Showing posts with label Week 4. Show all posts
Showing posts with label Week 4. Show all posts

How to safeguard our personal and financial data?

Wednesday, February 4, 2009
Nowadays internet becomes a common tool for everyone to connect and communicate each other throughout the world. Most of time, we will rely on computer to save our personal data and using online financial services to do financial transactions such as e-banking in order to safe time. Moreover, when we register to become a member of particular website, we need to fill in some personal information.

The information is including name, date of birth, gender, address, telephone, e-mail address, occupation and interests. “Personal Financial Information” means any record containing a customer of a financial institution, whether in paper, electronic, or in other form, that is handled by behalf of the institution or its affiliates.

When we make the online purchase, the company will record consumer information records such as names, addresses, phone numbers, bank and credit card account numbers and et-cetera. Therefore, do you think the safeguards that you make are sufficient enough to protect your confidential data?

There are some suggestions that for you to safeguard your data:
i. Password protect
Use a strong password or pass-phrase to protect your access data. Do not reveal any personal information or particularly passwords to anyone. After using any of the Financial Data Center or member services, must remember to log out properly before leaving the Financial Data Center.
ii. Install and update antispyware and antivirus programs
Install an antivirus program such as Symantec and Norton antivirus, AVG antivirus or other more in order to protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer . In order for the well protection, you must must sure to keep your virus definitions up to date.

iii. Install a firewall

A firewall is a software program designed to allow good people in and keep bad people out. Most new computers come with firewalls integrated into their operating systems. If you have an older computer or using dial-up, you may need to buy a firewall separately and install it yourself.

iv. Regularly scan your computer for spyware

Spyware or adware hidden in software programs may affect the performance of your computer and give attackers access to your data. Use a legitimate anti-spyware program to scan your computer and remove any of the infected files. Install antispyware and antivirus software. Symantec, Norton and Avg antivirus are popular software use by computer users. Its clean computer and protect personal information, financial data and etc.

v. Avoid accessing financial information in public

Prevent form logging on to check your bank balance when working from a coffee shop that offers wireless access. Although the systems are convenient but we do not know how powerful their firewalls are.

There are also few approaches on how to safeguard our personal and financial data:

If share information with another user or use internet services on a public computer such as school computer lab or Internet cafe, must remember to close the browser window. That is to prevent other users from reading your personal information and mail.

Avoid using passwords that are easy for someone to guess.

Web owner can use access control mechanism which limits actions that can be performed by an authenticated person or group. It determines who can use the network resource and what resource can be used.

Keep your card close. Whether you are out shopping or eating out, watch how clerks handle your card. Then take your receipt with you and never throw it away in a public place.

Pay attention when using an ATM and keep your eyes peeled for anyone who seems a little too interested in your transactions. Use your free hand to shield the keypad when entering your PIN. Besides that, banker can add on fingerprint scanning on ATM machine.

keep credit cards to a minimum. Only keep the ones you actually use and destroy any that you no longer use by shredding them.


All people should cooperate between each other to prevent reveal our own or consumer personal and financial data to others people. So, by preventing it will helps us be more secure when we using internet service or doing others transaction process online.

References:

http://ecommercesite.wordpress.com/2008/06/20/how-to-safeguard-our-personal-and-financial-data/

http://amazingcommerce.wordpress.com/2008/06/18/how-to-safeguard-our-personal-and-financial-data/

The threat of online security: How safe is our data?

The threat of online security

Since internet became more and more important in our life, people rely on computers to create, store and manage information. Consequently, it is important for users to aware that computer security plays a major role in protecting their data from loss, damage, and misuse. Similarly, online security has been online trader’s main concern in protecting their websites from potential threats, such as phishing, security hacking, information theft, virus and worms.

However, the increasingly developed technologies sarcastically increase the risk every computer user faced. Everyone who owns a computer with internet connection is able to equip themselves with ‘hacking’ knowledge by making some research online. Internet provides the opportunities for users to share the knowledge without filtering the content. Therefore, everyone can learn skills that may jeopardize online security via internet and therefore increase the online security.Computer users are facing the threats of cybercrime, phishing, internet and network attacks such as computer viruses, worms and Trojan horses and back doors.

How to Avoid Online Security Threats And Online Frauds

Step1:
Phishing is one of the most damaging online security threats in recent times. Basically it involves an attempt by a fraudster, to extract confidential information from the innocent victim. In most cases the fraudster constructs a clone site that looks very similar to the web page of a bank or other financial institution. The victim is urged to click a link on an email and access the victim's financial account. The web link is actually a clone web page that captures the confidential login information of the victim. Once this happens, the fraudster uses the information to log into the actual financial account of the victim. The funds in the account are then syphoned out by the fraudster. You should never click a link to access your bank account, credit card account or any other financial account. Open up a fresh browser window and type the entire name of the website, this is the safest way.

Step2:
You could receive a fraudulent email telling you that you have won a million dollar (possibly more) lottery prize! Do not fall for this gimmick, the fraudster will tell you how close you are to become a millionaire. In most cases, you will be requested to pay a few thousand dollars for various fees and legal expenses. The truth is that there is actually no lottery and no prize money. Once you part with a few thousand dollars, the fraudster disappears and preys on his next victim.

Step3:
Emails are often received form fraudsters claiming to have free access to millions of dollars. The message goes on to say that all that is required for you to get a hefty share of the money, is to act as an agent in moving the funds. All you need to do is to pay a few ten thousand dollars, your returns could be in the range of five million to 20 million dollars! This is another fraud that you should keep away from, you will never see a single dollar come your way. The fraudsters are based in countries where the legal system operates like a fish market, so no legal recourse will be available to you.

