Thursday, June 19, 2008

Phishing: Examples and its prevention methods.

Have you ever been "phishing"? No, not fishing like in the sea, but "phishing". Phishing is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

Despite advice and alerts from authorities and the media, unsuspecting online consumers are still taking the bait set by scamsters to steal their identity - largely credit card information, user IDs and passwords to online banking accounts.Well known and trustworthy web sites including eBay, Yahoo, Paypal, Best Buy, online bank are often spoofed by phishers to get the victim.

The example of phishing is online bank, Maybank has also been disguise by the phishers to get the important information from the victim. The first part involves sending an e-mail claiming to be from a bank asking recipients to re-register or update their accounts by clicking on a URL link in the e-mail. When recipients click on the link, they are routed to a fake web site that looks similar to the original bank website.

The target victim only sees the bank's Internet address or domain name and not the real site address. This has to do with the way an unpatched (not updated) browser misinterprets special characters hidden in the URL link. Future attacks may involve web pages with the specially encoded URL instead of e-mail.

The methods and safeguards that can be use to avoid be a victim to phishing would be:
  1. Don't click on links in unsolicited e-mails, especially those asking for your personal information.

  2. Ensure you are in the correct site by checking the URL (i.e. http://www.maybank2u.com.my/).

  3. Keep the URL in your "Favorites" or bookmark the web page to reduce the chance of making mistakes.

  4. Change your password regularly when you felt that your password was compromised.

  5. Look for ‘lock’ icon in the browser’s status bar before submitting financial information through the website, which indicates the security of the information transferred through the Internet.

The threat of online security: How safe is our data?

Technology is a wonderful thing. We can create documents, edit images, create music files, and do just about anything we like with a computer. The advancements in technology grow at an alarming rate, and each week we see new things that we ever were possible before. Most security threats are made by attackers using a relatively small number of vulnerabilities. A hacker who threatens your organisation's information assets is taking advantage of vulnerabilities in the media and systems which handle them. Vulnerabilities and threats clearly go hand-in-hand: each threat is directed at a vulnerability.

The major of online security threat are fall under several general categories:

(1) Accidental actions which again can come from the same two groups: those inside and those outside an organisation. Examples might be an employee accidentally deleting an important file and a family member spilling coffee on the keyboard of a computer.

(2) Malicious attacks is becoming more sophisticated and targeted. Attackers are using increasingly deceptive social engineering techniques to entice users to seemingly legitimate web pages that are actually infected and/or compromised with malware such as computer viruses, denial of service attacks and distributed denial of service attacks. Viruses are small and malicious computer programs that are try to infect our computers, spreading it from one computer to another computer. In some cases, it is attach to emails. An infected computer can send out tens of thousands of emails, each carrying the virus. And, it will use our email address book to find new people to attack.

(3) Online fraud such as identity theft and data theft. Identity theft is a term used to refer to fraud that involves stealing money or getting other benefits by pretending to be someone else. The term is relatively new and is actually a misnomer, since it is not inherently possible to steal an identity, only to use it. The person whose identity is used can suffer various consequences when they are held responsible for the perpetrator's actions. Data theft is a growing problem primarily perpetrated by office workers with access to technology such as desktop computers and hand-held devices capable of storing digital information such as flash drives, iPods and even digital cameras. Since employees often spend a considerable amount of time developing contacts and confidential and copyrighted information for the company they work for they often feel they have some right to the information and are inclined to copy and/or delete part of it when they leave the company, or misuse it while they are still in employment.

Wednesday, June 18, 2008

How to safeguard our personal and financial data?


Personal data means the data which relate to a living individual who can identified and could be their name, address, medical details or banking details. How do we safeguard our personal and financial data? The following tips will help us to safeguard our personal and financial data.

First, we may use and maintain anti-virus software, a firewall, and anti-spyware software - Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave our vulnerable by using anti-virus software and a firewall. We should make sure to keep your virus definitions up to date. Spyware or adware hidden in software programs may also give attackers access to your data, so use a legitimate anti-spyware program to scan your computer and remove any of these files.

Second, we must carry as a little information as possible. The more our lug around with you, the easier you make it for an opportunist to assume your identity. So try to limit the contents of your wallet to the bare necessities: one credit card, an ATM card and a driver's license. Whatever you do: Don't walk around with your Social Security card, birth certificate or passport unless it's absolutely necessary.

Third, do not reuse passwords. As tempting as it may be to reuse passwords, it is a really good practice to use a different password for every account we access online. This way, if someone does find out what our password is for one credit card, they won’t also be able to access our checking, brokerage and email accounts. It may take a little more organization to use different passwords for each site, but it can help marginalize the effects of unauthorized access to your accounts.

Fourth, we must always remember to turn off our computer
when it is not in used so it can reduce the chance for virus to access to the computer. Try to avoid using the public computers to conducting financial or other personal business in the public wireless network because the web page may be unsecured. Proceed to the transaction only when you have recognized the certificate for that particular website. Run antivirus software or run two antispyware programs because it is better to prevent virus access to the computer than cure it when it is discovered. In order to safeguard your personal information, always remember that never reply any e-mail which are request your passwords, user name or other important personal information.

Sunday, June 15, 2008

Discuss how E-commerce can reduce cycle time, improve employees' empowerment and facilitate customer support....

There are several benefits that we can enjoy with the implementation of the e-commerce system. First, the reduction of cycle time of daily business transactions. Cycle time begins from order placing from customer till the shipment that is arrived at the destination. Longer cycle time increases cost of the company as well as the time required to finish a business transaction. With the implementation of e-commerce, orders from customer are automatically processed by system whenever customers place orders. the system operates 7 days a week and it is more efficient than brick-and-mortal business. The company which implements e-commerce system is receiving order 7 days a week while the other competitors without e-commerce receive orders at the working hours only.

Besides that, empowerment will be given to those who can operate the system. Expertises will be employed and given power to make decision because they possess most knowledges in this field. So, there is a decentralization because the higher management may not have such knowledge. Productivity will increase because empowerment is given to them to make decision and they will gain job satisfaction.

Customer support is important as it ensures customers' satisfaction. E-commerce system can provide a detailed description about the products of the company so that misunderstanding about the product is reduced.
Besides that, Frequently Ask Question (FAQ) function is provided to customer to solve their problems about the system. E-commerce system also enables customers to complaint their dissatisfaction to the customer service department. It is more important that more effort is focused on the customer support to ensure customers' satisfaction instead of profit earned from the business because it is a long-term benefit.