Dulu masa aku masuk seminar Dreamkaya, pernah ternampaklah dia orang tunjukkan macam mana nak main saham kat HSBC online. Masa tu terniat juga kat dalam hati, kalau ada rezeki SC ni nak main HSBC online market.....tapi apakan daya tak kesampaian. Main saham AKHIRAT aje le....sikit-sikit lagi tenang hati.

Phishing for trouble

When you get an e-mail warning of a problem with your account, ignoring it can save you from being conned.

Stories by MARIA DANIEL

There is an old Father Brown story that tells of how master thief Flambeau repaints the doors and gates along an entire street in order to fool a messenger into delivering a valuable parcel to his house instead of to the proper address on the next road. Todays, thieves are still pulling the same scam but online.

Phishers (pronounced fishers) create websites that look just like the one from your bank, online bookstore, or other familiar destinations. They then get you to visit their fake website by sending you an e-mail, SMS, or instant message that contains a link.

If they are imitating your bank, the link will have your banks name in it. If they are imitating your favourite betting portal, it will look like the proper address.

If you click on it, you are transported to the fake website, set up to look familiar.

Once you are in the phishers net, he or she will trick you into giving away valuable information.

If the phisher is local, they may fake you into giving up your bank account number and ATM password. By the time you realise whats happened, theyve raided your bank account.

If the phisher prefers the anonymity of plastic cash, they may imitate an online shop to get you to place an order with your credit card. When you fill out the form to take advantage of that bargain, they capture your name, address and credit card details.

The phisher can now go on a spending spree and have you pay the bill!

Finding yourself broke and in debt isnt the worst that can happen either. Criminal organisations look to get as much information as they can from you so they can fake your identity. Selling these details to illegal immigrants, crooks and even terrorists is big business.

UK citizen Simon Bunce was arrested four years ago after an ID fraudster used his credit card details on a child porn website. Fortunately, Bunce could prove that someone in Indonesia was using his credit card details in Jakarta at a time he was in the UK.

But because it took months for these details to be discovered, he lost his job and was ostracised by family and friends.

Phishing was first reported way back in 1987 but the term is only now becoming generally understood, thanks to the booming popularity of the Net for banking, shopping and other transactions.

PayPal announced it blocked 50 million phishing-related e-mails between Oct 2007 and April this year, but nobody knows exactly how big the problem is.

Reporting is complicated as phishers work across borders, and many victims never connect their online activities with subsequent problems, like their bank accounts being raided or their passports being faked.

In addition, fraud is now so common, that companies and law enforcement agencies in many countries dont even bother following up on what they consider small cases.

Spotting the phisher

Typical phishing messages have headers that spell trouble such as: Your eBay account suspended, Billing issues and Payment problem notification. It looks something like this:

Dear Member,

This e-mail was sent by our bank server to verify your e-mail address. You must complete this process by clicking on the link below and entering in the small window your bank ATM/Debit Card number and PIN that you use on ATM.

This is done for your protection - because some of our members no longer have access to their e-mail addresses and we must verify it.

To verify your e-mail address and access your bank account, click on the link below:

Phishers often imitate banks, eBay and PayPal: any group that will have your personal and banking details.

But there is no limit as to who they will impersonate.

In Australia in April this year, phishers used the name of the New South Wales Police Forces fraud squad commander to con citizens into believing they were being targeted by identity theft rings. The victims who fell into the trap handed their bank account details to the commander.

Phishing doesnt just happen online either. As telephone systems connect to databases, thieves take advantage of auto diallers and computer software to sweep whole districts for victims.

A popular scam starts with an automated phone call, where a court officer claims you are required to testify in a fraud/theft/money laundering investigation.

If you have a question, the recorded message states, you should press 0 and ask the operator for assistance.

Understandably, many people panic at this point and follow the instruction. They are then transferred to a call centre where a court officer demands their name, address, IC number, bank account details . . . every little personal detail the phisher can use to fake your credit card, bank book, passport and other important paperwork.

So what can you do to protect yourself?

Here are some general tips to keep in mind:

Think twice before handing out your IC number, passport or bank details online and offline. Ask where this information will be stored and who will be sharing it.If you receive e-mail, an SMS or a phone call asking for personal or financial information, confirm it is legitimate with a phone call to the bank or a personal visit to the offices.Companies rely on e-mail to answer customer questions, send you adverts or information about promotions, but they will never ask you for account or personal information via e-mail. They know its too risky.Spoof e-mail usually contains dire warnings to make you panic.Never use a link in an e-mail, SMS, or instant message to get to your bank, eBay page etc. Go to the site by using your browser.If you bank or shop online, keep a close eye on your account. Report unusual activity immediately.Most false e-mail messages are addressed to the general public. Some may contain user names, the bit that appears before the @ in your email address, but they seldom contain your real name.The golden rule: only give out sensitive information online when a secure transaction is offered. Never send sensitive information via e-mail, SMS etc! The bottom line is to be super-cautious. If in doubt, follow your gut feeling and say no! About secure transactions When data is sent from one computer to another on the Internet, every other computer in between has an opportunity to see whats being sent. So when you give out sensitive information online like your IC or credit card number, check that you are offered a secure transaction. Secure transaction sites use encryption software to scramble your personal information. This means nobody can read it except for the proper recipient. (Note: Most online companies like Air Asia and Amazon.com let banks and other professional security bodies handle their online transactions so they dont actually see your credit card information at any stage. All they get is confirmation that you have made the payment.) When you are offered a secure transaction, youll get a pop-up notice in your browser. When you click through, an icon of a padlock and key will appear at the browser window. If it is closed, it means the page is protected. But, if the lock is open or broken, it means any information you give is not protected. After you have filled out the form, always print out a copy of your order and confirmation number for your records. Report it! Report suspicious, malicious or criminal activity online and learn more about online scams and problems plaguing users in Malaysia by visiting:

-- Edited by Ada Akai at 00:07, 2008-05-11