Why It Is Easy to Fall into Online Phishing Scams
I not surprise to read some victims were easily trick into Phishing Scam especially to those who is not that well-versed or savy with computers and online transactions.
This scam involve in tricking people into providing sensitive personal information such as login and password for online banking details.
You may read all about Phishing Scam at Beware of Phishing Scam
The culprits behind these scams are so brilliant, clever and IT-savvy.
They can design a good e-mail like shown below and their referring websites look exactly like those belonging to the banks.
They even provide the logo of Bank Banner, Central Bank of Malaysia(Bank Negara Malaysia) and a picture of verisign Secure Site.
It look very real!
That why those who are not IT savy can easily fall into this Scam!
One of the sample Phishing Scam e-mail that I received almost everyday!
Dear valued customers,
Please be cautious and more aware of your surroundings when you are at the ATM. Do not respond to any attempt by strangers to interrupt your transactions. We need you to focus on your ATM transactions until they are completed.
This is why we have brought you this alert to get secured also to protect your transactions,
Please ensure that your maybank2u TAC receiver phone use when registering your account for receiving TAC on the kawanku ATM is available with you to get verified and protected on our below secure site provided,
Notice : On our secure site below you will be requested to authenticate your account using your TAC.
https://www.maybank2u.com.my/mbb/m2u/common/M2ULogin.do? action=Login
Thank you.
————————–
** Remember the Bank Never ask you to provide any login or password over the mail!
.
Phishing Scams in Plain English
.
.
Easy to fall prey to online scams
.
I FELL victim to an e-banking scam recently and lost quite a huge amount of money. I am one of those who is not that well-versed with computers and online transactions and began using the Internet banking service in January this year after being told repeatedly by others that it is easy and saves time.
It is easy and it saves time, but it is also easy for unsuspecting customers to fall prey to scams because the culprits behind these scams are a brilliant lot and IT-savvy — their websites look exactly like those belonging to the banks.
In my case, my money was fraudulently transferred to somewhere in Romania.
It is disheartening to know that the bank involved has been uncooperative with the police.
I was also made to understand that victims of online scams were mainly from two major banks in the country.
I wish to express my disappointment with the way my bank dealt with me, an aggrieved customer.
I hope it can be less stoic and rigid and be more attentive, alert and compassionate.
There are cases of customers whose life savings were wiped out from their accounts. Imagine their misery.
Also please do not just give verbal or written replies such as “your case is still under investigation.”
I was made to understand that a letter to affected customers on the status of the investigation will be issued every two weeks, depending on new developments.
So if there is no new development, will we receive the same response in each letter?
I do hope that highlighting this will make everyone more aware of such scams.
Customers who are in the same boat as I am need more concrete assurances and it is high time the banks show that they are serious in providing some form of compensation.
Some people may think that it is too much but it will provide some consolation to the aggrieved party.
The banks will get their customers’ trust in return.
Word of mouth is an effective form of advertisement.
Also, having security alert notices in the Internet banking pages as well as in the PAC SMS messages are not enough. Customers do not do e-banking every day.
And not all are IT-savvy and familiar with IT terms.
Find a simple way with far-reaching effects.
I do hope this will be a lesson for everyone.
If you have doubts about online banking, stick to what you think is best and safe.
MRS M.A. AHMAD, Kuantan.
fr:thestar.com.my/news/story.asp?file=/2010/4/19/focus/6082742&sec=focus
.
Steer clear of phishing sites
.
CYBERSECURITY Malaysia is concerned with the letter “Easy to fall prey to online scams” (The Star, April 19).
The scenario described in the letter is known as “phishing” where the criminal tricks the user into divulging his or her online banking credentials through a fake bank website.
It is quite common to find an e-mail in our mailbox purportedly from the bank urging us to log in to the bank’s e-banking website via a modified link. The criminals basically try to persuade users to go to fake banking sites and usually, this is done by using e-mails worded so convincingly that users are persuaded to click on a link that would lead to the fake website.
