No Safety Guarantee For Internet-banking?
12th April 2006 (Bernama)
By Muhammad Razlan Rashid Ali and Nurazira Rashid

KUALA LUMPUR, April 12 (Bernama) -- Despite the convenience of conducting on-line monetary transactions via the Internet, Malaysians should be aware that internet banking facilities give them no assurance against scams by unscrupulous individuals.

Director of National ICT and Emergency Response Centre Lt Col Husin Jazri said phishing activities by phishers had grown into a major fraud in Malaysia based on the severity of impacts it had on customers and victimised financial institutions.

"The use of spoofed e-mails and fraudulent websites designed by phishers to manipulate recipients into releasing personal financial information such as credit card numbers, usernames and passwords had resulted in loss of huge amount of money to customers and financial institutions," he told Bernama in an interview.

However, he said the centre did not have any information on the total amount of losses.

Phishing is a computer term for criminal activity using social engineering techniques, characterised by attempts to fraudulently acquire sensitive information such as passwords and credit card details.

He said last year the centre received a total of 149 reports on fraud activities compared to 106 in 2004, with 80 per cent representing phishing activities.

"This shows the activity is already a threat. And we see the trend to continue to be one of the major threats to the Malaysian internet users in the future," he said.

Husin said the activity arose due to the free availability of tools and techniques on the Internet, which can be used to launch the activity, easily and quickly.

"Moreover, many machines around the globe are poorly secured and vulnerable machines and have become a target of phishers that can be used to set up phishing sites," Husin said.

He said last year, the centre observed more local Internet banking becoming targets to phishing activities with the sites hosted on foreign servers.

He said most methods of phishing used some form of technical 'deception' to make a link in an email which appeared to belong to the spoofed organisation.

"Luckily, we managed to communicate with relevant parties to shutdown the phishing sites within a short period of time," he said.

He said NISER also received reports regarding internet scams that promised high returns of money by making customers depositing to the fraudsters accounts but not receiving anything in return.

"We advise users not to deposit or pay any amount of money to another party except to licensed financial institutions. Other than that, just ignore such scams or suspicious emails," he said.

He said users may also verify such emails with Bank Negara Malaysia.

NISER evolved from what was originally the Malaysian Computer Emergency Response Team or MyCert in 1997 by giving assistance to Malaysians in handling ICT security problems such as intrusion, spamming, hacking threat and forgery.

-- BERNAMA