Poll question of week 8

Link to us: http://snipurl.com/week8poll

Based of the result of the poll question, there is a total of 31 votes and 21(67%) votes Japan earthquake and tsunami is serious problem for phishing scam. 9(29%) votes may will be Japan earthquake and tsunami for phishing scam. Only 1(3%) vote Japan earthquake and tsunami will not effect by phishing scam. The result show that a lot of people know that disaster will affect victims for phishing scam, but some of people do not think that disaster will afffect victims from phishing scam and they don't think that should be worry.

Phishing Contest !!

Please download our contest here !! ---->>> CROSSWORD PUZZLE CONTEST

Please send an e-mail the complete puzzle with your information stated below to siewchin.92@gmail.com

Name:
Age:
Gender:
Email address:

Rule:
1.Your information submitted must be truth.
2.We have the capability to cancel your qualifications, if found any cheater.
3.No copy from your friend.
4.Must be Malaysian.
5.Pass up before the deadline.

Japan Earthquake Scam ?

Link to us: http://snipurl.com/japanearthquakescam

Scammers and hackers are using the devastating earthquake and tsunami in Japan to appeal for fraudulent charity donations. US-CERT, the operational arm of the National Cyber Security Division (NCSD) at the Department of Homeland Security (DHS), is warning users regarding fake antivirus and phishing attacks regarding the Japan earthquake and the tsunami disasters. Scammers are also flooding e-mail inboxes with messages asking recipients to donate money to relief efforts.

In Facebook also scams are rocking, If you get a link to something like “Japanese Tsunami RAW Tidal Wave Footage’, don’t click it. It’s a scam. You may be tricked into “liking” the page and then taking a personal info harvesting survey, and then promoting the scam.

Symantec has observed a classic 419 message targeting the Japanese disaster, said researcher Samir Patil in a post to the company’s security blog. “The message is a bogus ‘next of kin’ story that purports to settle millions of dollars owing to an earthquake and tsunami victim.” Hackers have also registered a large number of domains with URLs that may fool users into thinking that they’re legitimate donation or relief sites, said Patil, a tactic that can also push those sites higher on search results.

How to Protect yourself

- Do not follow unsolicited web links or attachments in email messages.

- Maintain up-to-date antivirus software.

- Verify the legitimacy of the email by contacting the organization directly through a trusted contact number.

- Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain.

- Take advantage of any anti-phishing features offered by your email client and web browser.

refference: http://www.cybervally.com/2011/03/beware-fake-japan-earthquake-tsunami-disaster-email-scams-phishing-attacks/

Poll question of week 7

Link to us : http://snipurl.com/week7poll



  Based on the result of the poll question, there is a total of 36 votes and 31(83%) votes the paypal phishing will affects customers online purchased. According the top 10 phishing websites in 2010, the paypal phishing is one  of the most popular in the word. Most of people think that victims may be to click on the link in the e-mail which leads the victims to a fake website; this is serious problem for customers online purchased. Only 6 (16%) votes the paypal phishing will not be affect customers online purchased. A few of people are think the people having a lot of experience of the world and knowing about phishing and they do not worry about it.

Avoid Japan Earthquake Phishing

Link to us: http://snipurl.com/avoidjapanphishing

Global online community is showing support by charities’ websites like Red Cross for the 8-9 magnitudes earthquake that hit Japan on 17 March 2011- friday. There are some ways to make sure your donation reaches the right people.

1) Check for the URL spelling. Hackers are smart at making the fake URL looks real, for instance, credits.com for credit.com. This technique is called typosquatting.
2) Do not get misdirected. Online financial phishing scams will frequently direct you to a third party website that ask for your credit card information. If you’re being redirected to another site that does not look right, please disconnect from that website. Do not pay any attention to the link text because they can say anything. You have to pay more attention to the URL.
3) Avoid the social pressure. A scams usually works because it preys on a huge amount of people, please do some research if you see a website that appears syspicious. Never trust messages and links spread through Twitter.com and Facebook.com because they are hotbeds for scammers looking to mkake quick cash. Never give out your PIN code, driver's lisence number, phone number or date of birth because none of that information is required by legitimate sites like Red Cross.

Announcement :: Crossword Puzzle coming out soon !

Link to us: http://snipurl.com/crosswordpuzzle

After a while our blog is up, we've decided to come up with a crossover puzzle for our readers to play with ! This activity will make the readers understand more about phishing ! Prize will be given !!

Rules of Competition

- Must be a Malaysian

-Must be our Blog's follower

-Must submit real information

Prize: Mystery Gift will be Given to the winner !!

Please complete the below information and send an email to us if u wish to join the competition!

