[SECURITY ALERT] - Fake Site

[zolympus]

KES: Fake Yahoo Site

Terdapat banyak fake site dan ada antara kita yang telah tertipu seperti yang terjadi kepada beberapa rakan kita. Fake site, adalah sebahagian daripada perancangan awal yang dimulai dengan phishing.

Apa itu phishing? Phishing, mengikut wikipedia ialah

In computing, phishing is the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message). It is a form of social engineering attack.

Dalam ayat yang lebih difahami, phising dalam maksud pengkomputeran ialah aktiviti penyamaran yang dilakukan oleh sesetengah pihak yang mengaku datang dari pihak-pihak yang boleh dipercayai dengan maksud untuk mendapatkan maklumat sensitif seperti password dan butir-butir kad kredit.

Contoh laman web phishing ialah seperti di bawah.

LAMAN DI BAWAH IALAH LAMAN PHISHING SEBENAR. JANGAN SEKALI-KALI MELETAKKAN USERNAME DAN PASSWORD ANDA.

hxxp://www.geocities.com/ooopsss_1525/

Sekali pandang, memang sama. Tetapi, bila klik kanan, akan keluar pop-up notification.

Bila tengok kod sumber, terpapar bagaimana ia dilakukan. Untuk mengelakkan daripada ia disalah guna, aku cuma beritahu kesannya.

Username dan password anda akan dihantar ke email ini:

[email protected] <- phisher @ scammer @ penipu

Untuk itu, berhati-hati ketika memasukkan username dan password anda. Pastikan, anda melihat adress bar di atas pelayar Internet anda sebelum memasukkan username dan password. Seelok-eloknya, JANGAN login langsung dari email/YM/MSN tetapi dari alamat yang anda telah bookmark terlebih dahulu.

[img:500:410:6066b7f3c2]http://static.flickr.com/68/198126637_75199efb6a.jpg[/img:6066b7f3c2]

 

[gooddjinn]

Uwaaduh.. Aku dah dapat YM tadik.. Adoi.. seb baik aku try login gune email bini aku.. Perghh..

Thx Zoe..



ADMIN EDIT: Quote kepada posting di atas telah dibuang.

 

[acid_burng]

ni la punca YM id aku kena hack

 

[pokleh]

yo...ada gak orang YM aku link nih

kiranya aku bernasib baik tidak terkena dengan jerat nih
:roll:

 

[lazman]

huhu..bahayanya..abis yg kt adress bar tu yahoo gak ker?

 

[cikguonline]

yahoo pun ada jugak.... bahaya ni....

 

[zolympus]

huhu..bahayanya..abis yg kt adress bar tu yahoo gak ker?

Kat adress bar tu Geocities, Yahoo punya division untuk siapa-siapa pun boleh host laman web dengan percuma. Jadi, orang tu nak menipu dengan letak kat Geocities. Email adress kita ke Yahoo! Mail (http://mail.yahoo.com) dan bukan ke adress lain.

Be advised !

 

[azlann1981]

Thank's zolympus sebab bagi info

 

[the_vangardx]

Lately, have you been receiving emails from local banks informing you that your account has been suspended and in order to re-activate your account, you are required to click on a link provided in the email. Hence you are directed to a page where you can enter your login id and password so that you can use back your account again?

Quote:
In computing, phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well[1]. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, and technical measures.

The first recorded mention of phishing is on the alt.online-service.america-online Usenet newsgroup on January 2, 1996,[2] although the term may have appeared even earlier in the print edition of the hacker magazine 2600.[3] The term phishing is a variant of fishing[4], probably influenced by phreaking,[5][6] and alludes to the use of increasingly sophisticated lures to "fish" for users' financial information and passwords. The word may also be linked to leetspeak, in which ph is a common substitution for f.[7] The popular theory that it is a portmanteau of password harvesting[8] is an example of folk etymology. The name may also come from the popular rock group Phish.


Countless of times, people fell into this kind of attack which is also known as Phishing Attack. And how do you prevent yourself from being a victim? There is a toolbar for Internet Explorer and Mozilla Firefox where it will protect you from malicious phishing sites. It is called GRID Authenticator Toolbar

So far, GRID Authenticator toolbar only verify local banks. You can try out it's protection on phishing sites by clicking Maybank2u Phishing site How GRID Authenticator works for you is that when you enter a verified local bank, a GREEN frame will appear around your browser. This indicates that the website is a genuine one instead of a phishing site.

In the event that you received any mails from your so called "Bank", do visit GRID Center and report the phishing site. They will verify the url.

Let's make our local banking scene a safe place to go.

Source :-
Google / Wikipedia : http://en.wikipedia.org/wiki/Phishing
GRID Authenticator Toolbar : http://www.jaring.my/gridauthenticator/?cont=how_to
Maybank2u Phishing Site : http://www.mshack.net/
GRID Center : https://www.elockgrid.com/gridcenter/blacklist.htm

Thanks vangardx

 

[cariemas]

Aku ader lah..pernah terima link.. tapi kes paling aku ingat ialah keylogger/ trojan dumping.

Ni gara gara pakai Outlook Express. OE punya DLL akan process email walaupun dlm mode preview email tuh. Bila dah preview email "durjana" tuh, terus aku tgk sistem jadi tak tentu hala.

check punya check
1. Trojan dumping
2. Keylogger ( siap log txt)

Marah tak terkata :evil: :evil: :evil:

Nasihat aku buka email dari yg kita kenal shj.. dan matikan "open attachment automatically".
Semoga kita saling ingat-mengingati hacker threat nih.
:!: