DontPhishMe an effective plug-in
Fake online banking webpage triggers warning

By JO TIMBUONG
intech@thestar.com.my

PETALING JAYA: CyberSecurity Malaysia has created a web plug-in to help those doing Internet banking recognise phishing baits and avoid getting cheated of their savings.

Once installed on a computer, the plug-in called DontPhishMe will alert both the users and CyberSecurity if the online banking webpage is a fake site.

CyberSecurity response services vice-president Adli Wahid said phishers were getting more sophisticated and re-working their e-mails to escape the standard filters for spam.

"That's why it's important to have DontPhishMe installed so that you get a warning," he said.

The plug-in, he added, was foolproof and would even prevent users from entering their details such as password and username into the decoy webpage even if they chose to ignore the pop-up warning.

"Eventually, these users will either give up or call their bank to report the problem. Hopefully, this is when the bank advises them of their mistake," he said.

The plug-in, he said, would also take note of the phishing site and send the information to CyberSecurity for further analysis. If the site was confirmed to be a fake, the agency would have the phishing site taken down.

Adli said he and his team of four spent about nine months developing the plug-in, which is compatible with the Mozilla Firefox and Google Chrome web browsers.

"Hopefully with more resources, we will be able to release a version for Microsoft's Internet Explorer," Adli said, adding that the plug-in had received positive feedback from users and had even raised the interest of cyber security watchdogs in other countries.

DontPhishMe works with the websites of most Malaysian banks as well as those of international banks.

CyberSecurity has also launched a campaign called CyberSafe to help keep children safe from phishing attempts.

The campaign uses roadshows to help children recognise such scams and how they can protect their personal details online.

Malaysian Communications and Multimedia Commission said there had been a 147% increase in the number of phishing incidents from last year despite such cases being highlighted in the media.

According to the police, Malaysians lost RM4mil through phishing within the first three months of this year.

There were 457 cases recorded in the first quarter of the year, compared with 353 reported for the whole of last year where the victims lost a total of RM1.2mil. In 2009, only 75 cases were reported with total losses of RM215,000.

Police recorded between 15 and 17 cases per day at the height of the scam.