In the first quarter of 2010, 143 incidents involving phishing sites targeting Internet banking sites in Malaysia were referred to the Cyber999 Help Centre of CyberSecurity Malaysia. Cyber threats such as phishing are expected to rise as criminals are moving their operations to cyber space and more people are connected to the Internet.
To educate the public, CyberSecurity Malaysia has published an advisory with regards to Internet banking fraud (www.mycert.org.my/en/services/advisories/mycert/2009/main/detail/718/index.html).
We have also produced educational materials and carried out security awareness activities through our Cyber Security Awareness For Everyone (CyberSAFE) initiative.
We would like to encourage the public to visit CyberSAFE portal www.cybersafe.my for tips on safety in the cyber world or our corporate website www.cybersecurity.my for more resources on cyber safety. You can also find us on Facebook and Twitter (@cybersecuritymy).
While we may not be able to prevent nor stop such incidents from happening, Internet users can protect themselves by learning about cyber best practices and taking safety precautions while surfing the Internet.
If you receive a phishing e-mail or link to phishing sites, you can forward it to our Cyber999 Help Centre (cyber999@cybersecurity.my) for further analysis and action.
CyberSecurity Malaysia is the national cyber security specialist centre under the purview of the Ministry of Science, Technology and Innovation (Mosti), Malaysia. Our services include:
·CyberSAFE (www.cybersafe.my)
·Cyber999™ Help Centre
·Digital Forensics / CyberCSI™
·Security Management and Best Practices
·Security Assurance
·Malaysia Common Criteria Certification Scheme (MyCC)
·Cyber Security Training and Professional Certification
·Cyber Security Policy and Legal Research
LTD COL HUSIN JAZRI (RETIRED),
CEO,
CyberSecurity Malaysia.
fr:thestar.com.my/news/story.asp?sec=focus&file=/2010/4/21/focus/6095783
.
IT security must be put in place fast
I REFER to “Easy to fall prey to online scams” (The Star, April 19) and “Steer clear of phishing sites” (The Star, April 21).
I feel so sorry for the victims. But, then who knew that she was an Internet banking user and had access to her e-mail address?
It’s clear that her information was sold to a fraudster or phisher by an unscrupulous person. And, it could be anyone.
Information can also be divulged accidentally, even during casual chats over a cup of coffee. There may be people within earshot. Hence, guard your tongue.
One must not underestimate the dangers of identity theft. According to CyberSecurity Malaysia, there were 143 cases of phishing this year.
One may think the 1990s movie The Net is fiction, but it can happen to anyone in real life and when he or she least expects it. There are even clips posted on video sharing sites on how to create a phishing site.
Let’s hope the Science, Technology and Innovation Ministry and CyberSecurity will work closely with IT security experts in the West.
It is advanced there. For instance, a company based in the US offers :
> Monitoring the Net for illegal selling of information; it patrols over 10,000 criminal websites and notifies you if your personal data is being misused online.
> If a wallet is lost or stolen, it will contact each credit card, bank or document issuing company to cancel your accounts and replace the lost documents, including driver’s licence, insurance cards, cheque book and even traveller’s cheques.
> It verifies change of address requests submitted on your behalf.
Let’s hope the ministry and CyberSecurity implement the above soon.
EDWARD WONG, Ipoh.
fr:thestar.com.my/news/story.asp?file=/2010/4/26/focus/6130416&sec=focus
Syndicate cons victims of their banking details
GEORGE TOWN: The public has been warned to be on the alert for a syndicate which dupes victims into revealing personal banking particulars and the security code of credit cards.
The syndicate’s modus operandi is to call their victims by phone, claiming to be from a local bank, and inform them that they had exhausted their credit card limit or a huge amount of transaction had taken place.
The victims would then be asked to call a number of the “bank” to verify the purchases.
When the victim makes the call, a bogus “bank officer” would verify the transaction involving thousands of ringgit and the victim would be asked to give their personal particulars, including bank account numbers and the three-digit security code on their credit card for verification to stop the so-called fraud.
The syndicate’s activities came to light after seven cases, involving victims who lost a total of RM60,000, were detected in Penang this month.
State Commercial Crime Department chief Asst Comm Roslee Chik said Penang recorded the highest number of such cases in the past two weeks.
