PHISHERS AND SCAMMERS GET­TING SO­PHIS­TI­CATED

In­creased broad­band pen­e­tra­tion in the coun­try means the pool of po­ten­tial vic­tims for on­line crooks also grows

New Straits Times - - Opinion - hidirre­d­uan@nst.com.my The writer is NST Pa­hang staff cor­re­spon­dent. He seeks plea­sure in con­tem­pla­tive pur­suits like view­ing thought-pro­vok­ing doc­u­men­taries and read­ing

PHISHING. It brings to mind images of shadow-cloaked per­sonas hunched over their key­boards as they ne­far­i­ously send out in­nocu­ous-look­ing emails to their tar­gets scat­tered in the global in­for­ma­tion su­per­high­way.

Sim­i­lar in sound to the word “fish­ing”, which in­volves lures to hook fish, phishing is a fraud­u­lent act of send­ing emails pur­port­ing to be from rep­utable sources to in­duce in­di­vid­u­als to re­veal per­sonal in­for­ma­tion.

I had a first-hand en­counter with a rather so­phis­ti­cated form of phishing that showed the per­pe­tra­tors’ eerie abil­ity to utilise per­sonal in­for­ma­tion of their in­tended tar­gets.

Early this week, I was wo­ken in the wee hours and saw on my smart­phone screen an email pur­port­edly from some­one with the hu­man re­sources de­part­ment of the com­pany I work for.

Per­haps due to the fuzzy state of my mind, I did not won­der why some­one from the de­part­ment would want me to sign a pur­chase agree­ment for an un­spec­i­fied item.

I also did not won­der why the per­son would say “Thank­ing you” to end the pro­fes­sion­al­look­ing busi­ness email.

I also did not re­alise that the email was from an email ac­count of some­one whom I not only knew from the com­pany, but was from a dif­fer­ent de­part­ment.

The email was brief and to the point, even stat­ing that the sender is some­one pur­port­edly from the pay­roll sec­tion of the hu­man re­sources de­part­ment, com­plete with the full ad­dress of the com­pany’s head­quar­ters.

Luck­ily, due to the na­ture of the An­droid op­er­at­ing sys­tem on my smart­phone, the at­tach­ment in the email did not open when I tapped on it.

Later, when I clicked on the at­tach­ment on a desk­top com­puter, the screen showed a small pop-up win­dow set against a fuzzy back­ground of an of­fi­cial­look­ing doc­u­ment. It asked for my user­name, pass­word and even phone num­ber.

By this point, alarm bells were ring­ing in my head. I closed the win­dow and called the HR de­part­ment, and a staff con­firmed that the per­son named in the phishing email was not at­tached to the de­part­ment.

Thank­fully, the per­son whose email ac­count was hacked for the phishing at­tempt had suc­ceeded in wrest­ing back con­trol of his ac­count from the phisher. On my part, I deleted the email and changed my pass­word for good mea­sure.

How­ever, this was an eye-opener in the on­go­ing bat­tle against spam­mers, phishers and all on­line crooks.

Phishers and spam­mers are a no­to­ri­ously tena­cious bunch who can send out more than 150 mil­lion emails a day just to profit by fleec­ing a rel­a­tively small num­ber of peo­ple.

In Au­gust 2012, the Sy­man­tec Se­cu­rity Tech­nol­ogy and Re­sponse Group re­leased its find­ings that re­vealed cy­ber­crim­i­nals sent out 156 mil­lion spam emails daily to hood­wink 80,000 vic­tims for profit.

The find­ings re­vealed that de­spite the fact that a ma­jor­ity of the spam emails were in­ter­cepted by spam fil­ters, around 16 mil­lion make it into in­boxes, with eight mil­lion opened by vic­tims.

Out of the eight mil­lion, 800,000 links in the emails are clicked, with 80,000 peo­ple un­for­tu­nately shar­ing their per­sonal in­for­ma­tion and end­ing up los­ing money.

These num­bers are wor­ry­ing. On­line por­tal www.worl­dome­ters.info puts the pop­u­la­tion of Malaysia at 31,053,648 as at March 27. That num­ber is a drop in the ocean com­pared with the 156 mil­lion spam emails that scammers send out daily.

The risks are fur­ther height­ened when, dur­ing the re­cent Dewan Rakyat sit­ting, the Malaysian Com­mu­ni­ca­tion and Mul­ti­me­dia Com­mis­sion (MCMC), in a writ­ten re­ply, said broad­band pen­e­tra­tion in the coun­try was at 77.9 per cent, and was tar­geted to reach 95 per cent by 2020.

While it is good that Malaysians are us­ing more in­for­ma­tion tech­nol­ogy, it also in­creases the pool of po­ten­tial vic­tims for spam­mers and phishers who ex­ploit the grow­ing num­ber of In­ter­net­con­nected smart­phones, lap­tops and desk­tops.

The grav­ity of the prob­lem is made more ob­vi­ous when MCMC in­formed mem­bers of par­lia­ment dur­ing the same sit­ting that the com­mis­sion had blocked 10,962 phishing web­sites from 2008 to Jan­uary.

How­ever, there is aware­ness on the im­por­tance of check­ing the au­then­tic­ity of emails and hav­ing an anti-virus soft­ware to fil­ter spam, as can be seen through the cus­tomers who buy such pro­grammes in Kuantan.

One IT shop owner, who has been run­ning his busi­ness for 20 years, said his cus­tomers usu­ally bought anti-virus soft­ware, and if they bought new com­put­ers, they wanted him to en­sure that an­tiphish­ing pro­grammes were in­stalled.

As a pop­u­lar char­ac­ter from the tele­vi­sion se­ries CSI: Mi­ami would say: “Trust, but ver­ify.” Words to live by, whether on­line or off-the-grid.

In Au­gust 2012, the Sy­man­tec Se­cu­rity Tech­nol­ogy and Re­sponse Group re­leased its find­ings that re­vealed cy­ber­crim­i­nals sent out 156 mil­lion spam emails daily to hood­wink 80,000 vic­tims for profit.

NYT PIC

Phishing is a fraud­u­lent act of

send­ing emails pur­port­ing to be

from rep­utable sources to in­duce

in­di­vid­u­als to re­veal per­sonal in­for­ma­tion.

Newspapers in English

Newspapers from Malaysia

© PressReader. All rights reserved.