Saturday, June 21, 2008

How to Safeguard Your Personal and Financial Data


"Online Fraudster Robbed U.S. Merchants of $3 Billion in 2006"
"E-Commerce Fraudsters' Haul May Reach $3.6 B in 2007"
"E-Commerce Fraud on the Rise!"

These are some of the headlines that hit several online e-commerce journals such as e-Marketers.com, PCMAG.com, E-Commerce Times.com, Examiner.com, etcetera on Nov 2007. These articles reported the survey undertaken by CyberSource, a company that has been studying e-commerce fraud for 9 and more years. Report also showed that "fraudulent individuals are increasingly targeting businesses directly for large amounts of data rather than attacking one customer at a time..."

This is a clear warning sign to every individual -- It's time to double safeguard our personal & financial data!

There are many ways/ tips to safeguard your personal & financial data that you can easily find from the Web sites. Here are some simple reminders:

a) Password/ Encryption
  • Create passwords to protect your private information.
  • Avoid using 1 password for all accounts that you create.
  • Avoid using IC no, birth date, phone no, car registration no, and other familiar no that can be easily identified as your passwords.
  • Use "Alpha-Numeric" passwords.
  • Better still, use encryption to protect important files or data.


b) Anti-Virus/ Anti-Spyware Software
  • Keep an up-to-date, working anti-virus/ anti-spyware software running on your PC all the time.
  • Scan your computer frequently for viruses, bugs, spyware, adware, trojans as these malicious intruders may attempt to disseminate your information or destroy it.
  • Suggested free anti-virus/ anti-spyware software are AVG Free 8.0 and Spybot.
c) General Precautions
  • Never ever visit suspicious Web sites. Web sites that claim they are giving out huge prizes without obligations are one example of suspicious Web sites that may lure you into giving out your personal & financial data, and thus should be avoided.
  • Do not response to any e-mails or messages that ask you to re-enter your password, personal & financial data because they may be a scam. If worried, you should call that particular organization to check out and reconfirm such thing.

  • Never check the "Remember Me" option upon login if you are using computers in cyber cafe or any public computer terminal.
  • Make sure that all transactions are done thru a Secure URL (e.g. https:// the https:// representing a secure line) A Secure URL can be determined by the following characteristics:
    • URL begins with https:// as opposed to http://
    • Padlock icons will appear in your browser indicating a secure connection
    • For some browsers (e.g. Mozilla Firefox) the address bar will be highlighted (usually yellow in color) to indicate it is a Secure URL.

  • Try to always transact at home. If forced to go to a cyber cafe, try to check for keyloggers or anything that might be an attempt to steal your data. Even a mirror on the wall that allows people to see what you are typing is considered dangerous.
  • Before continuing a transaction, you may want to verify whether the particular Web site is genuine or a phish. Check out Mr. Hen's My E-Commerce Blog regarding PhishTank.
Transacting online nowadays is no safer than years ago, although technology has advanced considerably. Therefore we should be vary of situations, as anything can happen anytime and it is of utmost important to always be alert!

*By Shu*
Posted by at 4 comments:
Labels:

Phishing: Examples and its prevention methods.

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.

According to Financial Stability and Payment Systems Report 2007, phishing remained the most common method employed to conduct Internet banking fraud.

Phishing is typically carried out by e-mail or instant messaging and it often directs users to enter details at a website. It is an example of social engineering techniques used to fool users.

An example of phishing would be the FAKE Maybank2u e-mail.

Following are 3 samples of FAKE M2U e-mail:

SAMPLE 1:

SAMPLE 2:


SAMPLE 3:


For the unsuspecting users, nothing is wrong with the-email, but actualy they are phishing e-mail that intend to "phish' your personal Maybank2u.com ID and banking information. The real Maybank2u.com's URL is http://www.maybank2u.com.my/ and you should be suspicious of any e-mail that informs you otherwise.


Please be reminded that Maybank will NEVER send out e-mail or SMS requesting customers to provide

personal banking ID or PIN or credit card information.


Here are the FAKE M2U e-mail links provided by Maybank2u.com.

Sample of FAKE website:



HOW TO PREVENT YOURSELF FROM BEING PHISHED?

Here are some useful prevention methods:


  • We are advised NOT to log on to any website links contained in e-mail. If you login and provide your personal information to the phishing websites, you may soon discover that you are the victim of a financial scam and faced with loss of your hard-earned savings.

