Today’s cybercriminals are not only more sophisticated, they’re more devious than ever before. Find out how they can steal every single sen you own in one fell swoop with a phishing attack.

Like many Malaysians, John (not his real name) is used to e-banking to pay his bills. After all, it’s a whole lot easier than having to queue for hours. One fine day, he gets an e-mail that tells him he needs to reset his bank password or he may lose access to his account. Looking exactly like his bank’s website, he clicks the provided links and inputs his personal details to reset his password. A few hours later when he attempts to pay his bills, horror of horrors, his account was wiped clean of money. Welcome to the blight of modern day e-commerce  – phishing attacks. 

For the uninitiated, phishing refers to an attempt by someone to divulge your personal details like your credit card number, passwords or whatnot so that they can access your bank account or credit card, swipe everything you own or rack up a huge bill at your expense. 

Some phishing attempts are sophisticated, with criminals building facsimiles of actual banking websites in the hope you’ll login (the ‘bait’ so to speak) and then reveal your passwords to them (effectively ‘fishing’ for user data). Others are confidence scams conducted on the phone threatening legal action unless you transfer your funds to a holding account or some such trickery. to avoid being the next victim of a phishing attack, follow these six crucial steps and stay up to date on the latest developments by following the MCMC’s official website at as well as the Malaysian Computer Emergency Response team (MyCert) at www. Be safe, be vigilant!

  1. You’re who again?

Never reveal personal details or passwords to anyone via e-mail or the phone regardless of who they claim to be. A legitimate financial institution will never ask for these details.

  1. You’re from where, again?

Scrutinise e-mails carefully. If it says that you need to update your account details, has odd grammar or asks you to download files: beware. It’s possibly a phishing attempt and those files can infect you with a virus or worse.

  1. When In Doubt…Don’t

If you are uncertain of a website in an e-mail, open up a separate browser and type it in manually.  Phishers can spoof a website and the link, making it look legitimate when you click on it.

  1. Is this secure?

Scrutinise the letters, hyphens or dots of a website address. It may entirely lead somewhere else. Also ensure that the website in question is secure with a https and not just http in the address bar with a visible padlock icon.

  1. Don’t Call Us, We’ll Call You

If you are in doubt about an e-mail, call the phone number of the institution in question from another verified source, not from the e-mail you got it from. the word: do your own background check.

  1. Review Your Details Regularly

Check your credit card and bank statements regularly and carefully for any discrepancies. If you encounter oddities like transactions you didn’t conduct, make a report to your bank immediately and change your passwords.

Source : SHOUT Q4 2014, #CFMarticle #CFMmalaysia  #CFMshout #socialmedialife