SlideShare uma empresa Scribd logo

Phishing

Transferir como PPT, PDF
Jayaseelan Vejayon
Jayaseelan Vejayon

Phishing - An Intro by Jayaseelan Vejayon

1 de 18
PHISHING An introduction by Jayaseelan Vejayon
So…what is phishing? • type of deception • designed to steal your valuable personal data – credit card numbers – passwords – account data – other important personal information
The history  Phreaking + Fishing = Phishing - Phreaking = making phone calls for free back in 70’s - Fishing = Use bait to lure the target Phishing in 1995 Target: AOL users Purpose: getting account passwords for free time Threat level: low Techniques: Similar names ( www.ao1.com for www.aol.com ), social engineering
The history (cont’d)  Phishing in 2001 Target: Ebayers and major banks Purpose: getting credit card numbers, accounts Threat level: medium Techniques: Same in 1995, keylogger  Phishing in 2007 Target: Paypal, banks, ebay Purpose: bank accounts Threat level: high Techniques: browser vulnerabilities, link obfuscation
A bad day phishin’, beats a good day workin’ • 2,000,000 emails are sent • 5% get to the end user – 100,000 (APWG) • 5% click on the phishing link – 5,000 (APWG) • 2% enter data into the phishing site –100 (Gartner) • $1,200 from each person who enters data (FTC) • Potential reward: $120,000 In 2005 David Levi made over $360,000 from 160 people using an eBay Phishing scam
Don't fall prey to online banking scams The Star Online Date: 19 February 2011 PETALING JAYA: Internet users must ensure they install all necessary updates and use a reputable anti-virus software so they don't fall prey to online banking scams. HSBC Bank Malaysia Berhad general manager for personal financial services, Lim Eng Seong, said the number of Malaysians opting for online banking was increasing. "Most banks offer safety advice on the login page of their e-banking websites to warn users about the existence of such scams,"he said. Whenever there is a report of a scam, the bank immediately contacts Cyber Security Malaysia's Computer Emergency Response Team (CERT) to remove the phishing website. "For phishing websites operating from outside the country, we seek the assistance of the country's local CERT team to shut down the website,"he said. Travel agent Safura Mokhtar, 41, recently became a victim of a phishing scam. She lost RM4,600 but the local bank refused to offer her a refund although she was quick to report the incident. She had received an e-mail, claiming to be from the bank, in November last year. "The e-mail stated that I needed to log in immediately to update my contact information for security purposes,"said Safura who unsuspectingly clicked on the link provided. "I am new to online banking and I was not aware that such scams existed,"said Safura who later received a text message from the bank informing her that money had been transferred out of her account. She received a letter from the bank a week later informing her that they could not compensate her for her losses. She was then referred to the Financial Mediation Bureau (FMB) which told her investigations would take up to six months. "Cases of online banking scams in Malaysia have been increasing since the first such case was registered in 2005,"said FMB CEO John Thomas. Statistics from FMB showed that the number of cases had increased from only 46 in 2008 to 163 in 2010. On the chances of victims getting their money back, Thomas said that of the 163 cases last year, only 51 victims managed to get part or all of their money back. A check with Bank Negara showed that as of December last year, there were 9.8 million e-banking account holders in the country.
Travel agent Safura Mokhtar, 41, recently became a victim of a phishing scam. She lost RM4,600 but the local bank refused to offer her a refund although she was quick to report the incident. She had received an e-mail, claiming to be from the bank , in November last year. "The e-mail stated that I needed to log in immediately to update my contact information for security purposes,"said Safura who unsuspectingly clicked on the link provided. "I am new to online banking and I was not aware that such scams existed ,"said Safura who later received a text message from the bank informing her that money had been transferred out of her account. She received a letter from the bank a week later informing her that they could not compensate her for her losses. She was then referred to the Financial Mediation Bureau (FMB) which told her investigations would take up to six months. "Cases of online banking scams in Malaysia have been increasing since the first such case was registered in 2005,"said FMB CEO John Thomas.
What Does a Phishing Scam Look Like? As scam artists become more sophisticated, so do their phishing e-mail messages and pop-up windows They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites
Phishing Techniques • Employ visual elements from target site • DNS Tricks: –www.ebay.com.kr –www.ebay.com@192.168.0.5 –www.gooogle.com • Certificates –Phishers can acquire certificates for domains they own –Certificate authorities make mistakes
Spear-Phishing: Improved Target Selection • Socially aware attacks  Mine social relationships from public data  Phishing email appears to arrive from someone known to the victim  Use spoofed identity of trusted organization to gain trust  Urge victims to update or validate their account  Threaten to terminate the account if the victims not reply  Use gift or bonus as a bait  Security promises • Context-aware attacks “Your bid on eBay has won!” “The books on your Amazon wish list are on sale!”
An example
How To Tell If An E-mail Message is Fraudulent Here are a few phrases to look for "Verify your account."Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail. If you receive an e-mail from anyone asking you to update your credit card information, do not respond: this is a phishing scam. "If you don't respond within 48 hours, your account will be closed."These messages convey a sense of urgency so that you'll respond immediately without thinking. Phishing e-mail might even claim that your response is required because your account might have been compromised.
How To Tell If An E-mail Message is Fraudulent (cont’d) "Dear Valued Customer."Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name. "Click the link below to gain access to your account."HTML- formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company's name and are usually “masked”, meaning that the link you see does not take you to that address but somewhere different, usually a phony Web site.
How To Tell If An E-mail Message is Fraudulent (cont’d) Con artists also use Uniform Resource Locators (URLs) that resemble the name of a well-known company but are slightly altered by adding, omitting, or transposing letters. For example, the URL "www.microsoft.com" could appear instead as: •www.micosoft.com •www.mircosoft.com •www.verify-microsoft.com
How do I avoid from becoming a victim … Never respond to an email asking for personal information Always check the site to see if it is secure. Call the phone number if necessary Never click on the link on the email. Retype the address in a new window Keep your browser updated Keep antivirus definitions updated P.S: Always shred your home Use a firewall documents before discarding them.
Thank you

