Phishing: Examples and its prevention methods.

Phishing is an attempt to criminally & fraudulently steal people information such as username, password, credit card number, bank account number to invade other people privacy. It also can be defined as Phishing emails attempt to steal your identity and will often ask you to reveal your password or other personal or financial information.

The perpetrator will use fake website they have created to steal the information from people, the fraudulent email address that they have sent usually redirect to the perpetrator website which is fake so that it looks similar to the original website., such as through e-mail, ebay, paypal, bestbuy, msn, yahoo, Citibank, AOL & etc.

Example of phishing from e-mail:




Example of phishing from Citibank:

There are many prevention methods to prevent or stop phishing:
1) Never reply to e-mail message that request your personal information.
Legitimate companies don’t ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company’s correct Web address yourself but don’t cut and paste the link from the message into your Internet browser — phishers can make links look like they go to one place.


2) Don’t click links in suspicious e-mail, the link might not be trustworthy. Some scammers send an email that appears to be from a legitimate business and ask you to call a phone number to update your account or access a “refund.” If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card. In any case, delete random emails that ask you to confirm or divulge your financial information.

3) Help protect your PC, keep your PC updated & use antivirus software.
Anti-virus software scans incoming communications for troublesome files that can effectively reverse the damage; and that updates automatically. A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It’s especially important to run a firewall if you have a broadband connection. Operating systems (like Windows or Linux) or browsers (like Internet Explorer or Netscape) also may offer free software “patches” to close holes in the system that hackers or phishers could exploit.


4) Don’t send personal information in regular e-mail messages.
Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s website, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). However, no indicator is foolproof; some phishers have forged security icons.


5) Monitor your transaction, and review credit card and bank account statements as soon as you receive them
Check for unauthorized charges. If the statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.

Although internet has given us many convenience especially in buying or selling goods or services, but the awareness must be taken into account so that we will not been cheated.


References:
http://www.planb-security.net/wp/503167-001_PhishingDetectionandPrevention.pdf

http://chowkamleeng.blogspot.com/2008/06/phishing-examples-its-prevention.html

by Lim Hui Min

Posted on 12:40 PM by 4EvEr and filed under | 1 Comments »

The application of 3rd party certification programme in Malaysia.


TrustGate is a licensed Certification Authority (CA) in Malaysia since 1999 which is famous application of 3rd party certification programme in Malaysia. It offers complete security solutions and leading trust services that are needed by individuals, enterprises, government, and e-commerce service providers using digital certificates, digital signatures, encryption and decryption.

It was incorporated in 1999 and its objectives are to secure the open network communications and become the catalyst for the growth of e-commerce, both locally and across the ASEAN region. Its core business is to provide digital certification services, including digital certificates, cryptographic products, and software development.

TrustGate has provided several products and services. They are SSL Certificate, Managed PKI, Personal ID, MYTRUST, MYKAD ID, SSL VPN, Managed Security Services, VeriSign Certified Training, and Application Development. The vision of TrustGate is to enable organizations to conduct their business securely over the Internet, as much as what they have been enjoying in the physical world.

It also provides the finest Public Key Infrastructure (PKI) to assist all types of companies and institutions conducting their business over the Internet. The state of the art back-end infrastructure that costs RM 14 million is one of the best in the region.

Digital certificate usually attach to an e-mail message or an embedded program in a web page that verifies that user or website is who they aim to be. The common functions of digital certificate are user authentication, encryption, and digital signatures.

The user authentication has provided security than username and password. Encryption can secure the data transmission. The intended recipient of the data is only person to receive the message. Digital signature is like hand signature in the internet world. It can ensure the integrity of the data.

By using the digital certificate, users will not fear when make the transaction through the internet. It will avoid the problems of personal data being stolen, information contaminated by third parties, and the transacting party denying any commercial commitment with the users.

Furthermore, the digital certificate has brought many benefits to users in the internet world. So, it is important for users when using the internet.



Reference:


by Koh Suh Tyng
Posted on 10:57 PM by 4EvEr and filed under | 1 Comments »

How to safeguard our personal and financial data?


