Internet Banking Risks – Computer Expert Fooled, Refuse to Use Service

This article from a local Malaysian newspaper website caught my eyes. The funny thing is that the person interviewed by the journalist claimed his/her self as a computer expert. And he/she was fooled by an Internet banking scam. Expert? I don’t think so.

Anyway, my point being, articles like this will surely deter usage of Internet banking in Malaysia. Internet banking is safe indeed, and with a few precautions in mind it’s a great experience. Of course, somebody from the bank can steal your money. But can they also do that without Internet banking? Think about it.

Here are some things (there may be more) that you always need to remember when using Internet banking:

  • NEVER NEVER NEVER click on links in email. For a few years now my banks have never sent me an email with links to click on!
  • Look for the padlock in your browser (please see image below). This means that the connection is secure.
  • Ensure that the address bar is pointing to the correct website. Banks have specific websites from where they operate. For example Maybank have www.maybank2u.com.my and BCB (CIMB) have www.cimbclicks.com.my. Don’t use the site even if a letter missing!!!
  • Make sure that before the site name, it shows https:// and not http:// or any other thing. This only applies to the login page. Some banks like Maybank have their main page with information served with http://
  • If a warning pops up in your face saying that this site may be forged, just believe it first, ask questions later.
  • Use a reliable browse like Firefox. In this post you can see it detects a phishing site correctly. If you’re not currently viewing this page using Firefox, consider using the link on top of the page to download it.
  • Banks will never ask for your username or password in emails or call you to ask for those information. Keep your login information to yourself.

maybank2u_verify.png

maybank2u_verify_ie.png

If you are unsure, email or call the bank helpline. Previously I suggested for you to contact me so that I can help in confirming, but changed my mind. Trust only the bank.

In my point of view, articles from a computer expert like the guy/gal below should be explaining and helping instead of complaining. He/she said he/she advices people to be careful, but how?

Get your points straight, media!

Direct translation follows:

Internet Banking Risks – Computer Expert Fooled, Refuse to Use Service

By YULPISMAN ASLI

Do you feel safe and convinced making financial transactions via Internet banking?

Do you know that Internet banking sites can be cloned by anyone – from a school kid to a cyber criminal – in only one or two hours?

Ironically, Utusan Malaysia was told by a computer expert that he/she him/her self doesn’t want to use the service anymore.

Why? Because he/she has been fooled via the online banking service.

“I made a transaction online but never received the money. Now I prefer going to the bank to make transactions,” said the computer expert (who refused to reveal his/her identity) from a government agency, here today.

For that particular case experienced by the computer expert, the acitivity was finally detected by National ICT Security & Emergency Response Centre (NISER).

The phenomenon that is happening is real.

Yesterday police arrested four university students and nine others because they created a forged web site of local banks to steal customer information before withdrawing their money.

According to the expert, with only a computer, Internet and browser software, a person can create a forged bank website that can potentially cause millions of customers’ ringgits disappear.

“Furthermore to create such website, they don’t need a long time, only about one to two hours,” he/she said.

He/she said, what the creators of the forged website needed to do is create a website that looks like the original website.

This can be done by copying the whole website, while the software is available in the market.

He/she said, the activity however can’t use the same original URL (domain address) of the website as it is protected, but they can create an alternative network that can confuse the bank customers.

“In the Internet world you can do anything (create forged bank websites). It’s not hard to copy, it takes only a while,” he/she said.

He/she said, usually, those who don’t have the knowledge and doesn’t know about IT world will be exposed to the forged websites.

In relation to that, he/she advices the public to be a lot more careful when doing online banking transactions to prevent from becoming a victim.

Yesterday, Assistant Director of Cyber Crime and Multimedia, Assistant Commissioner Ismail Yatim said, police have arrested four university students who were lead by a government officer’s son/daughter as they are involved in creating forged bank websites to steal customer information before withdrawing their money.

The four students were among the 13 people arrested for their involvement in the cyber crime. They were arrested in multiple raids in Kelantan, Selangor, and KL.

Their MO so far that has caused loss amounting to RM36,000 is sending emails to bank customers and requesting them to update the details in their bank account.

They then asked the customers to click on a link in the email, to update the details.

After clicking on the link, they are requested to input their username and password without realizing that the website is forged.

The information filled by the customers will be saved automatically in the data created by the syndicate, accordingly making it easy for them to access the victim’s bank account and transfer all the money.

