Friday, February 06, 2009 by
Siew Cheng Theng
, under
Phishing,
Week 4
Phishing is a broadly launched social engineering attack in which an electronic identity is misrepresented in an attempt to trick individuals into revealing credentials. In addition, Phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, email ID, others account data and passwords, or other information.
We might see phishing scam :
In email messages
On your social social networking Website such as Facebook
On a fake website that accepts donations for charity
On websites that spoof your familiar sites using slightly different Web addresses
On instant messaging program such as MSN or Yahoo Messenger
On cell phone or other mobile service
Here are example of Phishing:
(Click to enlarge)
(Click to enlarge)
(Click to enlarge)
The pictures above show the different example of how phishing email try to steal information of the users.
From the information above, we know that phishing can be everywhere and it just near to you and me. So that, its very important for us to prevent phishing. Otherwise, our information will be STEAL by others.
Here are some of the ways to prevent Phishing:
(1) Keep your email and instant message addresses private
The best way to keep yourself from being tempted to respond to phishing is to prevent them to get your email box. You can try to separate email addresses ,one for financial institution, one for family and friends, and one for public use. Nowadays, many email provider will allow us to redirect the different email addresses into one account so that it can be easier for checking the email. Please remember to keep your financial transaction as private as possible.
(2) Immediately report suspected phishing contacts
You can call the customer service phone number immediately to confirm whether you have receive an actual messages or not when you do receive message you suspect to be phishing scam. In addition, you can report suspicious emails to almost every bank and credit card lender.
(3) Check who the email is from
Just check the sender of the email. A phishing scam may have email addresses that is not the domain of the legitimate bank/service. Also be aware of banks or any financial institutions asking for verify your account information. We suggest simple just delete the email like this.
(4) Do not follow a “Click Here” link in the email
“Click Here to re-enter your user information” is usually link that leads to an illegitimate website in phishing emails. You may be able to determine the link is real or not by looking at the link. Do not just focus on the domain name, take a look at the slashes that follow. Furthermore, the connection should be encrypted – the link should start with https:// and not http:// . 
Thursday, February 05, 2009 by
Ivan
, under
Week 4
The Internet is a worldwide, publicly accessible series of interconnected computer networks that transmit data by packet switching using the standard Internet Protocol (IP).Nowadays, peoples rely on computers to create, store and manage critical information through the internet. Consequently, it is important for users to aware that computer security plays a major role in protecting their data from loss, damage, or even misuse. Similarly, online security has been online trader’s main concern in protecting their websites from potential threats, such as phishing, security hacking, information theft, virus, worms and etc. Besides that, there are also a lot of hackers trying to hack others pc and personal file or even photos.
However, the increasingly developed technologies have increased the risk every computer user faced. Everyone who owns a computer with internet connection is able to equip themselves with ‘hacking’ knowledge by making some research online through the internet. Anyone from the each part of the world may also be able to learn the skills that to hack another persons personal documents or others companies confidential documents.
Many computer users are facing the threats that appear in the internet, such as cybercrime, phishing, internet and network attacks for an example computer viruses, worms and Trojan horses and back doors.Below are the explanation of each threats,
i.)
Cybercrime is defined as
online or internet-based illegal acts. Hackers, crackers and corporate spies who have advanced computer and network skills access computers and networks illegally with the intent of destroying data, stealing proprietary data and information.
ii.)
Phishing is a scam in which a perpetrator sends an official looking e-mail that attempts
to obtain your personal information and financial information. For example, some phishing e-mail messages ask you to reply with your information, or a pop up window that looks like a website, that collects the information. The damages caused by phishing can be crucial. The following case illustrates potential threat caused by phishing.
iii.)
Virus is a Malicious software that
attaches itself to other software. For example, a patched software application in which the patch's algorithm is designed to implement the same patch on other applications, thereby replicating. It replicates within computer system, potentially attaching itself to every software application.
iv.)
Worm. It's a malicious software which is a
stand alone application. It's often designed to propagate through a network, rather than just a single computer. When your computer is infect of worm, computer will slow starting or slow running. It'll also face unexpected or frequent system failures.
v.)