Internet is a public network of nearly 50,000 networks connecting millions of computers throughout the world. Nowadays, internet is no longer a safe place. Data is sent back and forth through various servers through which personal and information and financial data are housed. The is a problem occur when data transferring which is the ability to intercept and record that data that is moving from server A to server B. Hackers have the ability to intercept and use that information, such as credit card numbers and expiry dates, to falsely do transactions.


The information is including name, date of birth, gender, address, telephone, e-mail address, occupation and interests. “Personal Financial Information” means any record containing a customer of a financial institution, whether in paper, electronic, or another form, that is handled by behalf of the institution or its affiliates. It also may include company’s secret such as consumer information records such as names, addresses, phone numbers, bank and credit card account numbers and et-cetera.


Although some website has provided the privacy and security to user, such as: Secure Socket Layer (SSL), require password customization, monitor industry standards and etc. But yet, data stolen cases are still increasing.

There are a few simple approaches I would like to share on how to safeguard our personal and financial data:


1. Protection of financial accountsInternet users should review the transaction confirmations and quarterly statements as soon as they receive and notify to the website immediately of any unauthorized activity. Besides, review your credit report regularly for inaccuracies. Shred, rather than toss, documents which include credit card offers, bank statements and junk mail.

2. Password and Social Security protectionPassword and other security features add layer of protection if used appropriately by viewing to the "Choosing and Protecting Passwords" and " Supplementing Passwords". Avoid using passwords that are easy for someone to guess, such as the name of your favorite pet or your date of birth. We should not write this information down and never carry it in your wallet or briefcase. Use a combination of numbers and letters if possible.
Protect your Social Security number as well. Store your card in a safe place and avoid giving the number to others.

3. Secure our computers
We must make sure that our computers have up-to-date spyware; antivirus protection program such as Symantec, Norton antivirus, AVG antivirus and firewall software to protect ourselves against viruses and worms that may steal or alter our personal and financial data. These antivirus protection programs should update every single day to make sure it is up to date to protect our computers.
On the other hand, avoid clicking on pop-up ads or downloading information from unknown sites. Some website might have spyware that can hack our personal information.


4. Conduct the transaction on trusted methodThe best way to protect our financial and personal data is by conducting the transaction with trusted, well known online retailers that using the reputable payment processors such as Paypal or Google Checkout. Avoid giving your personal information to “cold callers” and other unknown parties online, via e-mail and over the phone. Hacker might able to get the information during the transactions.

5. Avoid accessing financial information in publicUse your own computer, instead of a work or public machine, to access financial and other sensitive personal information. Some private information might expose to others when we use public computer. Besides, resist using free wireless connections particularly in cafes, airports and other public places to check personal information.


If we have no choice but to use public computers, we must remember to close the browser window. This is to prevent other users from reading your personal information and mail.





by Foo Seow Min
Posted on 10:46 PM by 4EvEr and filed under | 1 Comments »

Threat of Online Security: How Safe Is Our Data?


Nowadays, people rely on computers to create, store and manage critical information. Consequently, it is important for users to aware that computer security plays a major role in protecting their data from loss, damage, and misuse.

Most security threats are made by attackers using a relatively small number of vulnerabilities. Attackers, being relatively opportunistic, take the path of least resistance, and continue to take advantage of these most common failures, rather than seeking out new exploits or taking advantage of more difficult ones.


According to the SANS Institute (SysAdmin, Audit, Network, Security Institute), the top ten threats are:

