PhishTank .....all the Phish go to the Tank

Introducing a new website PhishTank which is a collaborative clearing house for data and information about phishing on the Internet. It also provides an open API for developers and researchers to integrate anti-phishing data into their applications at no charge.

You can submit the suspected phishing links as well as verify these links in the database too.

If you receive any email or link, well this is the service that you can use to verify it before you continue with the transaction.

Besides, there are also latest news on phishing in this website.

I like their theme - Out of the Net, Into the Tank!

Visit PhishTank at www.phishtank.com

Internet Banking scam in Malaysia: 13 youth nabbed

There are multiple news reports available in TheStar, NST and TheSun on this story today.

This is related to e-commerce security and crime - Lecture 4.

Key points from these stories:

• Phishing
• 26 people were conned with RM36,000 from a single bank.
• 13 suspects, between 18 and 25, have been described as computer experts with several hackers among them.
• Four of the suspects were college and university students.

For more reading, this is from NST:

A group of computer-savvy youth was nabbed recently after scoring a first of sorts for phishing.

Phishing uses email and fake websites to lure Internet users into providing their personal banking details, which are then used to steal from their accounts.

This group of 13 is believed to have conned at least 26 people by using their particulars to steal more than RM36,000 from their accounts in two weeks.

All 26 victims had accounts in one particular local bank and it was the bank that notified police of the fraudulent transfers.

Following the report, police monitored several homes and cybercafes in three states.

After two weeks of checks, they nabbed 13 suspects, including a woman, in Kelantan, Selangor and here.

The suspects, between 18 and 25, have been described as computer experts with several hackers among them.

Commercial Crime Department assistant director ACP Ismail Yatim said four of the suspects were college and university students.

"The 13 are skilled in different areas and they joined forces to steal confidential data from unsuspecting victims.

"The losses reported may have been bigger if the bank had not been alert in detecting the fraudulent transfers."

Police believe this may only be the tip of the iceberg as more reports were expected.

It was learnt that several of the suspects had the ability to hack into the computer systems of leading firms in the city. Checks revealed that the group used a foreign server and police were trying to ascertain if they had international connections.

The group preyed on those who used Internet banking, sending account holders emails asking them to update their accounts.

In that same email, links would be available for the victims to click on and a new web page would open revealing a web site similar to the bank’s internet login site.

The unsuspecting victims would login, unknowingly giving their usernames and passwords, which would be sent to a decoy website set up by the group.

Using the confidential information, the group would access the victims’ accounts and transfer funds to another account before it is withdrawn.

"We believe there are still groups out there actively involved in such scams," Ismail said.

He urged account holders to check with their banks upon receiving notifications to update their accounts.

Meanwhile, four people were cheated by a group, which sent them text messages claiming they had won cash prizes and obtained their bank account details.

They then made online withdrawals totalling RM7,000.

The group had imitated a similar group of scam artists, who had cheated 36 fans of the reality show Akademi Fantasia.

The victims were told to call a phone number and asked to reveal their Internet banking account details, including their pin number, on the pretext of depositing their winnings.

The victims’ accounts were then cleaned out.

Police have so far received four reports — three from Kuala Lumpur and another from Sabah.

E-Commerce Credit Card Fraud

An interesting case study on e-commerce credit card fraud in US.

According to Celent Communications, an international consultancy group, the United States alone faces US$3.2 billion of online credit card fraud by 2007.

Results from various surveys and reports were discussed such as:

• nine out of ten Americans want their banks to monitor their online accounts for suspicious behavior
• 79 percent surveyed said they were less likely to respond to e-mail from their bank because of worry over phishing scams

Company: US Digital Media
Problem: US Digital Media lost upwards of $200,000 due to e-commerce credit card fraud
Solution: Automated Fraud Prevention

Full story is here.

Are your credit card safe?

A news report from BBC News website - Up to 40 million of credit cards 'hacked'.

Related to the security on one of the e-payment methods (Lecture 4 & 5) - one of the security concern of credit card where the information database was hacked into or data being stolen.

MasterCard nets 1,400 phishing sites last year

The Star today reported MasterCard International said it has successfully shut down nearly 1,400 global phishing websites – 300 operating from Asia Pacific – last year through its Operation Stop IT (Identity Theft) campaign.

The credit card giant said its success was due to the effective monitoring of phishing activities discovered on the Internet and swift counteraction by Internet service providers (ISPs) and law enforcement agencies.

More story on phishing

Click on the following link: Spyware, phishing masih terkawal

Phishing......How to pronounce this?

Hey, I found this new word in the newspaper and I wonder what does it mean. (Star In.Tech, 24th May 2005, page 3 - Phishers targeting local Internet banking users)

Personally, I did received such e-mail just a few days ago and after reading it, I sent it to my e-mail's trash can.

DEFINITION: Phishing is a technique used to gain personal information for purposes of identity theft, using fraudulent e-mail messages that appear to come from legitimate businesses. These authentic-looking messages are designed to fool recipients into divulging personal data such as account numbers and passwords, credit card numbers and Social Security numbers.

For more information on phishing, click the following links: ComputerWorld and Webopedia

We can discuss more on this topic in the forthcoming Lecture 4.