A Real Computer Expert, At Last

At last in yesterday’s edition of the articles about Internet Banking, the same newspaper as mentioned in the previous post interviewed Datuk Abdul Hamidy Abdul Hafiz, the chairman of the Association of Banks in Malaysia (ABM). In the interview, Datuk Hamidy explained about the problem like an expert. I am not sure about his background, but he sure know about it better than the “computer expert”.

Quote:

ABDUL HAMIDY: Phishing bukanlah satu trend. Ia merupakan satu penipuan dan tidak boleh dihentikan kerana ada sahaja orang yang hendak mencuba.

Tetapi kalau kita melihat cara phishing ini dia bukan hendak menembusi (penetrate) sistem bank, tetapi ingin menembusi sistem milik pelanggan. Ini bermakna, penipuan tersebut berlaku terhadap pelanggan yang masih kurang berpengetahuan mengenai keselamatan di Internet.

Maksud Datuk pelanggan yang tidak cekap menggunakan Internet.

ABDUL HAMIDY: Ya. Mereka yang masih tidak cekap menggunakan Internet.

Oleh kerana itu semua bank yang mempunyai kemudahan perbankan Internet sentiasa memberitahu peraturan dan langkah-langkah keselamatan.

Pelanggan kadangkala mengabaikan peraturan yang diberikan oleh pihak bank kerana menganggap peraturan itu terlalu panjang.

Kita berharap pelanggan akan membaca dan memahami peraturan yang telah disediakan. Kalau mereka (pelanggan) tidak faham mengenai peraturan atau langkah yang disediakan, mereka boleh menghubungi Pusat Pengurusan Pelanggan.

Original news: http://www.utusan.com.my/utusan/…

This time I am short of time to translate anything. If you are interested just let me know.

As a summary, he said that the problem is not with banking website, but with the users’ Internet skills. Criminals are not attacking banking websites, but users. Right on target, Datuk.

Internet Banking Risks – Computer Expert Fooled, Refuse to Use Service

This article from a local Malaysian newspaper website caught my eyes. The funny thing is that the person interviewed by the journalist claimed his/her self as a computer expert. And he/she was fooled by an Internet banking scam. Expert? I don’t think so.

Anyway, my point being, articles like this will surely deter usage of Internet banking in Malaysia. Internet banking is safe indeed, and with a few precautions in mind it’s a great experience. Of course, somebody from the bank can steal your money. But can they also do that without Internet banking? Think about it.

Here are some things (there may be more) that you always need to remember when using Internet banking:

  • NEVER NEVER NEVER click on links in email. For a few years now my banks have never sent me an email with links to click on!
  • Look for the padlock in your browser (please see image below). This means that the connection is secure.
  • Ensure that the address bar is pointing to the correct website. Banks have specific websites from where they operate. For example Maybank have www.maybank2u.com.my and BCB (CIMB) have www.cimbclicks.com.my. Don’t use the site even if a letter missing!!!
  • Make sure that before the site name, it shows https:// and not http:// or any other thing. This only applies to the login page. Some banks like Maybank have their main page with information served with http://
  • If a warning pops up in your face saying that this site may be forged, just believe it first, ask questions later.
  • Use a reliable browse like Firefox. In this post you can see it detects a phishing site correctly. If you’re not currently viewing this page using Firefox, consider using the link on top of the page to download it.
  • Banks will never ask for your username or password in emails or call you to ask for those information. Keep your login information to yourself.

maybank2u_verify.png

maybank2u_verify_ie.png

If you are unsure, email or call the bank helpline. Previously I suggested for you to contact me so that I can help in confirming, but changed my mind. Trust only the bank.

In my point of view, articles from a computer expert like the guy/gal below should be explaining and helping instead of complaining. He/she said he/she advices people to be careful, but how?

Get your points straight, media!

Direct translation follows:

Internet Banking Risks – Computer Expert Fooled, Refuse to Use Service

By YULPISMAN ASLI

Do you feel safe and convinced making financial transactions via Internet banking?

Do you know that Internet banking sites can be cloned by anyone – from a school kid to a cyber criminal – in only one or two hours?

Ironically, Utusan Malaysia was told by a computer expert that he/she him/her self doesn’t want to use the service anymore.

Why? Because he/she has been fooled via the online banking service.

“I made a transaction online but never received the money. Now I prefer going to the bank to make transactions,” said the computer expert (who refused to reveal his/her identity) from a government agency, here today.

For that particular case experienced by the computer expert, the acitivity was finally detected by National ICT Security & Emergency Response Centre (NISER).

The phenomenon that is happening is real.

Yesterday police arrested four university students and nine others because they created a forged web site of local banks to steal customer information before withdrawing their money.

According to the expert, with only a computer, Internet and browser software, a person can create a forged bank website that can potentially cause millions of customers’ ringgits disappear.