  • Web servers and services. Default HTTP (Web) servers have had several vulnerabilities, and numerous patches have been issued over the past several years. Make sure all your patches are up to date, and do not use default configurations or default demonstration applications. These vulnerabilities may lead to denial-of-service attacks and other types of threats.
  • Workstation service. An attacker can obtain full control over a computer by compromising the Windows Workstation service, which is normally used to route user requests.
  • Windows remote access services. A variety of remote access methods are included by default on most systems. These systems can be very useful, but also very dangerous, and an attacker with the right tools can easily gain control over a host.
  • Microsoft SQL Server (MSSQL). Several vulnerabilities exist in MSSQL that could allow an attacker to gain information from a database or compromise the server. In addition to applying all the latest patches, enabling SQL Server Authentication Logging and securing the server at both the network and system level will prevent most of these attacks.
  • Windows authentication. Most Windows systems use passwords, but passwords can be easily guessed or stolen. Creating stronger, more difficult to guess passwords, not using default passwords, and following a recommended password policy will prevent password attacks.
  • Web browsers. Your window to the Internet, a Web browser contains much vulnerability. Common exploits may include disclosure of “cookies” with personal information, the execution of rogue code that could compromise a system, and exposure of locally-stored files. Configuring the browser’s security settings for a setting higher than the default value will prevent most Web browser attacks.
  • File sharing applications. Peer-to-peer (P2P) programs are commonly used to share files. In a P2P system, computers are open to others in the P2P network to allow for all participants to search for and download files from one another. Many corporations forbid use of P2P networks because of the obvious risk of compromised data.
  • LSAS exposures. The Windows Local Security Authority Subsystem (LSAS) has a critical buffer overflow that can be exploited by an attacker to gain control over the system. Again, proper configuration and application of patches will prevent most exploits.
  • Mail client. Attackers can use the mail client on a computer to spread worms or viruses, by including them as attachments in emails. Configuring the mail server appropriately, and blocking attachments such as .exe or .vbs files, will prevent most mail client attacks.
  • Instant messaging. Many corporations also block employees from using instant messaging, not only because of the technical threats but also because of the possibility of lost productivity. Configuring IM properly, applying all the latest patches, and taking control over any file transfers that occur over IM will prevent most attacks.

In conclusion, risk exposed by computer users is increasing with the increasing developed technology. Therefore, safeguards developed must be always up to date to enhance the defenses against online security threats. In the same time, users must be educated and informed about the crucial damages and loss caused by imposing online security threats.

Posted on 10:08 PM by 4EvEr and filed under | 0 Comments »

Identify and compare the revenue model for Google, Amazon.com and eBay

Google is an American public corporation. The Google’s revenue model are Google Adwords and Google Adsense. Google Adwords offers pay per click advertising, This program includes local, national, and international distribution which present the advertisements to people at the moment the people are looking for information through Google’s search engine. The payment model is based on the qualifying click-throughs. When a user uses the Google’s serach engine, advertisements for relevent words are shown on the right side of the screen.



Adsense is an ad serving program, which is run by the Google. Website owners can enroll in this program to enable text, image and, video advertisements on their sites. Revenue is generated on a per-click or per-thousand-ads-displayed basis and the ads are administered by Google. Google advertisers are required to pay Google a fee each time a user clicks on one of their ads displayed on Google Network members’ web sites.

Amazon.com is an American electronic commerce (e-commerce) company which started the business is the on-line bookstore, but later varies the product lines. It allows users to submit reviews to the web page of each product and able to rate the product on a rating scale in order to give a reference for other users. An Amazon partner website can display Amazon books directly on their website, and sends customers to the Amazon’s website when the visitor is ready to buy it. In turn, Amazon pays a commission for the sale to the site owner.


eBay is an American Internet company. It is an online auction and shopping website that the people and businesses buy and sell goods and services worldwide. eBay Incorporation also owns Paypal and Skype.


Millions items are listed, bought, and sold everyday. The services and intangibles items are also included. Anything can be sold as long as it is not illegal and does not violate the eBay rules and regulations policy.


References:




by Lim Hui Min
Posted on 8:03 PM by 4EvEr and filed under | 0 Comments »

An example of an E-Commerce failure and its causes

E-commerce has evolved since the late 1990s. Many companies and individuals have been using e-commerce to do business. Besides, it allows people to do shopping online. Many have succeeded, and many have failed as well. Let us now look at the reasons for the failure.

There are 10 reasons for the failure of E-commerce included:
1) Trying to sell the wrong product online
2) Lacking of marketing
3) A poorly designed website
4) Falling behind time
5) Poor checkout procedures
6) Not testing your site
7) A hard-to-find or nonexistent privacy policy
8) Poor order fulfillment
9) Straying from your objective
10) Poor customer service

Dell Computer Corporation (www.dell.com) is one of the largest firms consisting of approximately 30,000 employees. They are located throughout the United States and contain high top quality supplies and security services. In order for a large company like Dell to grow with all the competitors in the industry, the organization must be willing to take chances, to expand the corporation.