Trojan Horse - It is a Worm which pretends to be a useful program or a Virus which is
purposely attached to a useful program prior to distribution. It's same as Virus or Worm, but also sometimes used to send information back to or make information available to perpetrator. Trojan unlike Worms, which self propagate, it's require user cooperation.It is the most famous worm in the internet nowadays and it will also steal your infomation from your pc through the internet.
In conclusion, risk of facing threats are become more common and dangerous. So safeguards developed must be always up to date to enhance the defenses against online security threats. In the same time, users must be educated and informed about the crucial damages and loss caused by imposing online security threats.If we prepare well before we online, we'll be secure and safe from internet threat.
In a digital age, it's hard to avoid that share your personal data such as password, bank account number, credit card number. Just because nowadays most companies are prefer doing everything online just because to save cost. Unfortunately, some companies are not put in place the necessary stringent policies and procedures needed for protect the personal data in order to ensure the it is secure.
Here are some measures can be take to safeguard our personal and financial data:
1. keep your personal and sensitive data off you computer:
Virus or spyware programs are impossible to with you personal data if we don't store it on your computer.Thus it's simple and very effective, just try the best to keep the sensitive data off your computer. If there is necessary to keep it in electronic format for easy access, just simply store the sensitive files to a flash drive and keep it in a safe place.
2. Avoid saving credit card info to the any unauthorised website:
Many website e-commerce website today are always give the option to save the credit card info, so that we are not compulsary to type in all the information while we want to buy something. It can prevent that if someone eventually does hack to the website database and download thousands of credit card number, it may cause you suffer loses unconciously.
3. Do not use the same password for every account on the internet:
Internet user are always using the same id and password at every website. If you do so, you are actually doing a favour for hacker. Once a hacker figures our one password, they'll go ahead and try to see ifit works on any other site. Thus it's better to make sure passwords are different and more complicated, try to throwing in a number with symbol at the end will make it need a hundreds of times hard for a person to crack the passwords.
4. Always think before providing information when solicited:
If you ever get an email that has a link in it that requires ANY personal information, make sure you go to the web site yourself manually by typing in the address. Half the time links in emails point to fake addresses with very close names. Also, if you post items on sites like eBay or Craigslist, you will always be bombarded by scams from Nigeria, etc that sound way too good to be true (like someone would actually pay more for your item than what you listed it at)!!! And just because a web site exists does not mean it it legitimate! If you’ve never heard of the site before, just type it into Google once and see if anything like “XXX IS A SCAM” pops up!
5. Make sure the URL is start from "https" instead of "http":
The S can make it difference!! You'll notice that when you buy something from Amazon or another big site, once you being to checkout, the URL always starts with a "https". This means that the communication between your computer and their server is secure and encryted. If someone tries to read the data as it travels across the Internet, they won't be able to understand or decipher it. If you’re buying something from a smaller site and they don’t have HTTPS, just call them and buy it. Not worth risking data passing unencrypted over the net.
The most famous application of 3rd party certification program in Malaysia is provided by the MSC Trustgate.com Sdn Bhd.
The objective of MSC Trustgate is to secure the open network communications from both locally and across the ASEAN region. Trustgate provide digital certification services such as digital certificates, cryptographic products and software development. The products and services of Trustgate are SSL Certificate, Managed PKI, Personal ID, MyTRUST, MyKAD ID, SSL VPN, Managed Security Services, VeriSign Certified Training and Application Development. The vision of Trustgate is to enable organizations to conduct their business securely over the internet, as much as what they have been enjoying in the physical world.
Digital certificate usually attach to an e-mail message or an embedded program in a web page that verifies that user or website is who they claim to be. The common functions of a digital certificate are user authentication, encryption and digital signatures. User authentication provides other security than using username and password. Its session management is stronger. Encryption can make the data transmission secured by using the information encrypted. The intended recipient of the data is only person to receive the message. Digital signatures are like the hand signature in the digital world. It can ensure the integrity of the data.
By using the digital certificate, the users will be able to make transaction on the internet without fear of having the personal data being stolen, information contaminated by third parties, and the transacting party denying any commercial commitment with the users. Furthermore, the digital certificates can assist the development of greater internet based activities.
(Click to enlarge)
(Click to enlarge)
(Click to enlarge)