Recomendados

How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Preventionsonalikharade3
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Phishing
PhishingPhishing
PhishingHHSome
 
Phishing
PhishingPhishing
PhishingSagar Rai
 

Recomendados

How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Preventionsonalikharade3
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Phishing
PhishingPhishing
PhishingHHSome
 
Phishing
PhishingPhishing
PhishingSagar Rai
 
Phishing attack
Phishing attackPhishing attack
Phishing attackRaghav Chhabra
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentationBokangMalunga
 
Phishing
PhishingPhishing
PhishingSaurabhKantSahu1
 
Phishing
PhishingPhishing
PhishingSouganthikaSankaresw
 
Phising
PhisingPhising
PhisingSayantan Sur
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Phishing Awareness
Phishing Awareness Phishing Awareness
Phishing Awareness mphadden
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber securitySlamet Ar Rokhim
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Phishing
PhishingPhishing
PhishingAlka Falwaria
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
Phishing and prevention
Phishing and preventionPhishing and prevention
Phishing and preventionStephen Hasford
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineeringn|u - The Open Security Community
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threatsourav newatia
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringSpencerBurton8
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on PhishingCreative Technology
 
Phishing
PhishingPhishing
PhishingSyahida
 

Mais conteúdo relacionado

Mais procurados

P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentationBokangMalunga
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Phishing Awareness
Phishing Awareness Phishing Awareness
Phishing Awareness mphadden
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber securitySlamet Ar Rokhim
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threatsourav newatia
 

Mais procurados (20)

Phishing attack
Phishing attackPhishing attack
Phishing attack
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentation
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
Phising
PhisingPhising
Phising
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
 