In some cases, the victims were told that there was a problem with their bank account and were asked to transfer their money into another given account number until the “bank” completed its investigation.
He advised the public to ignore such calls and to liaise directly with their banks if there was such a problem with their credit cards or bank accounts.
“A bank officer will never call to ask for such information. Never give out your three-digit security code for they could easily be used for on-line transactions.
“We tried to trace the number that was used to call the victims but it was registered in Taiwan,” ACP Roslee said.
fr:thestar.com.my/news/story.asp?file=/2009/8/17/nation/4533253&sec=nation
Cyber security is in good hands
THE Science, Technology and Innovation Ministry (Mosti) and CyberSecurity Malaysia would like to thank the writer of “IT security must be put in place fast” (The Star, April 26).
The writer was referring to CyberSecurity Malaysia’s feedback in an earlier letter in The Star on phishing that CyberSecurity Malaysia had responded to.
In his letter, the writer expressed concern over phishing and how it could affect Internet banking users and the growth of the ICT industry in Malaysia.
“Let’s hope the Science, Technology and Innovation Ministry and CyberSecurity will work closely with IT security experts in the West,” he had urged.
We would like to assure him that CyberSecurity Malaysia has been collaborating with international experts and organisations in information security.
CyberSecurity Malaysia spearheaded the formation of cyber security collaboration called the Organisation of Islamic Conference Computer Emergency Response Team (OIC-CERT) among OIC countries and is currently holding the Chair position.
Other initiatives include co-founding the Asia Pacific Computer Emergency Response Team (Apcert), becoming a member of the Forum of Incidents Response and Security Teams (First) and the Anti-Phishing Working Group.
With such collaboration, CyberSecurity Malaysia is able to work closely with trusted and reliable international information security experts.
We would also like to acknowledge the writer’s suggestion of providing personalised services for managing stolen or lost identity as offered by a company based in the US.
However, managing online identities is more complex than dealing with a stolen wallet as it usually involves cross border cooperation.
On that note, CyberSecurity Malaysia has been providing proactive services for notifying local financial institutions when it discovers phishing sites, stolen credentials and use of malicious software such as Trojans.
On cyber security awareness and acculturation, Mosti and CyberSecurity Malaysia have been conducting continuous initiatives to educate Internet users in Malaysia on Internet safety and security. Both organisations play active roles in overseeing the security of Malaysian cyberspace.
More information can be found at CyberSafe’s portal, cybersafe.my, which provides Internet safety tips, advisories and messages of cyber safety to family and friends.
CORPORATE COMMUNICATIONS UNIT,
Science, Technology and Innovation Ministry.
fr:thestar.com.my/news/story.asp?file=/2010/4/30/focus/6159976&sec=focus
M’sia calls for collaboration in fighting cyber crime
SEOUL: Malaysia proposes to establish collaboration with several countries to combat cyber crime, Malaysian Information Communication and Culture Minister Datuk Seri Dr Rais Yatim said here Tuesday.
He said the cooperation would also encompass the aspect of technology as well as developments in the monitoring of crimes in the cyber world.
Dr Rais, who is attending the World Information and Communication Summit 2010: WICS 2010 which began Tuesday in this capital of South Korea, said cyber security was one of the topics which Malaysia touched on at the conference.
He said the participating countries offered their respective views on cyber security, some of them in a serious tone.
“We will look at several reports of this conference for consideration at the national level,” he told Malaysian journalists. In his presentation at the summit, Dr Rais said cyber security was a national concern that would require all countries to adopt a united-front approach.
“The rise in cyber security attacks over the last few years reinforces the urgency to address the said issues through the establishment of appropriate global frameworks for assessment and exchange of information related to cyber security,” he said.
Dr Rais said Malaysia did not impose prohibitions on or censor the Internet but there were provisions in cyber laws such as the Communications and Multimedia Act governing individuals who committed cyber-crimes.
He also said that some countries did not have cyber laws.
“These countries were soft (in terms of cyber-crimes), but there were also countries which were serious (in the matter),” he said.
WICS 2010 is organised by the Korean Communications Commission and carries the theme “Expanding Digital Economy and Culture”.
