disk.

Labels: task 3

The application of 3rd party certification programme in Malaysia



Third Party Certification(TPC) is one of the methods to provide confident and satisfaction to customers to surf the website. Through the implementation of TPC programme, people will ensure that their information traveled over Internet reaches the intended recipients and is safe from intruders because of the increased phishing and spoofing attacks on the internet. The most famous application of third party certification programme in Malaysia is provided by the MSC Trustgate.com Sdn.Bhd.




MCS Trustgate.com Sdn Bhd was established in 1999 as a licensed Certificate Authority ( CA ) which issues digital certificate to provide verification that the website does indeed represent its company. It is operating within the Multimedia Super Corridor. The objective of MSC Trustgate .com is to secure the open network communications from both locally and across the ASEAN region. It offers complete security solutions and leading trust services that needed by all the categories. As a CA, Trustgate’s core business is to provide digital certification services, including digital certificates, and cryptographic products, Managed PKI, Personal ID, My Trust, MyKad ID, Managed Security Services, VeriSign Certified Training and Application Development.




Trustgate provide Public Key Infrastructure (PKI) to assist all the companies in conducting their business over the Internet. PKI Technologies help the organizations to enhance the security of the data and manage identification credentials from users and organization. It helps to secure by based on the exchange of digital certificates between authenticated users and trusted resources. The E-Commerce users can design their own PKI to meet the preferable security and technical requirements of their organization such as confidentiality where PKI users will use it to encrypt data that is stored or transmitted.




MyKey is the MSC Trustgate.com Sdn. Bhd.'s Digital Certificate which is MyKad PKI solution that works with your physically MyKad. It is governed by Malaysia’s Digital Signature Act 1997 and is accepted by the Malaysia government. It is class 2 certificate and has 1024-bit key length. When a document digitally signed with MyKey is treated as a legal binding document as it is with a handwritten signature. It provide highest protection for your data and transaction online with reliance limit for fraud protection.

VeriSign is the leading Secure Sockets Layer (SSL) Certificate Authority enabling secure e-commerce, communications, and interactions for Web sites, intranets, and extranets. VeriSign gives confidence to consumers because they can conveniently and securely log-in to their accounts to use online services.




VeriSign will review the credentials and check through all the background of organization to ensure that the claim of organization before issuing any server certificate. The browser will verify its business purpose through ID automatically when browser connects to a legitimate site with VeriSign SSL Certificates. After that, information received by Web visitor is identical to encryption between browser and server and no modification is taken place.
Moreover, it is a two-factor authentication, self-learning fraud detection, and a powerful validation infrastructure helps provide a secure end-to-end solution at a reasonable cost from the most recognized trust brand on the Internet. VIP Authentication Services support second-factor authentication for a range of OATH-compliant credential form factors. Choose from credit-card sized credentials, tokens, even mobile phone credentials to provide the most convenient, cost-effective option for consumers.

Labels: task 3