Friday, June 20, 2008

Phishing: Examples and its prevention

Phishing is THEFT, which is the technique use to steal the personal identity and financial credentials such as credit card number, username or passwords. The process is using the combination of social engineering and technical subterfuge to gain the personal information for illegal purposes via e-mail and instant messages.

The more recent phishing is targeted on the e-bank user, online payment services and e-mail. The phishing will be send the messages or e-mail to the particular person that the consequences of if they fail to update their personal information or account immediately then their account will be in suspension. The Paypal, eBay and bank users will be the victims of phishing. The damages cause by the phishing is that the victims may incur the financial loss due to denial of access to the email.
There are three methods use to prevent the phishing such are block the site access, prevent spam entry and no cost phishing prevention. Block site access is the filtering and firewall prevents inbound and outbound traffic to site like spyware that can be preventing from phishing attacks.The Anti-Spam software can be use to analyses the mail contents and denial the delete the phishing mail. This type of software may stop most of the pubshing mail by spam filtering before it reaches to the users.The latest anti-phishing is that besides entry the passwords the user is require to choose the images or features to have the mutual authentication. Some of the cases in bank industry in US proved that this method is useful to prevent phishing.

The Application of 3rd Party Certification Programme in Malaysia

VeriSign is the trusted provider of an Internet infrastructure services for the digital world. Billions of times each day, companies and consumers rely on Internet infrastructure to communicate and conduct commerce with confidence.VeriSign offerings include SSL, SSL Certificates, identity protection, managed network security,etc.

VeriSign can help your company establish or improve customer trust by securing your Website for business. VeriSign offers the strongest security in the industry by securing information exchange between Web servers and clients, from server to server, and even among other networking devices such as server load balancers or SSL accelerators. VeriSign solutions can provide complete cross network security by protecting servers facing both the Internet and private intranet.


MSC Trustgate is the qualified licensed CA (Certification Authority) in Malaysia under the Digital Signature Act 1997 .The objectives of MSC Trustgate is to become leading provider of Internet Security and complement the aspiration of MSC into being a world class e-environment.
MSC Trustgate provides security solutions and online trust services to over 800 companies and organizations in the region to help build a secure network and application infrastructure for their electronic transactions and communications. The company's clientele include major banks, telecommunication companies and governments.

For example, Trustgate provides the services of MyKad PKI (My Key) .Malaysian government has put in place a smart National Identity Card (“MyKad”) for every citizen. MyKad with PKI capability allows its holder to conduct online transaction with government agencies and private sectors.MyKey, is the MyKad PKI solution that works with your physically MyKad, allowing you to authenticate yourself online and to digitally sign documents or transactions and is accepted by the Malaysian government.

How to Safeguard our personal and financial data?


As we know that data can be classified into few categories, such as personal, public, confidential, top-secret or other categories. The more sensitive the data, the more it needs to be protected. To avoid the important personal and financial data being stolen, the ways should be taken to safeguard our important data as at the following.

To ensure that we don’t fall prey to cyber fraud, we must set a password to protect our access, and such password must be long enough of numbers or letters and unique, so that it cannot be guessed by outsider and get access to the data.
Encryption key is the process of transforming information (plaintext) using an algorithm (cipher) to make it unreadable to anyone except those possessing special knowledge referred to as a key. It is similar to password and this can help prevent unintended disclosure even if the system has been compromised.

Beside that, we can install and update anti-virus programs and a firewall, to protect ourselves against Viruses and Trojan horses that may steal or modify the important data. Use legitimate anti-spyware program to scan the computer and remove any of spyware which hidden in software programs that affect the computer performance and give attackers to access to our data. In addition, to safeguard our top secret and sensitive information, we should use biometric system that identify a person by measurement of a biological characteristic, such as fingerprints, iris scanning, facial features or voice, all this scanning can be ensure that no unauthorized users to be access into our data or whatsoever.


Reference:
1. Six Ways to Safeguard Your Online Assets. (November, 2007).
http://finance.yahoo.com/banking-budgeting/article/103893/Six-Ways-to-Safeguard-Your-Online-Assets
2. Safeguarding Your Data. (March,2007).
http://www.msisac.org/awareness/news/2007-03.cfm

The threat of online security: How safe is out data?


Online security is important to anyone who uses the Internet; the related issues are complex and dynamic. Every unprotected online computer can be affected with the viruses, malware, adware, hackers’ attacks and Trojans. Web-based services, including social networks MySpace and Facebook, are becoming prime targets for hackers seeking your personal information.There are many security risks on internet that can lead you to serious financial loss, information theft and the attack on your computer.

As internet users display more of their personal information on social networking Web sites, and office workers upload more sensitive data to online software programs, computer hackers are employing increasingly sophisticated methods to pry that information loose. In many cases, they're devising small attacks that can fly under the radar of traditional security software, while exploiting the trust users place in popular business and consumer Web sites.

Furthermore, the names and contact information for tens of thousands of customers of Automatic Data Processing and SunTrust Banks were stolen from Salesforce.com, which provides online customer management software for those two companies. The incident occurred after a hacker tricked a sales force employee into disclosing a password.

The best way to overcome those problems is to use one of the many antivirus, antispyware, and firewall programs on the market; beside that also make that no anyone will ask for your password, account number, or other log-in information via e-mail or instant message.

References:
Design of Blogger Template | To Blogger by Blog and Web