“Furthermore to create such website, they don’t need a long time, only about one to two hours,” he/she said.

He/she said, what the creators of the forged website needed to do is create a website that looks like the original website.

This can be done by copying the whole website, while the software is available in the market.

He/she said, the activity however can’t use the same original URL (domain address) of the website as it is protected, but they can create an alternative network that can confuse the bank customers.

“In the Internet world you can do anything (create forged bank websites). It’s not hard to copy, it takes only a while,” he/she said.

He/she said, usually, those who don’t have the knowledge and doesn’t know about IT world will be exposed to the forged websites.

In relation to that, he/she advices the public to be a lot more careful when doing online banking transactions to prevent from becoming a victim.

Yesterday, Assistant Director of Cyber Crime and Multimedia, Assistant Commissioner Ismail Yatim said, police have arrested four university students who were lead by a government officer’s son/daughter as they are involved in creating forged bank websites to steal customer information before withdrawing their money.

The four students were among the 13 people arrested for their involvement in the cyber crime. They were arrested in multiple raids in Kelantan, Selangor, and KL.

Their MO so far that has caused loss amounting to RM36,000 is sending emails to bank customers and requesting them to update the details in their bank account.

They then asked the customers to click on a link in the email, to update the details.

After clicking on the link, they are requested to input their username and password without realizing that the website is forged.

The information filled by the customers will be saved automatically in the data created by the syndicate, accordingly making it easy for them to access the victim’s bank account and transfer all the money.

Original news:

Risiko perbankan Internet — Pakar komputer pernah ditipu, enggan guna lagi perkhidmatan

Oleh YULPISMAN ASLI

KUALA LUMPUR 11 Okt. – Selamatkah atau yakinkah anda menggunakan perkhidmatan transaksi wang dan urusan seumpamanya menerusi perbankan Internet?

Tahukah anda bahawa laman web perbankan boleh diciplak oleh sesiapa sahaja – daripada murid sekolah sehinggalah kepada penjenayah siber – dalam tempoh satu hingga dua jam sahaja?

Ironisnya, Utusan Malaysia diberitahu oleh seorang pakar komputer tempatan bahawa beliau sendiri tidak mahu lagi menggunakan perkhidmatan itu.

Mengapa? Kerana dia pernah ditipu menerusi perkhidmatan perbankan secara online itu.

Saya membuat urusan secara talian tetapi bank tidak menerima wang itu. Sekarang saya lebih suka pergi ke bank untuk membuat urusan, kata pakar komputer (yang enggan mendedahkan identitinya) dari sebuah agensi kerajaan itu, di sini hari ini.

Bagi kes yang dialami oleh pakar komputer itu, kegiatan tersebut akhirnya dikesan oleh Pusat Keselamatan dan Tindak Balas Kecemasan Teknologi Komunikasi dan Maklumat Negara (NISER).

Fenomena yang berlaku ini adalah nyata.

Semalam polis menangkap empat pelajar universiti dan sembilan yang lain kerana mencipta laman web palsu bank-bank tempatan untuk mencuri maklumat pelanggan sebelum mengeluarkan wang mereka.

Menurut pakar itu lagi, dengan hanya memiliki sebuah komputer, Internet dan perisisan pelayar, seseorang itu boleh mencipta laman web palsu bank sehingga boleh melesapkan berjuta-juta ringgit wang pelanggan.

Malah untuk mencipta laman web palsu itu, mereka tidak perlukan masa yang lama, hanya kira-kira satu hingga dua jam sahaja, katanya.

Beliau berkata, apa yang perlu dilakukan oleh pencipta laman web palsu itu ialah mencipta laman web seakan-akan laman web asal.

Ini boleh dilakukan dengan meniru keseluruhan laman web terbabit, sementara perisian pula boleh didapati di pasaran.

Katanya, kegiatan itu bagaimanapun tidak boleh meniru URL (alamat domain) asal laman web berkenaan kerana ia dilindungi, tetapi mereka boleh mewujudkan rangkaian alternatif sehingga boleh mengelirukan para pelanggan bank terbabit.

Dalam dunia Internet memang semua boleh buat (mewujudkan laman-laman web palsu bank). Nak tiru bukan susah, sekejap sahaja , katanya.

Beliau berkata, selalunya, mereka yang tidak mempunyai pengetahuan dan tidak tahu tentang selok-belok dunia IT akan terdedah kepada laman web palsu tersebut.

Sehubungan itu, beliau menasihatkan orang ramai supaya lebih berhati-hati ketika membuat urusan bank secara online bagi mengelak menjadi mangsa.

Semalam, Penolong Pengarah Jenayah Siber dan Multimedia, Asisten Komisioner Ismail Yatim berkata, polis telah memberkas empat pelajar universiti yang didalangi anak seorang pegawai tinggi kerajaan setelah terlibat dalam kegiatan mencipta laman web palsu bank-bank tempatan untuk mencuri maklumat pelanggan sebelum mengeluarkan wang mereka.

Empat pelajar itu adalah antara 13 orang yang ditangkap kerana terbabit dalam kegiatan jenayah siber terbabit. Mereka ditahan dalam beberapa serbuan sekitar Kelantan, Selangor dan ibu negara.

Modus operandi mereka yang setakat ini telah menyebabkan kerugian sebanyak RM36,000 ialah menghantar e-mel kepada pelanggan bank dan meminta mangsa mengemas kini maklumat akaun bank mereka.

Mereka kemudian meminta mangsa klik pada satu pautan yang tertera di e-mel tersebut kononnya bagi tujuan mengemaskinikan akaun simpanan mereka.

Setelah klik pada pautan itu, mereka disuruh memasukkan nama pengguna dan kata laluan tanpa menyedari laman web tersebut sebenarnya palsu.

Maklumat yang diisi itu akan disimpan secara automatik dalam data yang dicipta sindiket itu, seterusnya memudahkan mereka mengakses akaun bank mangsa dan memindahkan semua wang milik mangsa.

Contents above directly copied from http://www.utusan.com.my/utusan/…

Google In Malaysia

While playing around with some Google caches today I found this intriguing page. It’s an opening for Malaysia Country Consultant for Google Inc. I wonder if they are planning to open up an office in Malaysia, or better still, a research center perhaps?

google-malaysia-opening.jpg

Digging deeper, Azidin found out that Jeff mentioned that this position has been filled by Hanson Toh in his CNET Blog, Lemak Lemang.

Update: JAKIM is Hosting PayPal Phishing Site?!

Today I received an email from JAKIM (baheis/JAKIM [at] JAKIM.islam.gov.my) that redirected me to this site:

Aduan Jakim

Well done. Despite of what happened I am quite pleased and proud of their immediate action (3 days is immediate for government bodies, give them a break). First time I’ve ever seen an email address with slash (/) though. Hey they incorrectly spelled my name! 😐

Er.. why do we have to use IE to view the page? Direct translation to the highlighted item: This form must be viewed with IE 😉 It looks fine on my Firefox, though.

Aduan Jakim 2

Pikom reports dip in PC sales nationwide

Hey hey hey… PC sales has dropped? From The Star Online TechCentral:

PETALING JAYA: Despite the recent tax relief offered by the Government to help spur PC ownership in the country, PC sales have dropped by about 20% in September, compared to August.

The Association of the Computer and Multimedia Industry of Malaysia (Pikom) said its members had reported the dip in sales, but it declined to provide details.

The intriguing paragraph:

Pikom, however, does not know the cause of the decrease. (But) “it is clearly evident that PC sales have dropped,” Pikom treasurer Low Wai Sun told In.Tech.

One thing that immediately popped up my mind is fuel price.

For people like me who is really nuts about PC and technology, nothing would stop me of course. But for others, would they buy more PC stuff if a big part of their income have to be allocated for a more important purpose – transportation.

I think I am not the only one who is feeling some effect on the fuel price increase. As we have to go places everyday fuel is nowadays very very very important indeed. No no I am not saying that anything is wrong or whatever, the point here is that we all feel something from the fuel price increase unless we are earning 5 digit income monthly.

What do you think?

Hey while I was at The Star Online I noticed that they also have a ‘Digg This’ button. 😉

The Star Digg This

Read more about the story here: http://star-techcentral.com/tech/…

As usual, click on the link below in case the original story link is no longer valid.

Continue reading Pikom reports dip in PC sales nationwide

JAKIM is Hosting PayPal Phishing Site?!

I visited some other blog today and read a fresh post about JAKIM site hosting a Paypal Phishing site.

Try yourself and go to http://www.islam.gov.my/online/cgi/. You’ll see this:

paypaljakim.PNG

And if you get to http://www.islam.gov.my/online/cgi/webscr_cmd=_login-run/primapagina.htm (I suggest you only go there if you know what you are doing) you’ll see this: http://www.phishtank.com/… which really looks like the main page of PayPal. Careless users or users who does not really care about what the address bar displays might log in to the site, effectively giving their username and password to someone else.

During this testing I also found out that my Firefox is able to identify and warn me that the site is a phishing site:

Firefox Phishing Detection. Bravo!

I am trying to inform the JAKIM about this so that necessary actions can be taken. I’ve also contacted NISER. This is indeed an embarassing incident 🙁

Update 09 Oct 2006:

It seems that they have removed the phishing pages. Very good and quick action.

jakim-update.jpg

I’ve received no respond from them or NISER, though.