  • If you suspect that you have been tricked into giving your ID and Password at a FAKE website, you are advised to call your bank or change your password immediately or by directly logging in through www.maybank2u.com.my. They can reset your password and protect your account. Other than that, you should also report the phishing website or e-mail to Maybank2U.com.

  • If you want to go to your bank’s website, always select from your bookmark or type in your bank’s address manually. If you don’t know the bank’s address, check it out from the bank brochures. Bisides that, you can also easily search it from google or Yahoo! (but make sure you find the correct bank's website and not a phishing site).

  • If the email states that your bank account is being terminated unless you click on the link. Plese don't be panic and simply click on the link. They are trying to play with your emotion and force you to click on the link. What you need to do is just call up your bank for confirmation.


Links :

The Star : Beware bank queries scam
Consumer Advice: How to Avoid Phishing Scams
Maybank2U : www.maybank2u.com.my
All about phishing

~By Siew Ying~

Posted by at 2 comments:
Labels:

A Review on Internet Security: Hackers benefited from online sharing of video and music

Online sharing videos, music can attract hackers!!!


Is it 100% safe to download free video and music online? This is a common concern that often come into our mind, but sad to say that the answer that I’ll give to you is probably-NO! After done with the review on hackers benefited from online sharing of video and music and together with some research on related topic, indeed I’m strongly agree to those security specialists that stated that online sharing of videos and music at the heart of today's Internet lifestyle gives hackers dangerous new avenues for attacking computers!

We often hear people say that there’s no such thing as a free lunch under the sun,but have we really pondered into it? Same apply here in this fast pace virtual society; do you think most of free downloaded websites so generous to provide you the free music and video? Are the channel safe? Think twice...

As what iSEC researcher David Thiel mentioned, it’s true that malicious code can be hidden in video streamed or downloaded from websites such as YouTube or songs streamed from social-networking websites including MySpace. He also emphasized that the kinds of "malware," malicious software, that can be "injected" through video or music files run the gamut from programs meant to simply be annoying to code that takes command of infected machines for bot armies. This is where hackers can use those websites as a medium in which to insert these malware and hack into our computer system..

People should bear in mind that websites that offering free downloadable content such as music and porn video are much more likely to have malicious content and frequently hide computer viruses! So guys, forbid porn and live a healthy lifestyle, think twice before download any, or else viruses are await of you out there!

Know Thy Enemy! Click here and get to know step-by-step guide to the fundamental steps performed in hacking process and how to combat them.

Prevention is better than cure! For our own benefits, here is some prevention techniques.

Related websites:
http://www.manilatimes.net/national/2007/aug/04/yehey/techtimes/20070804tech1.html
http://findarticles.com/p/articles/mi_kmafp/is_20060521/ai_n19402621

By Jian Yi (^-^)`
Posted by at 2 comments:
Labels:

The threats of online security: How safe is your data?

With the evolution of the Internet, nowadays human tend to depend more on online convenience and along came another revolution of crime and security issue where some unethical users commit acts of crime on the World Wide Web. There are several online security risks that can lead the users to serious monetary loss, information thievery and the attack on their computer. Who's at risk? Namely Individuals, organizations of all sizes and in every industry!

The main online security threats include the following:

1. Online Fraud
This is a broad term covering online transactions that involve falsified information. Some common forms of online fraud are the sale via Internet of counterfeit documents, such as fake IDs sold as credentials; offers of easy money, such as work at-home offers that claim to earn individuals thousands of dollars for trivial tasks; prank calls, in which dial-up connections lead to expensive long distance charges. There is four common fraud, namely:

(a) Internet banking fraud
Internet banking fraud is fraud or theft committed using online technology to illegally remove money from, or transfer it to, a different bank account. Phishing is an activity that facilitates Internet Banking Fraud.

(b) Phishing
The term 'phishing' refers to the use of spam e-mails purporting to be from a financial institution such as a bank or credit instituition, in this way criminals 'fish' for legitimate bank customer's logon information. Criminals send out millions of these fraudulent emails to random email addresses in the hope of luring unsuspecting innocent persons into providing their personal banking details.

(c) Identity and Data Theft
Identity and data theft is where the thief obtaining the information illegally, searching for personal information and records. Often they will look for information such as full name, social security number, passwords, credit card numbers and etc. Then they will use this information to gain access to bank accounts or other protected areas, and also unauthorized manipulation of private data such as sold them out.


