Phishing is a broadly launched social engineering attack in which designed to theft the user electronic identity such as credit card numbers, username, passwords, account data, or other valuable information. In another word, phishing referred to as brand spoofing or carding, is a variation on ‘fishing’, users are lured to disclose confidential information to someone who pretends to be from the reliable source.
Phishing is the criminally fraudulent process by blast emails to a mass audience in their malicious attempt to bait the users to enter details at a fake website. Typically phishing message will appear to come from local financial institutions, paypal, ebay, and amazon , that the legitimate organization already has. They often include official-looking logos from real organizations and other identifying information taken directly from legitimate web sites.
How phishing work?
Phishing is the criminally fraudulent process by blast emails to a mass audience in their malicious attempt to bait the users to enter details at a fake website. Typically phishing message will appear to come from local financial institutions, paypal, ebay, and amazon , that the legitimate organization already has. They often include official-looking logos from real organizations and other identifying information taken directly from legitimate web sites.
How phishing work?
- The fraudulent email states that the users should update their personal information for one reason or another, and they usually provide a link that the users can click to do so. This all sounds reasonable and it may look legitimate, but phishing scams are anything but legitimate. The link provided does not take the users to that particular financial institution’s website. Instead, the users redirect to the perpetrator website that run by the scammers which is fake so that it looks similar to the original website.
- The phishing email usually will state that they can’t verify the users’ information or require the users to update their latest personal information or verify their account within 48 hours.
The following is examples of what a phishing scam e-mail message might look like:
1) Example phishing email from Maybank
2) Example phishing email from ebay
3) Example phishing website from CIMB
4) Example phishing website from mircosoft
Prevention Methods:
1) Example phishing email from Maybank
2) Example phishing email from ebay
3) Example phishing website from CIMB
4) Example phishing website from mircosoft
Prevention Methods:
- Using anti-virus and anti-spyware software, as well as a firewall and spam filter.
Some phishing emails may contain danger software that can harm your computer or theft your identity information without your knowledge. By using anti-virus software and a firewall can protect your computer from inadvertently accepting or block such danger files. Remember keep update them regularly.
- Avoid clicking on links within emails that request for your personal information.
The scammers will use links to lure users to enter into fake Web sites that looks similar with real sites of the company they’re impersonating. The user’s confidential data will be theft if users follow the instructions and enter their private information on the Web site. Be aware of it and make sure the email is really sent and directly call from the company. In addition, users can directly go to that company’s legal web site, thus can prevent this type of fraud happen.
- Don’t email your personal or financial information.
Email is not a secure method of transmitting personal information especially high confidential and financial information. If you initiate a transaction and want to provide your personal or financial information through an organization’s website, look for lock icon on the browser’s status bar or a URL for a website and make sure that begins with “https:” The “s” refers to as “secure”. Do not proceed your transaction if it is not an “https” website.
- Do not click or enter your personal information in a pop-up screen, ignore it. Users should Install pop-up blocking software to help prevent this type of phishing attack.
Sometimes a phisher will really direct users to a real company’s, Web site, however an unauthorized pop-up screen created by the scammer will appear, with blanks in which require the users provide their personal information. It is such a way the scammer designing to lure the users to enter their private data without any suspension. The legal company normally won’t ask their customer to enter their information via the pop up screen. To prevent of this, user can install pop-up blocking software to help prevent this type of phishing attack.
- Users are suggested to use a strong password and keep changing it to avoid the unauthorized access to your account.
What you should do if you get hooked by a phishing scam?
Users can forward the phishing emails to spam@uce.gov and to the company, bank, or organization impersonated in the phishing email. Users also can report phishing email to MyCert. If you've been scammed, visit the Cyeber Security Malaysia website http://www.cybersecurity.my/en/
Users can forward the phishing emails to spam@uce.gov and to the company, bank, or organization impersonated in the phishing email. Users also can report phishing email to MyCert. If you've been scammed, visit the Cyeber Security Malaysia website http://www.cybersecurity.my/en/
No comments:
Post a Comment