Securing your PC

No matter which method you choose to avoid threat of online security, if it involves your PC, then your PC and your Internet connection should be as secure as you can make them.

Passwords — Protect your PC, your financial files and your Internet connection with passwords. Use different passwords for each and change them often.

Security software — Install good security software such as Norton 360™ or Avira AntiVir Personal™. Keep it turned on and up-to-date. It will protect against spyware and block phishing Web sites that may try to intercept your financial transactions.

Backup — Backup software like Norton™ Save & Restore or included in Norton 360 protect your financial data against system crashes, which could be just as devastating as the theft of your data.

Wireless connection — If you use a wireless connection make sure the wireless router is security enabled. Also, don’t prepare your taxes in a public wireless hot spot.









Phishing: Examples and its prevention methods

What is phishing???
Phishing is a technique in which the attacker using fraudulent e-mail messages that appears to come from legitimate businesses to gain personal information for purposes of identity theft. The email often uses fear tactics in an effort to entice the intended fool recipients into visiting a fraudulent website. The recipient is instructed to login to their account and enter the sensitive financial information such as their bank PIN number, their Social Security number, mother's maiden name, etc. The damage caused by phishing ranges from denial of access to e-mail to substantial financial loss.

Examples of Phishing


eBay phishing scam


Look at the link here. It looks as valid as it could. It is written http://signin.ebay.com, but this written link actually points to a clone of ebay. The Address shows ebay, but Con artist will link you to dupes of legit business websites and scam you. Beware what you click, your browser shows you the link in the left bottom corner if you only point over the link, without clicking it.

Fraudulent e-mails
Phishing e-mail messages and pop-up windows are often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites.
The following is an example of what a phishing scam e-mail message might look like.


Example of a phishing e-mail message, including a deceptive URL address linking to a scam Website.
To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site (1), but it actually takes you to a phony scam site (2) or possibly a pop-up window that looks exactly like the official site.
These copycat sites are also called "spoofed" Web sites. Once you're at one of these spoofed sites, you might unwittingly send personal information to the con artists.

Phishing prevention methods

There are many techniques to combat phishing such as social responses and technical responses.

Social Responses
To combat phishing by training people how to recognize phishing attempts and how to deal with them. Education can be effective way to combat, especially where training provides direct feedback. People avoid phishing attempts slightly modifying their browsing habits. For example, when asking about an account needing to be verified or any other topic used by phishers, it is a sensible precaution to contact the company from which the e-mail apparently originates to check that the e-mail is legitimate.


Technical Responses
There are a few of method to prevent phishing by using technical:
a) Eliminating phishing mail
Recipients can use specialized spam filters to reduce the number of phishing e-mails that reach their inboxes.
b) Browsers altering users to fraudulent websites
Users may list of the known phishing sites and to check websites against the list.


PLEASE familiarize yourself for the examples of phishing scams. Don’t be the next victim!!!!

http://en.wikipedia.org/wiki/Phishing
http://www.bustathief.com/what-is-phishing-ebay-phishing-examples/

The application of 3rd party certification programme in Malaysia

Tuesday, February 3, 2009



Third party is called as certificate authorities (CAs), who issue digital certificate to provide verification that your website does indeed represent your company. One of the application of third party certification programme in Malaysia is MSC Trustgate.com Sdn. Bhd. It is a licensed Certification Authority (CA) operating within the Multimedia Super Corridor (MSC). It is incorporated in 1999 under the Digital Signature Act 1997 (DSA). It offers complete security solutions for individuals, organizations, government, and e-commerce service providers by digital certificates, encryption and decryption.

The objective of MSC Trustgate is to secure the open network communications from both locally and across the ASEAN region. The products and services provided by Trustgate are SSL Certificate, Managed PKI, Personal ID, MyTRUST, MyKAD ID, SSL VPN, Managed Security Services, VeriSign Certified Training and Application Development. The vision of Trustgate is to enable organizations to conduct their business securely over the internet, as much as what they have been enjoying in the physical world.


Digital certificate usually attach to an e-mail message or an embedded program in a web page that verifies that user or website is who they claim to be. The common functions of a digital certificate are user authentication, encryption and digital signatures. User authentication provides other security than using username and password. Its session management is stronger. Encryption can make the data transmission secured by using the information encrypted. The intended recipient of the data is only person to receive the message. Digital signatures are like the hand signature in the digital world. It can ensure the integrity of the data.

Why is the 3rd party certification needed? The reason is there are threats of internet security spreading over the net nowadays. For example, with the increase of phishing on the internet; customers want to make sure that whether they are dealing business with a trusted party. They are afraid of their personal information such as ID number, passwords, credit card numbers and so on, will be sent to those companies which do not exist in this real world. Thus, the certification from 3rd party is needed to ensure their information traveled over the Internet reaches the intended recipients and is safe.

Beside that, those parties are needed because they can provide e-mail protection and validation, secure online shopping carts and more services in order to avoid being spammed, hacked and attacked by the macilious software such as virus, trojan horse and worms.

In conclusion, by using 3rd party application, all the users or customers can have more safeguard to shop online without afraid of their personal information being used by other people in the internet. The confidentiallity of customers towards the internet will also be enhanced and the company can be protected.
The Official Website of MSC Trustgate
Subscribe to: Posts (Atom)