2. Malicious Attacks
This is the attack that specifically aim to do harm, it also known as premeditated attack. They can be further broken down into attacks caused by malicious code and those caused by intentional misrepresentation. Malicious code, on the other hand, is at the root of so-called "crackings" and "hackings" - notable examples of which include computer viruses, data theft, and Denial of Service (DOS) attacks.

(a) Computer Viruses
The most common form of malicious code is computer virus -- a program or a fragment of code that replicates by attaching copies of itself to other programs. There are four main classes of viruses:

1. File infectors, which imbed themselves into ordinary executable files and attach to other system executables when the file is run.
2. System or boot-record infectors, which infect the first sector on a driver from which the operating system is booted-up. These viruses are not as prevalent now that floppy disks are less frequently used.
3. Macro viruses, which infect data files that include scripting "macros."
4. Multi-part, which use more than one attack method viruses.

(b) Denial of Service Attacks
It is another form of malicious code, are carefully crafted and executed. DOS are not new, yet they are growing in sophistication. Traditional DOS attacks usually involve one computer attacking another, but the use of multiple computers in a highly organized attack is becoming increasingly common. Such attacks, known as Distributed Denial of Service attacks (DDOS).

Education and prudence should be considered key defences in limiting the frequency and extent of online security issue, since most cyber vulnerabilities are largely self-inflicted and avoidable. As prevent is better than cure, it is important that consumers and organizations avail themselves of appropriate computer security tools, which serve to prevent many such interceptions.





"Stop the threat before it becomes a problem"



Some useful websites on online security:

http://www.maybank2u.com.my/online_security_watch/five_tips.shtml
http://www.logicaltips.com/LPMFrame.asp?CMD=DeptArticles&ID=13&AS=I
http://news.bbc.co.uk/2/hi/technology/6998068.stm
http://www.crime-research.org/articles/Internet_fraud_0405/


References:



By Jian Yi (^-^)`

Posted by at 2 comments:
Labels:

Friday, June 20, 2008

The Application of 3rd Party Certification Programme in Malaysia

Have you ever thought that is it secured to make an online transaction? Will the receiver receive my messages without being known by other third party? How do I know my privacy is not being intruded by others? Is the website that I visit can be trusted? and a bunch of questions that you would like to know. Well, there is someone out there is responsible for all the security and privacy issues that are conducted in the cyber world. They are known as Certification Authority or CA, which is a body that are given the licence to operate as a trusted third party in the issuance of digital certificates. In Malaysia, there are 2 licenced CAs which can issue digital certificates to secure web servers, browser and email packages with a range of assurance level; Digicert Sdn Bhd and MSC Trustgate Dotcom Sdn Bhd.(An affiliate partner with VeriSign)

Of course, there is also other well known and highly trusted CAs; VeriSign and Thawte.

What is digital certificate? Why do we need it? Digital certificate acts as an ID card of the particular company which contains name, serial number, expiration dates, a copy of certificate holder’s public key and the digital signature. It is just same as in the physical world where we have the driving licence, business licence, IC and etc. The differences are that it is used hand in hand with the public key encryption system and it is in the digital form. It functions as to certify that the particular website, people or servers are reliable sources and provide protection for the data exchanged between 2 parties from any threat. To know more about digital certificate, click here.

When you browse secured webpage, you will see a security status bar which located next to the address bar. When you saw a lock icon it means that the webpage you browsing is secured. Click on the lock icon, you will see the certificate that used to encrypt the connection contains the information of the website owner.



Why does the digital certificate so important? Well, it assures you with:-

  • Confidential which guarantees you the protection against third party invasion of the messages passed between 2 parties;
  • Authentication of the other party’s digital signature is verified by the person himself;
  • Integrity of the information passed between the 2 parties is not intruded by third party;
  • Non-Repudiation where ensure the party did not deny the action of sending or receiving any transaction/information being made.

Digital certificates play an important role in keeping any online matters safe and secure. It is better to be safe then sorry in order to ensure the connection you browse is secure. Therefore, check any alerts or pop up dialog from the website browser before continue any transaction and giving out your personal information.

*By Oi Ming*

Posted by at 2 comments:
Labels:
Subscribe to: Posts (Atom)