Monday, February 21, 2011

How to Protect Yourself from Phishing


Got it from my company intranet and I think this is good to share with u all.  Yeah...as we aware, nowaday a lot of scam @ internet and the number of police report for the internet crime always keep increasing day by day.  Hope we can avoid and protect all the scams come to us.

What is “Phishing”?

Phishing is a scam in which the attacker sends an email purporting to be from a valid financial or eCommerce provider. The e-mail can appear to be from a commercial bank, credit card company, PayPal, eBay, or any online retail store; basically, from anywhere a person may have registered for an account, and usually would have supplied financial and personal information when registering. Anyone with an e-mail address is at risk of being phished

The email often uses fear tactics to entice the intended victim into visiting a fraudulent website. Once on the website, which generally looks and feels much like the real eCommerce/banking site, the victim is instructed to login to their account using their ID and password, and to enter sensitive financial information such as their bank PIN number.

This information is then surreptitiously sent to the attacker who could then use it to engage in activities such as credit card and bank fraud, or outright identity theft.


How to Spot a Phishing Scam

At first glance, it may not be obvious to the recipients that what is in their inbox is not a legitimate e-mail from a company with whom they do business. The "From" field of the e-mail may have the .com address of the company mentioned in the e-mail, and the clickable link may also appear to be taking you to the company's Website, but will in fact take you to a fraudulent Website.

1. The "From Field" appears to be from the legitimate company mentioned in the e-mail. It is important to note, however, that it is very simple to change the "from" information in any e-mail client.

2. The e-mail will usually contain logos or images that have been taken from the Website of the company mentioned in the scam e-mail.

3. The e-mail will contain a clickable link with text suggesting you use the inserted link to validate your information. Once the hyperlink is highlighted, the bottom left of the screen shows the real Website address to which you will go. Note that the hyperlink will NOT point to the legitimate Website URL.

Additionally, you may spot other elements that sometimes appear in phishing scams. These include logos that are not an exact match to the company's logo, spelling errors, percentage signs followed by numbers or @ signs within the hyperlink, random names or e-mail addresses in the body of the text, or even e-mail headers which have nothing to do with the company mentioned in the e-mail.

Beware: With phishing scams the e-mail is never from who it appears to be!

How can we protect ourselves from “Phishing”?


  1. If you receive an e-mail that claims to be from a company that you trust and asks for personal information, visit the Website to respond to such enquiries.
  2. Do not click any links in email to access a website. Instead, directly type in the address of the site that you wish to visit from your Internet browser.
  3. Call the "company" to confirm if they sent you an e-mail. The answer will likely be “no”.
  4. Forward the e-mail to the scam-reporting email address that the representative on the phone gives you. [It would also be advisable to report such phishing attempts to Cybersecurity Malaysia, the national body for cyber security. The e-mail address is cyber999@cybersecurity.my].
  5. Delete the e-mail.

The golden rule to avoid being phished is to not click the links within the text of the e-mail. Always delete the e-mail immediately. Once you have deleted the e-mail then empty the trash box in your e-mail client as well. This will prevent "accidental" clicks from happening as well. 

No comments:

Post a Comment