By Raul Bernardino
Introduction:
Nowadays, phishing is becoming
one of the hottest topics that victimize the businesses and customers, who are using
the internet communication as a definite place for marketing and purchasing their
goods and services. Phishing defines as the practices of attracting the internet
users with the fake web sites, whereas looks an authentic email and sites in
order to capture the other information such as a log-in points (users name and
passwords), information about personal financial statements, personal or corporate
credit card information and etc. In other words, phishing is one of the social
engineer models that are used by hackers in order cracking or hacking people
information and then attack the individual or institutional systems. They use emails
as a point of contacts to communicate or to launch the attacks. Sometimes, they
use a pop up links or emails with attractive attachment whereas hoping that the
target victims’ will be clicking one of the traps and victim machine and system
become a back doors, planting an application that can allow crackers to monitor
the victim activities, or it’s just a simple form for the victims to be filled
up with their identity information and send them over to the hackers. For
instance, target group received anonymous links or popped up dialog boxes, where
they are attracting the victims or clients to be clicked or filled up their personal
information or identity and may request for call back, or its simple
applications that planted as a key locker, etc. It is more dangerous computer users
that have high privileges in the system (who has admin right to the machine and
system).
“The
New York State Consumer Protection Board (CPB) spotlighted Phishing scams at
the 2008 Top Consumer Frauds & Complaints Conference held in New York City
today. With these scams affecting both consumers and businesses who continue to
be targeted by fraudsters, the CPB’s Internet/online services complaints - -
including reports about Phishing scams - - were on the Agency’s Top Ten Major
Complaints Listings in every quarter of 2008”, Rausch,
D.S., (Mar.5, 2009). In
this article said that in 2008 the “anti
phishing working group” found in June 2008 is 9,529 fraud cases whereas 47%
increased from previews months in the same year, Rausch, D.S.,
(Mar.5, 2009).
With this information above,
business players and customers have to know some tricks and tips from the cracker
and hacker in order to prevent, to avoid or to protect their own information
and not be shared with the stranger people. The customers have to attend
training and awareness from the experience business player or institution or person
who has dealt with the phishing behaviors. It can be learned from social
networking experts, system analyst, information analyst or system security
experts.
Some tips and tricks for
customer and business player as follows:
a. Use common sense:
·
not share your information
to the stranger;
·
tell to your kids to not
talk to any stranger;
·
confirm the identity of
caller;
·
be aware the unusual people
in your work area; ask them a questions: May I help you?; who are you looking
for?;
b. Keep passwords secure;
·
don’t make easy passwords;
make a combination of letter and number with minimum of 16 characters;
·
it is good to memorize your
complex passwords;
·
not write them down and put
it in your valet or in the sticky notes and hung in front of the monitors;
·
don’t share your password;
·
don’t use same password with
multiple systems;
·
do change password
periodically such as every two to three months;
c.
Keep computers & laptops
and other device secure;
·
always lock your computer
screen whenever you are away or not in front of it or in your working desk;
·
lock your laptop when you
leave for a day;
·
secure your key in the
safety box or safety place;
·
use an updated anti-virus;
·
automate your distribution patches;
·
encrypt your communications
tools
·
maintaining and updating
your data back up and store in the safety place with protection;
·
use bit locker to lock your
hard drive;
·
not ever login your system with
admin rights if it is not really a necessary to use that privileges;
·
use firewalls
·
don’t clicks any hyperlink
that you are not familiar with the sender or the link itself;
d. Keep personal information secure
·
your work identification
number;
·
your driver license
information;
·
your credit card
information;
·
your home phone number;
e.
How crackers get information?
· Use social engineering: art of deceiving people into the revealing
confidential information for example people salary, job titles, vocation
schedule or on mission schedule; phone numbers;
·
Using computers such as scanning phone number by searching modems;
phreaking is taping the phone network and make free long distance calls; and
trash dumps which is using trash to search companies and individual
confidential information;
f.
How hackers get information?
·
Use Trojan horse to attack a personal computer (PC), Laptop, and
other mobile devices; first to scan open ports on the devices that connect to
the public networks and attack from there;
Conclusion:
In any organization
that used Information and Technology (IT) to facilitate their business
operations secure and effectively should have minimum requirement such as IT
steering committee or IT board, IT governance, IT policy and procedures in place
in order to control users that used the system. We do also delivery awareness, tips
and training the users in which to increase their knowledge and skills on how
to protect their identities with strangers.
Additionally, in
Timor-Leste (TL) the Information Communication Technology (ICT) is new tools
for the country. The ICT is still not having a high priority in the government.
There is no information technology law in place yet however, in the Timor-Leste
constitution has clearly stated in “Section 38 the protection of personal data” and “Section 53 the consumer
rights” TL Constitution (2002). In these two
sections Timor-Leste is willing to protect its citizen’s personal data or
information including the privacy. Moreover, it is also protected customer
right to have a goods and services with the quality, it has compliance with
health and safety, and has truth information on it.
References:
- Armstrong, G. and Kotler, P. (2010) Principles of marketing,13th edition, Global edition: Prentice Hall
- Rausch, D.S., NYS Consumer Protection Board Spotlights Phishing Scams at 2009 Top Frauds Conference in Manhattan - Business Brands Targeted by Scammers-, [online]. Available from: http://www.nysconsumer.gov/informing/advisories_and_releases/2009/mar052009.htm (Accessed : 11 July 2011)
- Timor-Leste Constitution [on-line]. Available from: http://www.gov.east-timor.org/constitution/constitution-Timor-Leste.pdf (Accessed: 13 July 2011)