Phishing Awareness
Phishing Awareness Phishing Awareness
Phishing Awareness
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber security
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
Phishing
PhishingPhishing
Phishing
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
 
Phishing and prevention
Phishing and preventionPhishing and prevention
Phishing and prevention
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threat
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 

Destaque

Phishing
PhishingPhishing
PhishingSyahida
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORTvineetkathan
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Er. Rahul Jain
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing AttacksJagan Mohan
 
Nuova ECDL - Modulo 5 - IT Security
Nuova ECDL - Modulo 5 - IT SecurityNuova ECDL - Modulo 5 - IT Security
Nuova ECDL - Modulo 5 - IT SecurityNino Lopez
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An IntroductionJayaseelan Vejayon
 
Spoofing Techniques
Spoofing TechniquesSpoofing Techniques
Spoofing TechniquesRaza_Abidi
 
Phishing
PhishingPhishing
Phishingdefquon
 
Power point phishing (Modificación 21/05)
Power point phishing (Modificación 21/05)Power point phishing (Modificación 21/05)
Power point phishing (Modificación 21/05)delictes
 

Destaque (20)

A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on Phishing
 
Phishing
PhishingPhishing
Phishing
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORT
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
 
Phishing
PhishingPhishing
Phishing
 
Intro phishing
Intro phishingIntro phishing
Intro phishing
 
Phishing
PhishingPhishing
Phishing
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
 
Spoofing
SpoofingSpoofing
Spoofing
 
Spoofing
SpoofingSpoofing
Spoofing
 
Nuova ECDL - Modulo 5 - IT Security
Nuova ECDL - Modulo 5 - IT SecurityNuova ECDL - Modulo 5 - IT Security
Nuova ECDL - Modulo 5 - IT Security
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
 
Spoofing Techniques
Spoofing TechniquesSpoofing Techniques
Spoofing Techniques
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
Power point phishing (Modificación 21/05)
Power point phishing (Modificación 21/05)Power point phishing (Modificación 21/05)
Power point phishing (Modificación 21/05)
 

Semelhante a Phishing

Information security training Phishing
Information security training PhishingInformation security training Phishing
Information security training PhishingAtl Edu
 
PhishingandPharming
PhishingandPharmingPhishingandPharming
PhishingandPharmingDawn Hicks
 
Internet Fraud #scichallenge2017
Internet Fraud #scichallenge2017Internet Fraud #scichallenge2017
Internet Fraud #scichallenge2017Alexandru Turcu
 
IDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUIDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUBilly Warero
 
IS Presetation.pptx
IS Presetation.pptxIS Presetation.pptx
IS Presetation.pptxTanvir Amin
 
Spam & Phishing
Spam & PhishingSpam & Phishing
Spam & PhishingGrittyCC
 
Cyber security ATTACK on Retired Personnel, MITIGATION and Best Practices
Cyber security ATTACK on Retired Personnel, MITIGATION and Best PracticesCyber security ATTACK on Retired Personnel, MITIGATION and Best Practices
Cyber security ATTACK on Retired Personnel, MITIGATION and Best PracticesOluwatobi Olowu
 
10 tips to prevent phishing attacks
10 tips to prevent phishing attacks10 tips to prevent phishing attacks
10 tips to prevent phishing attacksNamik Heydarov
 
3 pervasive phishing scams
3 pervasive phishing scams3 pervasive phishing scams
3 pervasive phishing scamsSafeSpaceOnline
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)aleeya91
 
Unit 3 - Cyber Crime.pptx
Unit 3 - Cyber Crime.pptxUnit 3 - Cyber Crime.pptx
Unit 3 - Cyber Crime.pptxssuserb73103
 

Semelhante a Phishing (20)

Phishing-Updated
Phishing-UpdatedPhishing-Updated
Phishing-Updated
 
phishing technique.pptx
phishing technique.pptxphishing technique.pptx
phishing technique.pptx
 
