Thursday, June 19, 2008

An example of phishing case and its prevention

i A new spoofed Citibank spam email is doing the rounds in an attempt to part unwitting victims from their credit card details, PIN number and email account details.Citibank has warned customers about a spam email scam that informed recipients their Citibank account would be suspended unless they accepted new terms and conditions. A link in the email directed them to a fake, but convincing, Citibank website that requested the customer's name and bank card details.Citibank took the unusual step of issuing a statement to all its customers saying: "Although the e-mail appears to come from Citibank regarding 'Your Checking Account at Citibank,' it does not, and Citibank is in no way involved in the distribution of this e-mail." But one silicon.com reader, Remo Cornali from Italy, has forwarded on a new fraudulent Citibank scam, which has begun to spread over the weekend.



It uses a new twist on the traditional 'phishing' technique of spamming thousands of users with a scam email that links people to a fake banking website to steal their personal and financial details. Instead, it says the person has received a payment of $217 via Citibank's online wire service, citi.com. One giveaway that all might not be as it seems, however, is the appalling spelling and grammar.In the email, it state that "Your email is not registred with us, you need to setup account with us and verify your identity. Please fill this form to be enrolled to citi.com service. Once you register, the money will appear in your citi's account balance in your overview page. You can withraw the outstanding balance to your credit or debt card's bank account."



As ever, there is a twist, and anyone foolish enough to enter their details can probably expect their card to cleaned out fairly swiftly and their email account used for further scams. Cornali said the server set up to collect the financial details is in South Korea.For the phshing case, the Citibank has been loss the trusthworthy and confident of the customer.Futhermore, the customer feel unsecure to save their money in the Citibank.


For the prevention, we have to verifying the authenticity and security of wed site, not shooping online while using an unencrypted or open wireless network, reviewing credit card and financial statement for unauthorised charges, securing computers before shopping online by keeping antivirus, antispam and firewall software up-to-date, never replying to-email or pop-up meassage from companies that ask for personal, financial or passward information.Last but not least,never follow ing direction asking you to reveal information or delete a fole that is received in e-mail or pop-up meassage from seeming trusted companies.

4 comments:

jieyii said...

Wau, it mean that is important not to show and tell any personal detail to others especially throught internet.
But how we will know whether the bank had actually request on any detail from us?

inn hong said...

ohhh,if you receive such a things, u can direclty make a call or go to the nearest bank to make confirmation with them.so it can prevent out personal can be expose .

Anonymous said...

We can’t deny that there are many computer experts out there who like to use various ways to do some unauthorized matters. Are the preventions that you mentioned above really can help to prevent others from doing unauthorized matters?

inn hong said...

yes, because of the computer experts, we have to aware of this. so the prevention which i mention that can be narrow down the risk being steal our personal data. But cannot fully eliminate.