Threats of Online Security: How Safe is Our Data?

Internet has become a critical infrastructure between one another. As we know, online is a common activity nowadays. It is useful, but do all of us know how safe actually we are using this facility? Today, we need to worry about security for our personal computer in a whole different way. Spyware, adware, viruses and trojans are lurking online, waiting to infect our computer.
Here is a list of some security threats that we should be aware of, for preventing any such attacks to our PC.


Identity Theft
Identity theft is a crime used to refer to fraud that involves someone pretending to be someone else in order to steal money or get other benefits. The term is relatively new and is actually a misnomer, since it is not inherently possible to steal an identity, only to use it. The person whose identity is used can suffer various consequences when he or she is held responsible for the perpetrator's actions. In many countries specific laws make it a crime to use another person's identity for personal gain.


Phishing
In the field of computer security, Phishing is a criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT Administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging,[1] and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.


Social Engineering
Social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and the act of obtaining or attempting to obtain otherwise secure data by conning an individual into revealing secure information. For example, a person using social engineering to break into a computer network would try to gain the trust of someone who is authorized to access the network in order to get them to disclose information that compromises the network's security.


Hacker Attack
Hacker is a computer program that tries to break into others’ computer systems and specialized in the discovery of exploits in systems or prevented unauthorized access to systems. Using public shared computers to carry out bank transactions can be easily become a victim of hacker. Past few years, hackers have worked together with organized crime to harvest the valuable data exposed on the Internet.


Spam Mail
E-mail spam, also known as junk e-mail, is a type of spam that involves sending identical or nearly identical messages to thousands (or millions) of recipients. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. E-mail spam has steadily, even exponentially grown since the early 1990s to several billion messages a day. Spam has frustrated, confused, and annoyed e-mail users. Most of the time, E-mail addresses are collected from chatrooms, websites, newsgroups, and viruses which harvest users' address books, and are sold to other spammers. Much of spam is sent to invalid e-mail addresses.

Followings are some of the brief advices that may prevent users from online security threat:

• Don't give away any valuable or sensitive personal information on internet or within messages to other members of the network.

• Use one of the many antivirus, antispyware, and firewall programs on the market.

• Pay attention to the messages from Windows that pop up on your screen, which often contain helpful security information that many users overlook.

• Turn on Windows' automatic-update function to get Microsoft's regular security patches.

Let's keep our mind clear to be alert to those online threat and not to be the next victim!

The application of 3rd party certification programme in Malaysia

Users won't transact the business at the web sites unless they are certain it is secure. They need to ensure that the business is real and the communications with the company is private. Therefore, we need a 3rd party certification programme to ensure the information and transaction are being secured.

3rd party certification is the verification of the piblic or private key's holder by trusted 3rd party knowns as Certificate Authority to ensure that the websites are genuine by using digital certificate. It authenticates websites, individuals and software companies so that the consumers or people using the website can trust and rely on them.

3rd party certification programme has become increasingly important in the world of internet. The most famous 3rd party certification programme is Verisign.

Another 3rd party certification programme is MSC Trustgate which is an affiliate of Versign incorparated in year 1999, and it is Malaysia's Premier lincensed certification authority.

Verisign

The Internet Infrastuture of Verisign enables confidential information or important data to be delivered across the net safely, so that the users can do their transaction iwith confident. Secure Sockets Layer (SSL) certificate encrypts senmsitive information when people doing online transaction. Sometimes, some web sites have encrypted http connection where the user can see the "http" in URL.

A certificate authority verifies the identity of the certificate owner unique, anthenticated information containted in the certifiate. When a user points to a secure domain, SSL handshake will authenticate the web site and the user. The user can see the authenticated organization name when he click on closed padlock in the browser window or certain SSL trust marks, such as the Verisign Secure Seal.

The authenticated organiozation name is even prominently displayed in high security browser and the adddress bar will turn green when an Extended Validation SSL Certificate is detected. If the information does not match or the certificate has expired, an error massage or warning will be displayed.