Sijil Halal AYAM DINDINGS Ditarik

Source:

  1. http://www.muslimconsumer.org/ppim/news.php?extend.78
  2. http://www.halaljakim.gov.my/content_view.php?IDarticle=98

KUALA LUMPUR: Jabatan Kemajuan Islam Malaysia (Jakim) menarik balik sijil pengesahan halal yang diberikan kepada syarikat Dindings Poultry Processing Sdn Bhd berikutan proses penyembelihan ayam di kilangnya meragukan.

Difahamkan antara kesalahan dikesan Jakim iaitu sesetengah ayam disembelih dua kali selepas penyembelihan pertama tidak sempurna dan ada ayam sudah mati sebelum disembelih.

Pengumuman berhubung penarikan balik sijil itu disiarkan dalam laman web Jakim melalui www.halaljakim.gov.my, bertarikh 3 Januari lalu.

Laman web itu yang menjadi rujukan rasmi sijil halal Jakim menjelaskan Sijil Pengesahan Halal Jakim bagi Syarikat Ayam Dindings Poultry Processing Sdn Bhd ditarik balik sehingga diberitahu kelak.

Pengarah Bahagian Kajian Makanan dan Barangan Gunaan Islam Jakim, Che Hassan Fahmi Che Mamat yang dihubungi Harian Metro, petang semalam, mengesahkan mengenai tindakan Jakim itu.

Menurutnya, setiap pemegang sijil halal bertanggungjawab ke atas sebarang penyalahgunaan syarat ditetapkan Jakim.

Continue reading Sijil Halal AYAM DINDINGS Ditarik

Maybank2u.com Charges

I received a forwarded Yahoo! message just now:

“Maybank telah mengenakan cas RM0.50 melalui Internet banking Maybank2u.com bagi setaip penghantaran wang (transfer fund) walhal sebelum ni dia orang tak cas.. mana bleh cam ni.. ini kemungkinan besar pihak dia orang nak kaut keuntungan berlebihan.. nampaknya maybank dah mula menekan customer… forward kat kawan-kawan.. kita hantar memorandum macam dulu..

Translation: “Maybank is charging RM0.50 for transfers via the Internet Banking channel. They didn’t charge before. How can they do this? Most probably they want to get extra revenues… Maybank is starting to press customers… let’s send a memorandum like before…”

I’m not sure whether this claim is true and am too lazy to go check at Maybank2u site. Well, I’m a customer as well and of course I wouldn’t like for prices to be increased or new charges introduced into the system. But thinking of the convenience they have offered, RM0.50 per transfer is little. Unless you live next to a Maybank branch, or you go to the bank riding a bicycle, it will cost you far more than RM0.50 for fuel (plus parking where applicable). Even if you ride a bicycle, your energy would be used.

I won’t complain unless Maybank starts to charge by percentage or more than RM1.00 per transaction. Customer service sucks anyway in most Malaysian institutions, so having to use your PC to do banking is actually a blessing. 😉

Banks are businesses, they look for ways to make more money. Can we blame them?

Keranamu Malaysia

For this special entry of Malaysia’s 48th Independence Anniversary I will be writing in Malay.

malaysia_flag.gif 

Hari ini, tanggal 31 Ogos 2005 Malaysia meraikan ulangtahun kemerdekaan ke-48. Banyak yang telah berlaku sejak hari bersejarah 31 Ogos 1957. Malaysia kini lebih matang dan melangkah pantas ke arah kemajuan.

Sudah tentulah, apa sahaja yang ingin dicapai semestinya datang dengan harga yang tertentu. Malaysian semakin maju, taraf hidup rakyat semakin baik, namun agak sedih apabila mengenangkan semakin banyak keruntuhan akhlak dan moral yang berlaku di sini. Tidak kurang juga, Malaysia yang dahulunya aman damai semakin tercemar dengan kes-kes jenayah yang tidak berhenti-henti. Kes bunuh, ragut, rogol, rasuah, dan sebagainya bagaikan lumrah kehidupan saban hari. Menonton Buletin Utama di TV3 sudah cukup, tidak perlu lagi menonton filem-filem Hollywood.

Saya tidak akan menyentuh langsung perihal politik di sini. Politik adalah amat kompleks bagi saya dan ada di mana-mana sahaja di muka bumi. 

Saya bukanlah seorang tokoh masyarakat ataupun seorang ahli bijak pandai, oleh itu rasanya kurang layak bagi saya untuk memberikan pendapat yang lebih mengenai masalah-masalah negara. Tetapi apa yang nyata, kekal nyata. Hanya dengan menggunakan akal biasa saja kita fikirkan… Malaysia sudah merdeka sejak 48 tahun yang lalu, merdekakah budaya dan akal rakyat kita? 

Keranamu Malaysia… Selamat ulangtahun kemerdekaan ke 48!