2. DO YOU LOVE FISHING “PHISHING” ? OR

3. Global Wealth Management Group MORGAN STANLEY & SMITH BARNEY A term used to describe fraudulent attempts to steal an individual’s identity through e-mail VISA Also called brand spoofing The creation of e-mail messages and Web pages that are the replicas of the existing, legitimate websites and businesses for the purpose of committing fraud. English Oxford Dictionary The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers, online.

4. Users are sent an unsolicited e-mail appearing to be from a legitimate company. E-mail claims that a billing error or account problem has occurred OR the user’s information needs to be updated or validated. Users are asked to follow instructions that will take them to a Web site that appears to be legitimate. While at the site, users are asked to update personal and financial information by completing an online form. The form requests a variety of information such as credit card numbers, account numbers, passwords, date of birth, driver’s license number and social insurance numbers. Users respond to the request as the site looks authentic and therefore fooled by disclosing their financial and personal information to criminals. Criminals then uses the information to purchase goods and services, obtain credit, or commit identity theft. SCENARIO 1

5. User receives a pop-up reward message. Enters personal and financial details to retrieve reward Phishers receives user’s personal and financial information Users does not get the reward but finds out that their account OR identity has been used for some other matters. YOU HAVE BEEN PHISHED! THANK YOU FOR YOUR GENEROSITY… SCENARIO2SCENARIO2

6. The yellow lock does not appear anywhere on the screen. Fake request of “alternative password” Inappropriate request for personal information The pictures in the Web site are hyperlinked to unidentified addresses Threatening words to get user’s attention to disclose personal/financial information Web address are longer than usual. The Web address starts with “http://”

8. PHARMING: Through Spoofed Websites / Emails PHARMING: Through Spoofed Websites / Emails SMISHING: Through Short Messaging Service (SMS) SMISHING: Through Short Messaging Service (SMS) VISHING: Through Voice IP (Phone calls) VISHING: Through Voice IP (Phone calls) ~ TYPES OF PHISHING ~

9. 1. Be cautious with spams received through emails. ~ Especially from unrecognized senders ~ Asking for personal information ~ Stating sense of urgency to respond; threatening possible consequences if do not act immediately ~ Requesting you to click on a link, download files or open attachments 2. Protect your computer with firewall, spam filters, antivirus, and anti-spyware softwares. ~ Install the latest softwares and constantly update them 3. Regularly check your bank account, credit and debit card statements ~ Keep track of your transactions ~ Easy to detect irregularities

10. 4.Give personal information only through secured websites. ~ ‘Lock’ icon on the browser bar ~ ‘https’ URL instead of ‘http’ ~ Fully type URL address of website by yourself instead of using search 5.Contact the related company or bank to enquire if in doubt. ~ Regarding any emails, sms, phone calls received asking for personal information

11. 1.Maybank2u.com became victim to phishing culprits in 2008. -Notification sent through the fake Maybank website and emails sent to victims.

12. − Lures victims to the fake internet banking site from the link given in the email and notification notice. −Unsuspecting victims enter their personal information to login.

13. 2. Apple was attacked by phishers in 2011. - Customers receive emails purportedly from Apple. - Aimed at tricking customers to reveal their AppleID Billing Information. - Well-crafted scam with unusually well written and grammatically correct sentences with an authentic looking website.

14. Victims are directed to the fake link given in the e-mail.

17.  Morgan Stanley and Smith Barney, http://www.smithbarney.com/security_emailfraud.htmlhttp://www.smithbarney.com/security_emailfraud.html  Bloggers.com, Tech Guide, http://techno-guideforall.blogspot.com/2011/06/how-to-protect- yourself-from-phishing.htmlhttp://techno-guideforall.blogspot.com/2011/06/how-to-protect- yourself-from-phishing.html  Visa, http://www.visa.ca/en/personal/pdfs/brand_spoofing.pdf http://www.visa.ca/en/personal/pdfs/brand_spoofing.pdf  Identity Theft Killer, Prevent Identity Theft in 5 Minutes, http://www.identitytheftkiller.com/prevent-phishing-scams.php http://www.identitytheftkiller.com/prevent-phishing-scams.php  infosec ISLAND, 10 ways to prevent phishing, Wednesday, May 19, 2010 http://www.infosecisland.com/blogview/4070-10-Ways-To-Prevent-Phishing.html http://www.infosecisland.com/blogview/4070-10-Ways-To-Prevent-Phishing.html  PHISHING.ORG, How to prevent phishing scams, http://www.phishing.org/scams/prevent- phishing/http://www.phishing.org/scams/prevent- phishing/  Maybank Phishing Scam E-mails in Malaysia, http://www.shaolintiger.com/2009/03/23/maybank-phishing-scam-e-mails-in-malaysia/ http://www.shaolintiger.com/2009/03/23/maybank-phishing-scam-e-mails-in-malaysia/  TG Daily, Massive phishing scam targets Apple users, Emma Woollacott, http://www.tgdaily.com/security-features/60451-massive-phishing-scam-targets-apple-users http://www.tgdaily.com/security-features/60451-massive-phishing-scam-targets-apple-users  New phishing scam targets Apple users, George Wong, http://www.ubergizmo.com/2011/12/new-phishing-scam-targets-apple-users/ http://www.ubergizmo.com/2011/12/new-phishing-scam-targets-apple-users/  Saturday Party, Walter and Simon, Dance mood by Nitro Album.  Google images

18. Together as 1 Malaysia, let us unite as one to curb phishing!