Tuesday, February 3, 2009

Phishing : Examples and Its Preventation Methods

What is Phishing?
A phishing technique was described in detail in 1987, and the first recorded use of the term "phishing" was made in 1996.

Phishing or Web Forgery is the criminally fraudulent process of attempting to get information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

Phishing is typically carried out using email or an instant message. It often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

The following is an example of what a phishing scam e-mail message might look like:
Example of a phishing e-mail message including a deceptive URL address that linking to a scam Web site. To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site (1), but it actually takes the users to a phony scam site (2) or possibly a pop-up window that looks exactly like the official site.


Here are some of the Phishing Examples:

PayPal
PayPal is an online payment solution provider. We can receive funds and pay for products and services that we purchase on the web through PayPal.

In an example PayPal phish, spelling mistakes in the e-mail and the presence of an IP address in the link (visible in the tooltip under the yellow box) are both clues that this is a phishing attempt.
Another clue is the lack of a personal greeting. A legitimate PayPal communication will always greet the user with his or her real name, but not just with a generic greeting like, "Dear Accountholder."

eBay


This genuine looking email is a masquerade. When the receivers clicked on “respond”, they were directed to an exact clone of eBay and the personal information was stolen. These messages come in different styles and writings.
To prevent this, go manually to ebay.com and checkout the private messages whether real or not.


How to Prevent Phishing?

Here are some of the Phishing Preventation Methods

Train People to Recognize Phishing Attempts
One strategy for combating phishing is to train people to recognize phishing attempts, and to deal with them. One newer phishing tactic, known as spear phishing, has been harnessed to train individuals at various locations.

People can take steps to avoid phishing attempts by slightly modifying their browsing habits. When contacted about an account needing to be "verified", it is a sensible precaution to contact the company from which the e-mail apparently originates to check that the e-mail is legitimate.

Legitimate companies, agencies and organizations don’t ask for personal information via pop-up screens. If the users enter the information in a pop-up-screen, the information will go to the phisher. To help prevent this type of phishing attack, the users can install pop-up blocking software.

Protect Computer with Spam Filters, Phishing Filter, Anti-virus and Anti-spyware software, and a Firewall, and Keep Them Up to Date
A spam filter can help reduce the number of phishing emails you get. The spam filter product comparisons are available in the website: http://spam-filter-review.toptenreviews.com/
Anti-virus software and anti-spyware software, can protect the users against pharming and other techniques that phishers use.
Firewalls prevent hackers and unauthorized communications from entering the users' computer–which is especially important if the users have a broadband connection because the users' computer is open to the Internet whenever it’s turned on.

Only Open Email Attachments that are Expected and Know What They Contain
Even if the messages look like they came from people you know, they could be from scammers and contain programs that will steal your personal information.

Phishing and Malware Protection
Phishing and Malware Protection helps to keep the user safe online. These features will warn the users when they visit a page that has been reported as a Phishing pages or Web Forgery of a legitimate site.
For example, Internet Explorer 7 introduces a new notification area called the Security Status Bar. If a web site is a known phishing site the Address Bar turns red, and the Security Status Bar will appear.
References:
Posted by at No comments:

The application of 3rd party certification programme in Malaysia.

MSTrustgate.com Sdn Bhd is a licensed Certification Authority (CA) operating within the Multimedia Super Corridor. MSC Trustgate wa incorporated in 1999 to meet the growing need for secure open network communications and become the catalyst for the growth of e-commerce, both locally and across the ASEAN region. At present, MSC Trustgate has 12 million in paid up capital.

Trustgate is licensed under the Digital Signature Act 1997 (DSA), a Malaysia law that sets a global precedent for the mandate of a CA. As a CA, Trustgate’s core business is to provide digital certification services, including digital certificates, cryptographic products, and software development. They are committed to provide the finest Public Key Infrastructure (PKI) to assist all types of companies and institutions conducting their business over the Internet. The state of the art back-end infrastructure that costs RM 14 million is one of the best in the region.

Vision

Security is the primary concern of entering into the new Internet economy. The ever-changing paradigm of e-commerce requires a well-mandated security infrastructure. The vision of Trustgate is clear:

“To enable organizations to conduct their business ecurely over the Internet, as much as what they have been enjoying in the physical world.”



MSTrustgate offer complete security solutions and leading trust services that are needed by individuals, enterprises, government, and e-commerce service providers using digital certificates, digital signatures, encryption and decryption.

Products and services provided by MSTrustgate as follow:

  1. SSL Certificate
  2. Managed Public Key Infrastructure (MPKI)
  3. Digital ID for Secure Transactions, Documents & E-mails
  4. MyTRUST for Mobile Signature
  5. MyKad PKI (MyKey)
  6. SSL Virtual Private Network (SSL VPN)
  7. Managed Security Services
  8. Verisign Certified Training
  9. Application Development and System Integration
  10. Repository

Why do we need the ceritfication???