Name:
Gender:
Age:
Email Address:
Current Location:

Contact number:

Poll Week 6

Link to us: http://snipurl.com/week6poll

Poll question week seven:" Where Do You Think Our Blog's Standard Stand ?" There is a total of 27 votes and 1(3%) of them voted our blog's standard is poor and 3 (11%) of them voted the standard as Just nice and 23 (85%) voted Our blog's standard stand at Good !! None of the readers think our blog is noob . Thanks to those who voted for our blog, now we know where our standards stand and there'll be a contest coming up ! stay tuned !

Phone Phishing

Link to us: http://snipurl.com/phonephish

There is another type of phishing - phone phishing. This happens when someone pretending to be from a government agency or company, trying to ask for your personal information. It sounds easy to avoid, but unfortunately these people only need a few victims to fall for the scam to make it profitable.
Phone phishing is increasing. Sometimes it seems like your bank is really calling you. Phone phisher can assume your identity and empty your bank accounts. Here are some things you need to remember when conducting sensitive financial transactions over the phone:

1) Never give out full account numbers. Your financial institution doesn't need account numbers to verify your identity, if it is really necessary, give last four digits only, or insist on other methods to verify your identity, such as your date of birth.
2) Do not call a number left in a recording. Instead, you should call the known customer service for your bank. Although you may need to go through a couple of transfer, at least it is safer.
3) Be aware of repeated recordings to get a hold of you about important account or personal information. The bank is likely to use a real person to call you if there is really a problem.
4) Do not trust caller ID because it can be spoofed. It is important to find out the exactly spelling and words that should appear on caller ID from your bank's customer service number.

Have you been a victim of phone phishing?


Reference:
1)All Business [Online], Retrieved 11 March 2011
URL: http://www.allbusiness.com/crime-law-enforcement-corrections/criminal-offenses/14808871-1.html
2)Internet Fraud Tips [Online], Retrieved 11 March 2011
URL: http://www.fraud.org/tips/internet/phishing.htm

Poll week 5

Link to us: http://snipurl.com/week5poll

Poll question week six :"Do you like our slogan ? Beware!! Phishing ain't fishing". There is a totalof 42 vote, 39 which is 92% of them voted yes and 4 which is 9% of them voted of no,means they don't like the slogan. Majority like the slogan and we are very happy that they like the slogan.

Top 10 Phishing Website in 2010.

Link to us: http://snipurl.com/toptenphished



1. PayPal — 45.9%1.
2. Facebook — 5.3%2.
3. HSBC Group — 4.1%3.
4. World of Warcraft — 3.2%4.
5. Internal Revenue Service — 3%5.
6. Bradesco — 1.9%6.
7. Orkut — 1.7%7.
8. Sulake Corporation — 1.5 %8.
9. Steam — 1.2%9.
10. Tibia — 1%10.

In OpenDNS annual report for 2010, the most frequently phished website in every month of 2010 was Paypal, which is 9 times more than the second popular phisher target, Facebook (5.3% fake sites). Five of the top ten phished website (Facebook, World of Warcraft, Sulake Corporation, Steam and Tibia are associated with social and online games.

References
Help Net Security [Online], Retrieved on 10 March 2011.
URL: http://www.net-security.org/secworld.php?id=10487

New phishing technique exploits browser tab use

Link to us: http://snipurl.com/tabnabbing

According the SC magazine a leading Firefox developer has discovered a new phishing attack method. This new phishing attack called tabnabbing. Tabnabbing means the users generally do not keep track of all the tabs they have opened at one time on browser tabs.

Tabnabbing allow the attacker to implicitly change the contents of a separately tabbed page, name and logo when a user eventually returns to the tab such as Gmail and Facebook. In this new phishing attack, a user might to be tricked into visiting a maliciously crafted tabbed page including JavaScript. The victims may not expect is that a page they have been looking at will change behind the victims’ backs, when they are not looking. Phisher will catch them by surprise.

Besides this, an attacker could make the phishing ruse even more clever and skilful by tricking somebody that takes advantages of a user’s web browsing history file. Attacker also is able to display a message that the user’s session has timed out, thereby adding legitimacy to the attack.

Furthermore, users should check the URL of a site carefully if an unexpected login any webmail, bank or online commerce site page screen appears because there is no way to indicate that the page has changed.

Last but not least, users can consider running the NoScript add-on for Mozilla Firefox or they can deploy a password management tool, which should not make saved logins available for use at malicious sites.

References

Angela Moscaritolo, SC magazine [Online], Retrieved on 3 March 2011.

URL: http://www.scmagazineus.com/new-phishing-technique-exploits-browser-tab-use/article/170983/#