Saturday, May 22, 2010

Phishing Scams Technique


reminder : I'm not a professional analyst, I did analyse this based on limited knowledge that I gained through reading.

I'm going to write my first description regarding to Phishing Scams.

Phishing is defined as a way to trick computer users into revealing personal or financial information through a fraudulent e‑mail message or website. A common online phishing scam starts with an e‑mail message that looks like an official notice from a trusted source, such as a bank, credit card company, or reputable online merchant. In the e‑mail message, recipients are directed to a fraudulent website where they are asked to provide personal information, such as an account number or password. This information is then usually used for identity theft. (source Windows Help and Support)

Recently, I received an email from "Maybank Group", informing me that my account was flagged by their "security team". Then, I have to provide them the additional information in order to restore the full access. (I don't even have any Maybank account, what the heck is this?)

The hyperlinks "bolded" redirects to another spoofed website, instead of the link above. 

Then, it will redirect to this spoofed page. 

The original website actually looks like this :

Can you spot the differences? Yeah I guess you can! 

The icon also looks suspicious. (Left : fake, Right : original)

Once the victim typed his login credentials, it will be sent to the creator of this spoofed website. Be careful! This is the technique of phishing! Then I typed any random username and password in the boxes, then it opened this page (maybe it looks similar as the valid Maybank site, I don't have any account, and I have no idea how does it look like) :

It asked me for my email address and telephone number. Other links such as"Home,Accounts and Banking, and etc" are not working!

Then I put again, all the false information in order to trick them back as a revenge :)

and then, it asked me for the TAC number :

With the randomized TAC that I've entered, it proceeded to this page :

It informed me that I have updated my account successfully and their "mission" had "accomplished" successfully. When I clicked the log out button, it opened to the valid log out page at the Maybank site :

These are the tricks of email scamming and internet phishing with spoofed webpage. Phishing can put your privacy in risk, and you may suffer from a major loss!
Prevention method? So easy! 

1. Make sure your URL is valid. If it's suspicious, DON'T provide your login credentials. Kindly, help to report the suspicious site.

2. Use an up-to-date anti-virus with internet security solution. 

3. Install any updates from Microsoft.
4. Use/install any security updates for Internet browsers. 

5. REMEMBER your login credentials instead of jotting it down to a piece of paper!

6. Avoid from accessing your online banking account with  probably infected computers. Some viruses and trojans are designed to spy and harvest your confidential data. 

BEWARE of Phishing scams and their techniques. I have revealed some of their tricky techniques in obtaining victims' confidential data. I'm uttermostly sorry for writing this messily. I'm a newbie, still learning on how to write, analyze, based on my reading. I hope you'll get the point. 

Share this post
  • Share to Facebook
  • Share to Twitter
  • Share to Google+
  • Share to Stumble Upon
  • Share to Evernote
  • Share to Blogger
  • Share to Email
  • Share to Yahoo Messenger
  • More...

0 spam(s)

:) :-) :)) =)) :( :-( :(( :d :-d @-) :p :o :>) (o) [-( :-? (p) :-s (m) 8-) :-t :-b b-( :-# =p~ :-$ (b) (f) x-) (k) (h) (c) cheer

© Arimi KimiWarrior
Designed by BlogThietKe Cooperated with Duy Pham
Released under Creative Commons 3.0 CC BY-NC 3.0
Posts RSSComments RSS
Back to top