Information security training Phishing
Information security training PhishingInformation security training Phishing
Information security training Phishing
 
PhishingandPharming
PhishingandPharmingPhishingandPharming
PhishingandPharming
 
Internet Fraud #scichallenge2017
Internet Fraud #scichallenge2017Internet Fraud #scichallenge2017
Internet Fraud #scichallenge2017
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
IDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUIDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOU
 
IS Presetation.pptx
IS Presetation.pptxIS Presetation.pptx
IS Presetation.pptx
 
Security-Awareness-Training.pptx
Security-Awareness-Training.pptxSecurity-Awareness-Training.pptx
Security-Awareness-Training.pptx
 
Phishing
PhishingPhishing
Phishing
 
Spam & Phishing
Spam & PhishingSpam & Phishing
Spam & Phishing
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishing
 
Phis
PhisPhis
Phis
 
Cyber security ATTACK on Retired Personnel, MITIGATION and Best Practices
Cyber security ATTACK on Retired Personnel, MITIGATION and Best PracticesCyber security ATTACK on Retired Personnel, MITIGATION and Best Practices
Cyber security ATTACK on Retired Personnel, MITIGATION and Best Practices
 
10 tips to prevent phishing attacks
10 tips to prevent phishing attacks10 tips to prevent phishing attacks
10 tips to prevent phishing attacks
 
3 pervasive phishing scams
3 pervasive phishing scams3 pervasive phishing scams
3 pervasive phishing scams
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)
 
S_A_T.pptx
S_A_T.pptxS_A_T.pptx
S_A_T.pptx
 
Unit 3 - Cyber Crime.pptx
Unit 3 - Cyber Crime.pptxUnit 3 - Cyber Crime.pptx
Unit 3 - Cyber Crime.pptx
 