It is attended by ministers and deputy ministers from 15 countries, including Mongolia, Ghana, Peru and Mexico.
The two-day WISC 2010 aims to strengthen cooperation and build a more sustainable future by sharing participating countries’ experiences and vision in Information and Communication Technology (ICT).
fr:thestar.com.my/news/story.asp?file=/2010/5/25/nation/20100525202821&sec=nation
Bank customer targeted by phishing scam
CIMB Bank Berhad say they take such scams seriously
Hafizah Hoze Rizal
Monday, June 7th, 2010 09:37:00
GANESH of Kuala Lumpur claims that CIMB Bank Berhad did not take his alerting them about a scam seriously.
“I received an email from CIMB Bank, asking me to update my details and when I clicked at the URL that the email provided, it took me to a peculiar URL from South Africa, which looked almost like CIMB’s actual URL, which is cimbclicks.com.my,” he says.
“I enquired how such an Internet intrusion into my account could occur, but the response I received was completely unsatisfactory. They didn’t even care to ask what actually happened and I find it unacceptable that CIMB took the matter lightly.”
● A SPOKESMAN for CIMB Bank Berhad says: “We regret GANESH found his experience with CIMB customer service unsatisfactory and hope that our answers will help.
“Phishers (originators of phising scams) obtain email addresses through a technique called spidering. This enables the phisher to collect email addresses that have been made public through forums, social networking websites, personal mailboxes and so on. Phishers send out these scam emails to millions of people hoping one or two will fall for them. Phishers have no idea if the recipients are actual customers of the bank.
“The originating email address appears to be genuine as a technique called spoofing enables the original address of the sender to be hidden from the recipient. The information in the “from” section can be changed in any email client to reflect any email address.
“It is not CIMB Bank’s policy to obtain account updates via the Internet and customer service staff are trained to recognise phishing scams. They are told to inform customers accordingly when they call.
“We would like to alert customers that phishing scams are a common problem that all consumers have to be aware of in this digital age. We take the problem very seriously and have alerts and links on our websites to help customers identify and be wary of these scams.”
Further information on phishing scams and safety is available on cimbclicks.com.my.
fr:mmail.com.my/content/38832-bank-customer-targeted-phishing-scam#comment-20408
IRB: Don’t be fooled by scam
By LOH FOON FONG
KUALA LUMPUR: A syndicate is baiting victims through the Internet by claiming the recipients will each be given a RM2,812.49 refund by the Inland Revenue Board (IRB).
IRB chief executive officer/director-general Tan Sri Hasmah Abdullah said the syndicate had stated the figure right to the cent to make it believable, compared with the previous RM700 which the IRB had warned the public about on July 21.
“We want to state that the e-mails are fake and were not sent by the IRB,” she said at a press conference yesterday.
“If the IRB wants to inform taxpayers about refunds, the board will call and send a letter. Such information is never relayed through e-mails.”
On how the syndicate cheated its victims, Hasmah said the fake IRB website would ask the recipients to input their identification number and Tac number (an authentication code for online transaction meant for secure banking).
Once the victims release the information, the syndicate would steal money from their accounts.
Hasmah urged consumers not to open the fake IRB link.
They should also contact the bank and make a police report.
From July 21 to Aug 17, the IRB received 217 calls from the public regarding the “refunds”.
Hasmah added that the board did not send out any e-mail from Tax-Payment @ hasil.gov.my.
She warned the public not to respond to the e-mail.
Users should type out the actual address of the IRB instead of clicking on the link to avoid landing on a fake website, she said.
Hasmah also urged taxpayers to make a police report if they were approached by so-called IRB officers seeking to collect tax payments.
“Taxpayers need to pay at the IRB collection centres in Kuala Lumpur, Kuching and Kota Kinabalu or through authorised banks,” she said.
Malaysian Communications and Multimedia Commission’s monitoring and enforcement division acting senior director Eneng Faridah Iskandar said the commission had blocked 309 websites from January to July for phishing.
fr:thestar.com.my/news/story.asp?file=/2010/8/19/nation/6878445&sec=nation