[Owasp-Malaysia] Maybank2u Notice Beware of Phishing

Muhammad Najmi Ahmad Zabidi najmi.zabidi at gmail.com
Fri Oct 8 22:41:43 EDT 2010


I used to play this game several times years back. Maybe they should
put this on Phishing 101;

http://wombatsecurity.com/antiphishing_phil/index.html

The extended version however need to pay... yup, the developers feed
their dependents too,not just us!



On Sat, Oct 9, 2010 at 10:35 AM, ApOgEE <jerungkun at gmail.com> wrote:
> Social Engineering or S.E. is a method of gaining useful secret &
> confidential information of certain victim. The attacker could use any form
> of social communication like stalking victim's personal life, being friend
> of victim's friend and family to gain information, being friend or dealing
> any job/business with victim, being friend with victim's self and asking
> questions that is unnoticeable to victim as malicious confidential
> information leading to loss of victim's property and so on. They are
> manipulating people (either victim or people around victim) to perform a
> well planned attack causing loss to the victim. Good social engineer can do
> as good as spy to get victim's information if it is worth to get.
>
> To avoid such attack, always be careful on whatever information you are
> passing to your friends and family. You have to be aware on which
> information to open or kept secret to your friends and family. It is not
> about being so secretive where you keep everything secret including your
> name and so on... if you avoid communicating to people, you could be 'kera
> sumbang' then.. hahaha... You have to know exactly what kind of information
> is to keep secret and what not.
>
> The BASIC rule is, keep your password or ANYTHING RELATED to your bank
> account like TAC, Mobile number, what so ever secret to yourself ONLY. You
> have to be certain that any information being asked to you is from an
> AUTHORIZED entity. For online, check for https, cert, or any trustworthy
> relation and be confirm to whoever you trust. For phone, you have to confirm
> that YOU CALL the right person. If someone called and ask you such
> information, KEEP A LOG of their name and phone number and DO NOT PASS any
> confidential information. Anybody can call you and ask because you can't see
> them. Your phone call are recorded in Telco's server and anybody (who could
> be Malicious Cracker) could break-in and listen to it. DO NOT PASS your
> secret info via SMS because your data is not encypted. If you are in doubt
> of any entity, simply DO NOT PASS your information and get your confirmation
> from AUTHORIZED person that such entity should be TRUSTED OR NOT before you
> continue to pass your confidential information.
>
> Again... do you think your secret are all safe?... THINK AGAIN...
>
>
> On Sat, Oct 9, 2010 at 9:34 AM, Muhammad Najmi Ahmad Zabidi
> <najmi.zabidi at gmail.com> wrote:
>>
>> i think i can.
>> except for the term "social engineering", it must be elaborated as well.
>>
>>
>>
>> On Sat, Oct 9, 2010 at 9:08 AM, Harisfazillah Jamel
>> <linuxmalaysia at gmail.com> wrote:
>> > Assalamualaikum and salam sejahtera,
>> >
>> > If you are using Maybank2u you will see a warning "Beware of
>> > Phishing". If you are not a IT person, can it be understand ?
>> >
>> > ---------------
>> > Beware of Phishing
>> >
>> >
>> > Protect your Username, Password and Transaction Authorisation Code (TAC)
>> >
>> > In the field of computer security, phishing is the criminally
>> > fraudulent process of attempting to acquire sensitive information such
>> > as usernames, passwords and Transaction Authorisation Code (TAC)
>> > details by masquerading as a trustworthy entity such as banks or other
>> > financial entity. Communications purporting to be from IT
>> > Administrators are commonly used to lure the unsuspecting public.
>> > Phishing is typically carried out by e-mail and it often directs users
>> > to enter details at a fake website whose look and feel are almost
>> > identical to the legitimate one. Even when using server
>> > authentication, it may require tremendous skill to detect that the
>> > website is fake. Phishing is another example of social engineering
>> > techniques.
>> >
>> > Therefore, please ignore the phishing email, but report the matter to
>> > us immediately.
>> > _______________________________________________
>> > Owasp-Malaysia mailing list
>> > Owasp-Malaysia at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>> >
>> > OWASP Malaysia Wiki
>> > http://www.owasp.org/index.php/Malaysia
>> >
>> > OWASP Malaysia Wiki Facebook
>> > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>> >
>> _______________________________________________
>> Owasp-Malaysia mailing list
>> Owasp-Malaysia at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>
>> OWASP Malaysia Wiki
>> http://www.owasp.org/index.php/Malaysia
>>
>> OWASP Malaysia Wiki Facebook
>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>
>
>
> --
> Best Wishes,
>
> M. Fauzilkamil Zainuddin
> ----------------------------------------------------
> ApOgEE a.k.a JeRuNgKuN
> ----------------------------------------------------
> https://edge.launchpad.net/~apogee - ApOgEE on LaunchPad
> http://artofapogee.blogspot.com - Art Of ApOgEE
> http://coderstalk.blogspot.com - Coder's Talk
> ----------------------------------------------------
>
>
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>


More information about the Owasp-Malaysia mailing list