[Owasp-Malaysia] Maybank2u Notice Beware of Phishing

ApOgEE jerungkun at gmail.com
Fri Oct 8 22:35:33 EDT 2010


Social Engineering or S.E. is a method of gaining useful secret &
confidential information of certain victim. The attacker could use any form
of social communication like stalking victim's personal life, being friend
of victim's friend and family to gain information, being friend or dealing
any job/business with victim, being friend with victim's self and asking
questions that is unnoticeable to victim as malicious confidential
information leading to loss of victim's property and so on. They are
manipulating people (either victim or people around victim) to perform a
well planned attack causing loss to the victim. Good social engineer can do
as good as spy to get victim's information if it is worth to get.

To avoid such attack, always be careful on whatever information you are
passing to your friends and family. You have to be aware on which
information to open or kept secret to your friends and family. It is not
about being so secretive where you keep everything secret including your
name and so on... if you avoid communicating to people, you could be 'kera
sumbang' then.. hahaha... You have to know exactly what kind of information
is to keep secret and what not.

The BASIC rule is, keep your password or ANYTHING RELATED to your bank
account like TAC, Mobile number, what so ever secret to yourself ONLY. You
have to be certain that any information being asked to you is from an
AUTHORIZED entity. For online, check for https, cert, or any trustworthy
relation and be confirm to whoever you trust. For phone, you have to confirm
that YOU CALL the right person. If someone called and ask you such
information, KEEP A LOG of their name and phone number and DO NOT PASS any
confidential information. Anybody can call you and ask because you can't see
them. Your phone call are recorded in Telco's server and anybody (who could
be Malicious Cracker) could break-in and listen to it. DO NOT PASS your
secret info via SMS because your data is not encypted. If you are in doubt
of any entity, simply DO NOT PASS your information and get your confirmation
from AUTHORIZED person that such entity should be TRUSTED OR NOT before you
continue to pass your confidential information.

Again... do you think your secret are all safe?... THINK AGAIN...


On Sat, Oct 9, 2010 at 9:34 AM, Muhammad Najmi Ahmad Zabidi <
najmi.zabidi at gmail.com> wrote:

> i think i can.
> except for the term "social engineering", it must be elaborated as well.
>
>
>
> On Sat, Oct 9, 2010 at 9:08 AM, Harisfazillah Jamel
> <linuxmalaysia at gmail.com> wrote:
> > Assalamualaikum and salam sejahtera,
> >
> > If you are using Maybank2u you will see a warning "Beware of
> > Phishing". If you are not a IT person, can it be understand ?
> >
> > ---------------
> > Beware of Phishing
> >
> >
> > Protect your Username, Password and Transaction Authorisation Code (TAC)
> >
> > In the field of computer security, phishing is the criminally
> > fraudulent process of attempting to acquire sensitive information such
> > as usernames, passwords and Transaction Authorisation Code (TAC)
> > details by masquerading as a trustworthy entity such as banks or other
> > financial entity. Communications purporting to be from IT
> > Administrators are commonly used to lure the unsuspecting public.
> > Phishing is typically carried out by e-mail and it often directs users
> > to enter details at a fake website whose look and feel are almost
> > identical to the legitimate one. Even when using server
> > authentication, it may require tremendous skill to detect that the
> > website is fake. Phishing is another example of social engineering
> > techniques.
> >
> > Therefore, please ignore the phishing email, but report the matter to
> > us immediately.
> > _______________________________________________
> > Owasp-Malaysia mailing list
> > Owasp-Malaysia at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia
> >
> > OWASP Malaysia Wiki
> > http://www.owasp.org/index.php/Malaysia
> >
> > OWASP Malaysia Wiki Facebook
> > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
> >
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>



-- 
Best Wishes,

M. Fauzilkamil Zainuddin
----------------------------------------------------
ApOgEE a.k.a JeRuNgKuN
----------------------------------------------------
https://edge.launchpad.net/~apogee <https://edge.launchpad.net/%7Eapogee> -
ApOgEE on LaunchPad
http://artofapogee.blogspot.com - Art Of ApOgEE
http://coderstalk.blogspot.com - Coder's Talk
----------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20101009/c2f25fb4/attachment.html 


More information about the Owasp-Malaysia mailing list