Phishing Technology
Phishing TechnologyPhishing Technology
Phishing Technology
 

Phishing

  • 2. So…what is phishing? • type of deception • designed to steal your valuable personal data – credit card numbers – passwords – account data – other important personal information
  • 3. The history  Phreaking + Fishing = Phishing - Phreaking = making phone calls for free back in 70’s - Fishing = Use bait to lure the target Phishing in 1995 Target: AOL users Purpose: getting account passwords for free time Threat level: low Techniques: Similar names ( www.ao1.com for www.aol.com ), social engineering
  • 4. The history (cont’d)  Phishing in 2001 Target: Ebayers and major banks Purpose: getting credit card numbers, accounts Threat level: medium Techniques: Same in 1995, keylogger  Phishing in 2007 Target: Paypal, banks, ebay Purpose: bank accounts Threat level: high Techniques: browser vulnerabilities, link obfuscation
  • 5. A bad day phishin’, beats a good day workin’ • 2,000,000 emails are sent • 5% get to the end user – 100,000 (APWG) • 5% click on the phishing link – 5,000 (APWG) • 2% enter data into the phishing site –100 (Gartner) • $1,200 from each person who enters data (FTC) • Potential reward: $120,000 In 2005 David Levi made over $360,000 from 160 people using an eBay Phishing scam
  • 6.
  • 7. Don't fall prey to online banking scams The Star Online Date: 19 February 2011 PETALING JAYA: Internet users must ensure they install all necessary updates and use a reputable anti-virus software so they don't fall prey to online banking scams. HSBC Bank Malaysia Berhad general manager for personal financial services, Lim Eng Seong, said the number of Malaysians opting for online banking was increasing. "Most banks offer safety advice on the login page of their e-banking websites to warn users about the existence of such scams,"he said. Whenever there is a report of a scam, the bank immediately contacts Cyber Security Malaysia's Computer Emergency Response Team (CERT) to remove the phishing website. "For phishing websites operating from outside the country, we seek the assistance of the country's local CERT team to shut down the website,"he said. Travel agent Safura Mokhtar, 41, recently became a victim of a phishing scam. She lost RM4,600 but the local bank refused to offer her a refund although she was quick to report the incident. She had received an e-mail, claiming to be from the bank, in November last year. "The e-mail stated that I needed to log in immediately to update my contact information for security purposes,"said Safura who unsuspectingly clicked on the link provided. "I am new to online banking and I was not aware that such scams existed,"said Safura who later received a text message from the bank informing her that money had been transferred out of her account. She received a letter from the bank a week later informing her that they could not compensate her for her losses. She was then referred to the Financial Mediation Bureau (FMB) which told her investigations would take up to six months. "Cases of online banking scams in Malaysia have been increasing since the first such case was registered in 2005,"said FMB CEO John Thomas. Statistics from FMB showed that the number of cases had increased from only 46 in 2008 to 163 in 2010. On the chances of victims getting their money back, Thomas said that of the 163 cases last year, only 51 victims managed to get part or all of their money back. A check with Bank Negara showed that as of December last year, there were 9.8 million e-banking account holders in the country.
  • 8. Travel agent Safura Mokhtar, 41, recently became a victim of a phishing scam. She lost RM4,600 but the local bank refused to offer her a refund although she was quick to report the incident. She had received an e-mail, claiming to be from the bank , in November last year. "The e-mail stated that I needed to log in immediately to update my contact information for security purposes,"said Safura who unsuspectingly clicked on the link provided. "I am new to online banking and I was not aware that such scams existed ,"said Safura who later received a text message from the bank informing her that money had been transferred out of her account. She received a letter from the bank a week later informing her that they could not compensate her for her losses. She was then referred to the Financial Mediation Bureau (FMB) which told her investigations would take up to six months. "Cases of online banking scams in Malaysia have been increasing since the first such case was registered in 2005,"said FMB CEO John Thomas.
  • 9. What Does a Phishing Scam Look Like? As scam artists become more sophisticated, so do their phishing e-mail messages and pop-up windows They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites
  • 10. Phishing Techniques • Employ visual elements from target site • DNS Tricks: –www.ebay.com.kr –www.ebay.com@192.168.0.5 –www.gooogle.com • Certificates –Phishers can acquire certificates for domains they own –Certificate authorities make mistakes
  • 11. Spear-Phishing: Improved Target Selection • Socially aware attacks  Mine social relationships from public data  Phishing email appears to arrive from someone known to the victim  Use spoofed identity of trusted organization to gain trust  Urge victims to update or validate their account  Threaten to terminate the account if the victims not reply  Use gift or bonus as a bait  Security promises • Context-aware attacks “Your bid on eBay has won!” “The books on your Amazon wish list are on sale!”
  • 13.
  • 14. How To Tell If An E-mail Message is Fraudulent Here are a few phrases to look for "Verify your account."Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail. If you receive an e-mail from anyone asking you to update your credit card information, do not respond: this is a phishing scam. "If you don't respond within 48 hours, your account will be closed."These messages convey a sense of urgency so that you'll respond immediately without thinking. Phishing e-mail might even claim that your response is required because your account might have been compromised.
  • 15. How To Tell If An E-mail Message is Fraudulent (cont’d) "Dear Valued Customer."Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name. "Click the link below to gain access to your account."HTML- formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company's name and are usually “masked”, meaning that the link you see does not take you to that address but somewhere different, usually a phony Web site.
  • 16. How To Tell If An E-mail Message is Fraudulent (cont’d) Con artists also use Uniform Resource Locators (URLs) that resemble the name of a well-known company but are slightly altered by adding, omitting, or transposing letters. For example, the URL "www.microsoft.com" could appear instead as: •www.micosoft.com •www.mircosoft.com •www.verify-microsoft.com
  • 17. How do I avoid from becoming a victim … Never respond to an email asking for personal information Always check the site to see if it is secure. Call the phone number if necessary Never click on the link on the email. Retype the address in a new window Keep your browser updated Keep antivirus definitions updated P.S: Always shred your home Use a firewall documents before discarding them.