Tuesday, November 11, 2008

Maybank2u Phishing!

Menurut wikipedia, phishing bermaksud perbuatan jenayah dengan cara percubaan membuat penipuan/penyamaran bagi tujuan mendapatkan maklumat sulit contohnya username, password dan maklumat kad kredit secara online. Lebih kurang macam memancinglah, tetapi memancing maklumat peribadi dari seseorang yang membuat transaksi online.

Pada 30 Oktober baru-baru ini, saya mendapat email seperti di bawah:

********************************************************************

Title :
E-Service Server Upgrade
Maybank Group [upgrade@maybank2u.com.my]
This message was sent with high importance.

Dear Maybank customers,

As you know we have been trying to fight phishing attacks targeted at Maybank Account holders, We will not stop until we are sure that your online banking information are secure.

Everyday we try to upgrade and migrate our online banking server to make sure that your online banking details are protected. We urge you to assist us in ensuring the safety of your Online banking information by adhering to the security measures we are taking.

We implore you to make sure that your online banking details are always registered with us for as we continue this security measures by upgrading our online banking server. We are concerned about the protection of your online banking details and committed to giving you a more improved internet banking services as we have your happiness and interest at heart. Failure to adhere to this security warning will be at your own risk as we wont be held responsible for any loss.

Please Follow the link below to upgrade with us;

http://www.maybank2u.com.my/online-banking-upgrade

Security Management

Maybank Group

*******************************************************************

Kalau kita baca, mungkin ada betulnya kan? Tetapi yang menjadi masalahnya ialah apabila saya klik sahaja link di atas (address yang berwarna merah), maka address di bawah ini pula yang dibuka :

http://www.xtslradio.com/images/www.maybank2u.com.my/
Maybank-Online.html

Anda boleh nampak tak sekarang bagaimana phishing dibuat? walaupun paparannya sama seperti maybank2u yang biasa kita lihat, tetapi domain addressnya ialah www.xtslradio.com!!!
Kalau saya masukkan login dan password pada link yang baru dibuka ini, emmm.. anda bayangkanlah sendiri akibatnya...

Nasihat saya - pastikan domain address yang betul sebelum membuat sesuatu transaksi online...