Jururawat Masyarakat

Fraudsters use a method known as phishing to send e-mail or instant message spam that looks like messages coming from reputable companies such as banks and auction sites. The forged message is trying to entice you to click a link on a Web page or in a pop-up window. If you click on the link, it could download a virus or lead you to a situation where you are asked to key in confidential information. There has been an increase in reported cases of phishing scams over the years and the techniques used are becoming also becoming more sophisticated, therefore it is important that we to know how to recognise and prevent from phishing activities.

Tips for safe Online Banking:


Keep your password and PIN code safe, and change them regularly. If you conduct transactions in a number of websites, use different passwords for each. Create unique passwords that are difficult to guess, e.g. use combination of letters and numbers.

How do you know the website is secured? Look at the status bar for the icon when you visit the bank site.

Be sure that the email attachments before you open are from trusted sources. Do not respond to emails asking for personal information, login information or change password notification via email. If not sure of the correspondence, contact the bank.

Never click on the link in email messages. Manually key-in URL address into the browser’s address bar.

Use an antivirus, anti-spyware and firewall program that is popular and well supported by the vendor. Ensure the programs are up-to-date and frequently updated.

Install or enable security updates for your operating system.

Memorize your password and if possible, do not write it down anywhere. Report identity theft or any suspicious activity immediately to the bank.

If you decide to go to other websites linked via your internet banking website, read the privacy and policy information of that website first, before conducting any transaction.

Check your account balances regularly to ensure that no fraudulent withdrawal has taken place.

If your bank account has been compromised, act fast and inform the bank, and the Cyber security authority.

When visiting your online banking site, check that the Date and Time matches the date and time when you last signed in.

Use Web browsers that uses strong encryption (128bit encryption) – For Windows systems - Firefox 1.0, IE 5.5 and NN7.2, For Apple Macintosh OS 10.2 - Apple Safari 2.0, Firefox 1.0.



Are You a Victim? Look out for these signs:

It is known that phishers always come out with new phishing tactics to lure their victims, therefore you should learn to observe some of the signs. Phishing activities are mostly carried out via email and websites. Phishing via email usually involves fraudulent email that looks like a legitimate email, usually asking you to either update or verify your online account. A phishing website can have similar look and features as a legitimate website. Therefore it is important that you learn to tell the differences between phishing email/website and the real email/website. The consequences of not being able to identify could lead you to identity theft and financial losses.


Phishing Email
Common phrases usually used by phishers in phishing emails:

“Verify your account” - a trick to gain your online account information such as your account number and password

“If you don’t’ respond within 24 hours, your account will be deleted” - an urgent message to seek for quick action

“Dear Valued Customer” or “Dear Customer” - a general salutation instead of addressing specific customer

“Click the link below to update your account information” – a trick to direct you to a phishing website

“Please provide your username and password” - a trick to gain your username and password

“You have won…” – a trick to gain your trust and cooperation to follow instruction in email

Phishing Website
Common tactics used in phishing website:

Genuine looking front page and content. Some may even have legitimate logo taken from the real website.


URL that looks similar to legitimate URL. Example: URL ‘www.abcbank.com.my’ could appear as ‘www.abcdbank.com.my

Fake URLs are masked to trick you into thinking that you are accessing a real website

Use of the names and official-looking logo of real company or financial institutions

Use of fake forms to collect your information look real and official

Use of fake pop-up window to collect your account information with actual legitimate website opened in the background



How to Protect Your Web Browser from Phishing?

You can use anti-phishing programs or toolbars to defeat phishing. There are dozens of such programs and tools you can download freely to help combat phishing scams. These tools usually come in the form of web browser extensions, plug-ins or toolbars. The following are some links for information and downloads on anti-phishing tools and web browser plugins:


Mozilla Firefox 2 Phishing Protection
http://www.mozilla.com/en-US/firefox/phishing-protection/


Click here to view video clip on Mozilla Firefox 2 Phishing Protection

Microsoft Phishing Filter
http://www.microsoft.com/protect/products/ yourself/phishingfilter.mspx

Click here to view video clip on Microsoft Phishing Filter

Netcraft Anti-Phishing Toolbar
http://toolbar.netcraft.com/