Original news:

Risiko perbankan Internet — Pakar komputer pernah ditipu, enggan guna lagi perkhidmatan

Oleh YULPISMAN ASLI

KUALA LUMPUR 11 Okt. – Selamatkah atau yakinkah anda menggunakan perkhidmatan transaksi wang dan urusan seumpamanya menerusi perbankan Internet?

Tahukah anda bahawa laman web perbankan boleh diciplak oleh sesiapa sahaja – daripada murid sekolah sehinggalah kepada penjenayah siber – dalam tempoh satu hingga dua jam sahaja?

Ironisnya, Utusan Malaysia diberitahu oleh seorang pakar komputer tempatan bahawa beliau sendiri tidak mahu lagi menggunakan perkhidmatan itu.

Mengapa? Kerana dia pernah ditipu menerusi perkhidmatan perbankan secara online itu.

Saya membuat urusan secara talian tetapi bank tidak menerima wang itu. Sekarang saya lebih suka pergi ke bank untuk membuat urusan, kata pakar komputer (yang enggan mendedahkan identitinya) dari sebuah agensi kerajaan itu, di sini hari ini.

Bagi kes yang dialami oleh pakar komputer itu, kegiatan tersebut akhirnya dikesan oleh Pusat Keselamatan dan Tindak Balas Kecemasan Teknologi Komunikasi dan Maklumat Negara (NISER).

Fenomena yang berlaku ini adalah nyata.

Semalam polis menangkap empat pelajar universiti dan sembilan yang lain kerana mencipta laman web palsu bank-bank tempatan untuk mencuri maklumat pelanggan sebelum mengeluarkan wang mereka.

Menurut pakar itu lagi, dengan hanya memiliki sebuah komputer, Internet dan perisisan pelayar, seseorang itu boleh mencipta laman web palsu bank sehingga boleh melesapkan berjuta-juta ringgit wang pelanggan.

Malah untuk mencipta laman web palsu itu, mereka tidak perlukan masa yang lama, hanya kira-kira satu hingga dua jam sahaja, katanya.

Beliau berkata, apa yang perlu dilakukan oleh pencipta laman web palsu itu ialah mencipta laman web seakan-akan laman web asal.

Ini boleh dilakukan dengan meniru keseluruhan laman web terbabit, sementara perisian pula boleh didapati di pasaran.

Katanya, kegiatan itu bagaimanapun tidak boleh meniru URL (alamat domain) asal laman web berkenaan kerana ia dilindungi, tetapi mereka boleh mewujudkan rangkaian alternatif sehingga boleh mengelirukan para pelanggan bank terbabit.

Dalam dunia Internet memang semua boleh buat (mewujudkan laman-laman web palsu bank). Nak tiru bukan susah, sekejap sahaja , katanya.

Beliau berkata, selalunya, mereka yang tidak mempunyai pengetahuan dan tidak tahu tentang selok-belok dunia IT akan terdedah kepada laman web palsu tersebut.

Sehubungan itu, beliau menasihatkan orang ramai supaya lebih berhati-hati ketika membuat urusan bank secara online bagi mengelak menjadi mangsa.

Semalam, Penolong Pengarah Jenayah Siber dan Multimedia, Asisten Komisioner Ismail Yatim berkata, polis telah memberkas empat pelajar universiti yang didalangi anak seorang pegawai tinggi kerajaan setelah terlibat dalam kegiatan mencipta laman web palsu bank-bank tempatan untuk mencuri maklumat pelanggan sebelum mengeluarkan wang mereka.

Empat pelajar itu adalah antara 13 orang yang ditangkap kerana terbabit dalam kegiatan jenayah siber terbabit. Mereka ditahan dalam beberapa serbuan sekitar Kelantan, Selangor dan ibu negara.

Modus operandi mereka yang setakat ini telah menyebabkan kerugian sebanyak RM36,000 ialah menghantar e-mel kepada pelanggan bank dan meminta mangsa mengemas kini maklumat akaun bank mereka.

Mereka kemudian meminta mangsa klik pada satu pautan yang tertera di e-mel tersebut kononnya bagi tujuan mengemaskinikan akaun simpanan mereka.

Setelah klik pada pautan itu, mereka disuruh memasukkan nama pengguna dan kata laluan tanpa menyedari laman web tersebut sebenarnya palsu.

Maklumat yang diisi itu akan disimpan secara automatik dalam data yang dicipta sindiket itu, seterusnya memudahkan mereka mengakses akaun bank mangsa dan memindahkan semua wang milik mangsa.

Contents above directly copied from http://www.utusan.com.my/utusan/…

0 Shares

One thought on “Internet Banking Risks – Computer Expert Fooled, Refuse to Use Service”

Comments are closed.