I think the implementation of 3rd party certification programme can extensively improve the customers trust since the web sites they are dealing with are certified as genuine web sites. This enables them to do transaction and transfer the information without worry and their information would not revealed by outsider. Therefire, it is essential for the implementation of sduch programme in the e- commerce world.

How to Safeguard Our Personal and Financial Data?

The Internet is a global system of computer networks in which users at any one computer can, if they have permission to get information from any other computer. Nowadays, the Internet is a public, cooperative, and self-sustaining facility accessible to thousands of millions of people worldwide. Most of the people rely on computers to create, to store and to manage their decisive information through Internet. For example, our personal data are being saved into computers before running online financial transactions such as e-banking in order to save time. Therefore, it is important that users to avoid, or to protect their personal data from loss, damage and misuse. So, there are some suggestions for you to safeguard your personal data as below.









First, you shall not reveal any personal information or particularly passwords to anyone. You must log out properly after running any online transactions before closing the web browsers in order to ensure security.


Second, usernames and passwords are being used to ensure the higher degree of security. You are required to select a longer or the combination of numerical and alphabets as your passwords. Once you select a password, do change it frequently. Do not select your date of birth or plate numbers of your vehicle as your passwords. These are the popular numbers and open to everyone who knows you. You will be in trouble if your ATM card is lost.



Third, install original antivirus or antispyware software such as McAfee, AVG or Kaspersky in order to protect yourself against spywares and viruses which may steal or modify your personal data. Update and scan your personal computer regularly may help you to remove any of the infected files and hidden spywares from your computer.

You are encouraged to use biometrics as a form of identity access management and access control. It can be used to identify individuals in groups that are under surveillance. There are few types of biometric devices such as fingerprint, face recognition, hand and palm geometry, iris recognition and etc. These biometric devices can ensure the highest degree of security due to a virtually foolproof method of identification and authentication; this is the reason why they are gaining popularity as a security precaution.

Of course, there are no easy to keep an eye on our personal data on frequently. But if we can behave more careful in our daily life activities, then our personal data will be more safety.

Related Links : http://www4.bmo.com/popup/0,4442,35649_49250,00.html

Phishing: Example and its Prevention Methods

Phising: Examples and its prevention methods

“Phishing” is a term use to describe a criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. PayPal, eBay and online banks are common targets.




CITIBANK – victim of phishing

In year 2004, a Citibank phishing email began making the rounds via email in Malaysia, warning Citibank customers of possible fraud affecting their accounts and urging them to login to check the status.
So how to spot a phishing scam? I will use Citibank as the example to illustrate the steps can be taken to spot a phishing scam.
Phishing e-mails will contain some of these common elements: (view screen capture above from Eudora)

1. The "From Field" appears to be from the legitimate company mentioned in the e-mail. It is important to note, however, that it is very simple to change the "from" information in any e-mail client. While we're not going to tell you how, rest assured it can be done in a matter of seconds!

2. The e-mail will usually contain logos or images that have been taken from the Web site of the company mentioned in the scam e-mail.

3. The e-mail will contain a clickable link with text suggesting you use the inserted link to validate your information. In the image you will see that once the hyperlink is highlighted, the bottom left of the screen shows the real Web site address to which you will go. Note that the hyperlink does NOT point to the legitimate Citibank Web site URL.


Prevention methods:

•Never reply to e-mail message that request your personal information.

•Don’t click links in suspicious e-mail, the link might not be trustworthy.

•Use the strong or different password for each of your accounts & change them frequently.

•Don’t send personal information in regular e-mail messages.

•Do the business only with companies you know & trust.

•Help protect your PC, keep your PC updated & use antivirus software.

•Monitor your transaction, using just one credit card for online purchases makes it easier to track your transactions.

•Use credit cards for transactions on the internet instead of debit cards to avoid the big credit limit from your bank account.



Related Links

www.webopedia.com/TERM/P/phishing.html

www.webopedia.com/DidYouKnow/Internet/2005/phishing.asp