It an attachment to an electronic message used for security purposes. The most common use of a digital certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply.

An individual wishing to send an encrypted message applies for a digital certificate from a Certificate Authority(CA). The CA issues an encrypted digital certificate containing the applicant's public key and a variety of other identification information. The CA makes its own public key readily available through print publicity or perhaps on the internet.

The recipient of an encrypted message uses the CA's public key to decode the digital certificate attached to the message, verifies it as issued by the CA and then obtains the sender's public key and identification information held within the certificate. With this information, the recipient can send an encrypted reply.

The most widely used standard for digital certificates is X.509.


Related Links:
Posted by at No comments:

The threat of online security: How safe is our data?


The Internet is a global system of interconnected computer networks that interchange data by packet switching using the standardized Internet Protocol Suite (TCP/IP).
Nowadays, most of the people rely on computer to store, disseminate and manage the important data. But the users must beware that their data may be stolen, loss, or misused by other people through potential threats such as worms, computer viruses, trojan horse, security hacking, back doors and etc. Thus, the computer security plays a significant role in protecting users’ data. Internet security involves the protection of a computer's internet account and files from intrusion of an outside user.

Below are the types of internet threats:

WORMS

A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. It can destroy data and programs as well as disrupt or even halt the operation of computer network.

TROJAN HORSE


It is a software program that appears to be benign but then does something other than expected. Trojan Horse is not itself a virus because it does not replicate, but is often a way for viruses or other malicious code to be introduced into a computer system.




COMPUTER VIRUSES

A computer virus is a rogue software program that attaches itself to other software programs or data files in order to be executed, usually without user permission or knowledge. Most computer viruses deliver a “pay-load”. The pay-load must be relatively benign, such as the instructions to display a message or image or it may be highly destructive. Viruses typically spread from computer to computer when human takes an action such as sending e-mail or copying an infected file.

BACKDOORS

A backdoor is typically a password that known only to the attacker. It allows access to the system without having to go through any security. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device.

SECURITY HACKER


Hackers get the unauthorized access and use of networked computer systems. Illegal hackers frequently assault the internet and other networks to steal or damage data and programs. Hackers commit only electronic breaking and entering get access to a computer system, read some files, neither steal or damage anything.


There are various ways to prevent internet threat:
 => Employ Strong Passwords

=> Keep Software up to Date

=> Do not use piracy software

=> Delete all the cookies in the computer to prevent track on the history/password.

=> Always scan your computer with Anti-virus

=> Turn on your firewall to prevent hacker

=> Beware of Mail Attachments

In conclusion, risk facing by computer users is rising with the increasingly developed technology. Therefore, safeguards developed must be always up to date to enhance the defenses against online security threats.


References:
http://en.wikipedia.org/wiki/Internet
http://en.wikipedia.org/wiki/Computer_virus
http://en.wikipedia.org/wiki/Computer_worm
http://www.mailtrust.com/press-releases/2002/31



Posted by at No comments:

How to safeguard our personal and financial data?

Nowadays, Internet becomes a common tool for people to create, store and manage critical information. Information transmitted over the Internet is more vulnerable and has a higher degree of security risk because they are open to public. Anyone can see it. As a result there are important to us protect our data from loss, damage and misuse.

There has some suggestion for user to protect their personal and financial data:


Password protected

Username and passwords is the basic safeguard used to ensure security. Longer passwords are encourages. Once you select a password, change it frequently. Do not disclose it to anyone. Date of birth are not encourages. You should also be careful about where you save your password on your computer. Some dialog boxes, such as present an option to save or remember your password. Do not select that option.


Install and updated anti virus software and firewall

Install an antivirus program such as AVG antivirus or other more in order to protect yourself against viru

ses and Trojan horses that may steal or modify the data on your own computer. In order for the well protection, you must make sure to keep your virus definitions up to date. Firewall is a software program designed to allow good people in and keep bad people out. Nowadays, most of the new computers come with firewalls integrated into their operating systems.


Regular scan your computer for spyware and virus

Spyware or adware hidden in software programs may affect the performance of your computer and give attackers access to your data. Use an original anti-spyware and antivirus program to scan your computer regularly in order to remove any infected files in your computer.


Avoid accessing financial information in public

Prevent form logging on to check your bank balance when in the public place. For example in coffee shops that have provide wireless system. Although the systems are convenient but we do not know how powerful their firewalls are.


Biometric device

Biometric device is also a way to safeguard our personal and financial data. Biometric devices grant access to programs, computers, or rooms using computer analysis of some biometric identifier. Examples of biometric devices and systems include fingerprint scanners, hand geometry systems, face recognition systems, voice verification systems, signature verification systems and iris recognition systems. Biometric devices are gaining popularity as a security precaution as they are a virtually foolproof method of identification and authentication.


Related links:

1.http://www.us-cert.gov/cas/tips/ST06-008.html

Posted by at No comments:
Subscribe to: Comments (Atom)