Phishing: Examples & Prevention

Phishing is a method that is used to get personal information for identity theft purposes.

How it happens
A phisher sends you an email or a message pretending to be from a friend, a bank or a government agency. The sender asks you to fill in or verify your personal information. Usually a link will be provided to lead you to a fake website to enter your information. Some even asks for verification with the reason being you are suspected to be a identity theft victim!

Some common phishing scams claim to be credit card companies or major retailers like eBay, PayPal, CitiBank, AOL and so on. E-mail headers can be forged easily, so do not believe what the email says just because of its headers. Here are some illustrations for eBay, Wesbanco Bank, and Chase Bank :

How to prevent
- Do not click on links or any attachments within the email message.
- Do not enter sensitive information in a pop-up screen because legitimate agencies or organizations do not do so.
- Do not surrender personal information to a caller claiming to be a company you deal with. You can always contact the company independently to check the legitimacy of the phone call.
- Review your bills and bank statements for unusual charges or withdrawals.
- Use strong and uncommon passwords for your accounts which are harder to guess.
- Ensure any online transactions carried out are on secure websites.
- Ensure antivirus software is always updated.

As Internet users, we should always be aware and take precautionary measures to protect our privacy and information confidentiality.

References:
http://www.utdallas.edu/ir/security/Phishing.htm

http://www.consumerfraudreporting.org/phishing.php

3rd Party Certification

A digital certificate is used to verify that a public key belongs to an individual who he or she claims to be. The third parties that issue these certificates are the certificate authorities (CA).

VeriSign is the best known CA which is based in California.
In Malaysia, MSC Trustgate.com Sdn Bhd is one example of a licensed Certification Authority under the Digital Signature Act 1997. Such CA provides digital certification services which include digital certificates, cryptographic products, and software development. They provide more secure open network communications, allowing organizations to conduct their businesses securely through the Internet.

One of the services that MSC Trustgate provided is VeriSign SSL Certificates. An SSL Certificate authenticates a website to its customers that they are dealing with a genuine site. It instills confidence in customers. VeriSign will review the credentials and check through all the background of organization to ensure the claims of organization before issuing any server certificate. The browser will verify its business purpose through ID automatically when browser connects to a legitimate site with VeriSign SSL Certificates. After that, information received by web visitor is identical to the encryption between browser and server and no modification has taken place.

Other applications of third party certification are Managed PKI, Personal ID, MyTRUST, MyKAD ID, SSL VPN, Managed Security Services, VeriSign Certified Training and Application Development.

Third party certification gives confidence to customers in communication and online business transactions.

References:

http://www.msctrustgate.com/product/ssl_id.htm

http://www.verisign.com/

http://www.msctrustgate.com/

Online security threats: How safe is our data?

Threats of online security have now become one of the biggest challenges on the Internet. Most security threats are done by opportunistic attackers on any small vulnerabilities.

The online security threats include:

1. Spyware Attacks
Spyware attacks are the most common online security threat faced by Internet users. Spyware is simply a computer program that is aimed to steal information from Internet user’s computer without their knowledge. Common spyware includes Trojan horses, dialers and adware programs. To prevent spyware attacks, we should scan all our files before downloading. Do not download softwares you have never heard of.
(Trojan horse: At first glance it appears to be useful software but it will actually do damage once installed or run on your computer. )

2. Windows remote access services
There are several systems providing remote access methods. Users are able to access personal information from other places also means that an attacker with the right tools can easily take over. It can be useful but it is also dangerous. Firewall protection should be installed to avoid unauthorized access by others.

3. File sharing applications
Often, computer users use file sharing programs to share files. Peer-to-peer (P2P) program is an easy way to share files where files are opened to other participants so that the information can be shared. However, this gives opportunities to hackers to access the computers easily. Most corporations do not use P2P networks since there is the risk of compromised data.

4. Mail client
Hackers use emails to spread viruses and worms by including them as attachments in emails. Delete suspicious files immediately to prevent mail client attacks.

5. Instant messaging (IM)
Most corporations block employees from using IM because it can bring technical threats and lost productivity. File transfers can expose the system to attacks.

References:
http://www.tech-faq.com/online-security-threats.shtml

http://www.wisegeek.com/what-are-the-primary-online-security-threats.htm

How to safeguard our personal and financial data?

Nowadays, online shopping is a common and easy way to buy and sell things through the Internet. But how do we safeguard our personal and financial data in the process of conducting online transactions? In e-commerce, there is alwayas the risk of personal information being stolen by seller or third party that can benefit from these information. So ways of safeguarding personal information will be the important issue that we have to consider in the process of e-commerce.

Always shop at a secure website. A secure website will have encryption technology. Encryption scrambles the information that a person sends through the website such as credit card number and only the authorized person can unscramble the information to continue the transaction. This can prevent third party from accessing the information from the website and even if they managed to obtain it, it is still in an unscrambled form which is meaningless.

After placing an online order, remember to always print a copy of your order. It should include customer information, product information and the confirmation number. You should also print out a copy of the website that described your order that includes the company name, phone number, postal address and legal terms as evidence when you want to return the product under a warranty policy.

Another important thing is to keep your password private. It is strongly recommended to have a credit card that is specially for online transaction use. Most of the reputable websites will require you log in before placing your order. They usually require a user name and password. Never use commonly known information when selecting a password such as birth date, identity card number or phone number. A good and secure password should include both numbers and letters.

Reference:

http://www.privacyrights.org/fs/fs23-shopping.html