Today I received an email trying to trick me into giving out my Maybank2U login and password over the internet. While this is not the first time that I received a phishing email, I think I should blog about this because most of my readers are not under the group which I shall call “hi tech” hehe. And I’m sure many of you have received or will receive this email soon.

This post is more for those who wants to know how to detect phishing site and also some ways to prevent them. For those “advanced” users, at the end of this post you can learn what you can do to stop this menace.

Ok back to the email, here’s the content :

Subject : Maybank Technical Maintenance

The following are the contents :

Dear Valued Customer,

Due to maintenance during the Sunday 12 November 2006,
The Maybank Technical Department is performing a scheduled software upgrade to improve the quality of the online banking services.
By clicking on the link below you will begin the procedure of the customer details confirmation.

https://www.maybank2u.com.my/mbb/scripts/mbb_update.jsp?do=Update

Once you have updated your account records, your Maybank account service will not be interrupted and will continue as normal.

.. …

Now, for the unsuspecting users, nothing is wrong with the email, the link looks ok. But when you click on it, the site that is actually opens is https://secure.maybank.ws/mbb/scripts/mbb_update.jsp?do=Update.

Notice the domain name? It’s not maybank2u.com.my but instead maybank.ws.

WS is the country extension for Western Samoa. On that page, you will see the following page :

Yes it looks exactly like Maybank2U’s page. Actually, it is the same image taken from the original page. Because of the state of the internet where you can copy almost anything online, imitating pages is too easy.

So please do not give out your password on this page. It’s like giving out your ATM numbers to some strangers.

How do you prevent being phished? Follow these advice :

• Don’t click on any links from any email that says comes from your bank. If you want to check out for any news or information, read the next pointer
• If you want to go to your bank’s website, always select from your bookmark or type in your bank’s address manually in your browser’s address field. If you don’t know the bank’s address, check it out from their brochures. You can also easily search it from google (just make sure you found the correct bank and not a phishing site hehe).
• If the email says that your account is being terminated unless you click on the link, relax. They’re trying to stir up your emotion and force you to click on the link. Just call up your bank instead for confirmation.
• If you think you’ve given up your passwords to some bad websites, call your bank immediately and tell them about it. They can reset your password and protect your account.

How do you know if you’ve been tricked into giving your passwords? Well after trying to login, you will be redirected to the login page again. If you are sure you’ve given the correct password, then the information has been recorded earlier and now they redirected you to the correct website to avoid suspicion.

Well that’s the advice from me today.

Okay so for people who detected any phishing email and website, what can you do?

If you are using Firefox 2, open up the phishing page, click on Help and select “Report Web Forgery”. Soon Google will warn people about this site and kick them out of their index.

Since I received this email under GMail, I opened the email and select “Report Phishing”. Now I feel good :)

Links :

The Star : Beware bank queries scam
Consumer Advice: How to Avoid Phishing Scams
Maybank2U : www.maybank2u.com.my