Today I received an email trying to trick me into giving out my Maybank2U login and password over the internet. While this is not the first time that I received a phishing email, I think I should blog about this because most of my readers are not under the group which I shall call “hi tech” hehe. And I’m sure many of you have received or will receive this email soon.
This post is more for those who wants to know how to detect phishing site and also some ways to prevent them. For those “advanced” users, at the end of this post you can learn what you can do to stop this menace.
Ok back to the email, here’s the content :
Subject : Maybank Technical Maintenance
The following are the contents :
Dear Valued Customer,
Due to maintenance during the Sunday 12 November 2006,
The Maybank Technical Department is performing a scheduled software upgrade to improve the quality of the online banking services.
By clicking on the link below you will begin the procedure of the customer details confirmation.
Once you have updated your account records, your Maybank account service will not be interrupted and will continue as normal.
Now, for the unsuspecting users, nothing is wrong with the email, the link looks ok. But when you click on it, the site that is actually opens is https://secure.maybank.ws/mbb/scripts/mbb_update.jsp?do=Update.
Notice the domain name? It’s not maybank2u.com.my but instead maybank.ws.
WS is the country extension for Western Samoa. On that page, you will see the following page :
Yes it looks exactly like Maybank2U’s page. Actually, it is the same image taken from the original page. Because of the state of the internet where you can copy almost anything online, imitating pages is too easy.
So please do not give out your password on this page. It’s like giving out your ATM numbers to some strangers.
How do you prevent being phished? Follow these advice :
How do you know if you’ve been tricked into giving your passwords? Well after trying to login, you will be redirected to the login page again. If you are sure you’ve given the correct password, then the information has been recorded earlier and now they redirected you to the correct website to avoid suspicion.
Well that’s the advice from me today.
Okay so for people who detected any phishing email and website, what can you do?
If you are using Firefox 2, open up the phishing page, click on Help and select “Report Web Forgery”. Soon Google will warn people about this site and kick them out of their index.
Since I received this email under GMail, I opened the email and select “Report Phishing”. Now I feel good :)
Click Here For Non-FB Comment
© 2005-2015 mrBadak.com