Thursday, June 25, 2009

Phishing


Phishing is defined as means of getting private information from user of a particular website by faking authentic website of reputable organizations.

It usually obtain access when it send emails to user and required them to update personal information such as bank accounts, passwords, credit card number, and etc just to name a few. By imitating those reputable organization such as renowed banks, insurance company and etc which usually need user to filled their personal information.
Phishing does this by mimicking other organization;s HTML code, leading to creating mirror website of the organization. Even one is fully equiped with IT knowledge, it cannot ensure that user can detect authenticfication of the website as their are lack of knowledge regarding Phishing.
Recently cases of citizen being lured into withdrawing money to third party account is being reported. The victim received email from reputable bank requested updating of personal information due to inactivation for a period of time. Unexpectedly victim Tey did not suspect anything amiss due to the similarity between the scam website and the reputable bank website.
Following the requested order, he insert all relevant information but realised his account money was being siphoned when bank's management informed him.
Sources from Thestaronline.


In the below, image is example of Phishing used in luring user.


As shown in the image above, link which is being circled will direct user to mirror website of CitiBank, information will be directed to scammer website instead of CitiBank. User being ignorant will only lead to money being forked out of their accounts where it will be too late when they realise.


Being organization that targeted by the phishing issue, Maybank has provided some tips on how to recognize a phishing site which have the conditions as below,
  • phone call/email or sms that asking for personal security information

  • email link will usually is a unsecure login site which url begin with http where secured login site url should begin with https

  • phishing url usually may contain misspelled words compared to the orginal name

Besides, there are several tips to minimize the phishing threat too

  • never trust any phone call

  • if wanna update personal information, go directly to the company website rather than clicking on directed link

  • do not trust random URL or fill in personal information on random website

0 comments:

Post a Comment