Dell’s success over the years has caused concern for the future of the young company. Dell’s business-to-business (B2B) exchange failed for a number of reasons. The primary reason is the lack of insight in the research and development area. A lack of knowledge in this area proved to be detrimental because the company was unprepared for the lack of cooperation that other businesses showed in this new idea.

Dell gave up too early in the game because their expected profits were not met. If the business allowed more time to prove itself, it might have been able to salvage some of its profits. They should have focused on showing consumers that they are not just a PC firm. One way to do this would be to advertise the B2B and demonstrate their reliability and value of their computers. This would target their faithful customers, aiming to enhance the loyalty in the Dell brand name.

Another downfall may have been due to Dell’s choice of suppliers. 3M, Motorola, and Pitney Bowes are second-rate firms compared to companies such as Compaq, Hewlett-Packard and Gateway. Last May, these three firms joined forces and formed an Internet-based exchange.
On the other hand, if Dell incorporated smaller companies, they would have had more support and the potential for a larger growth. On the other hand, if they select a well-known firm which is closely related to the computer industry, it could have provided consumers with a high degree of reassurance. For example, combining with Canon or Epson may have been a better B2B E-commerce strategy. These companies are closely related and can all be used with a Dell computer.


The B2B exchange is an opportunity for the future of the company, yet it needs to reinvest in research and development before it continues with this idea. Dell recklessly jumped into this market and as a result failed after four months. They were not able to obtain the profits they originally predicted. Luckily Dell is a strong company and was able to survive after the loss. With the future of the B2B commerce looking very bright, it would be a good idea for Dell to continue on this project with an optimistic outlook.


Reference:
Success and Failure of e-commerce
http://www.allbusiness.com/sales/internet-e-commerce/3972-1.html

Dell Computer Corp.: Failure in B2B E-Commerce Strategy
http://web.syr.edu/~efedelma/dell.html

by Foo Seow Min
Posted on 7:56 PM by 4EvEr and filed under | 0 Comments »

An example of an E-Commerce success and its causes


The PayPal (http://www.PayPal.com/) is the result of a March 2000 merger between Confinity and X.com. Documentation was founded in December 1998 by Max Levchin, Peter Thiel, and Luke Nosek, initially as a Palm Pilot payments and cryptography company. X.com was founded by Elon Musk in March 1999, initially as an Internet financial services company. Both Confinity and X.com launched their websites in late 1999. Both companies were located on University Avenue in Palo Alto.

There are 3 main causes for the success of PayPal. Firstly, PayPal makes convenient for people to pay or get paid as PayPal operates in 190 markets, and it manages over 164 million accounts. PayPal allows customers to send, receive, and hold funds in 18 currencies worldwide. These currencies are the Australian dollar, Canadian dollar, Chinese renminbi yuan (only available for some Chinese accounts, see below), euro, pound sterling, Japanese yen, Czech koruna, Danish krone, Hong Kong dollar, Hungarian forint, Israeli new sheqel, Mexican peso, New Zealand dollar, Norwegian krone, Polish zloty, Singapore dollar, Swedish krona, Swiss franc and U.S. dollar. PayPal operates locally in 13 countries. With this, PayPal has quickly become a global leader in online payment solutions.


Secondly, it is safe for trading in PayPal due to its safety and protection policies. According to PayPal, it protects sellers in a limited fashion via the Seller Protection Policy. In general, the Seller Protection Policy is intended to protect the seller from certain kinds of charge backs or complaints if seller meets certain conditions including proof of delivery to the buyer. So, they can feel safe when both parties decide to use the PayPal. In early 2007, it also has provided security key as an additional protection against fraud. The users can prevent their account being compromised by a malicious third party without access to the physical security key.

Lastly, PayPal has received more than 20 awards for excellence from the internet industry and the business community- most recently the 2006 Webby Award for Best Financial Services Site and the 2006 Webby People's Voice Award for Best Financial Services Site. It has developed the good reputation and people trust it can provide the better services to them. It becomes the good choice for people to make the payments and do business.


In 2002, PayPal has been acquired by eBay.

References:


by Koh Suh Tyng
Posted on 12:10 PM by 4EvEr and filed under | 0 Comments »

The History and Evolution of E-commerce


E-commerce is any business related transactions partially or totally carried out by electronic medium especially on internet using Open networks or Closed network. The most important feature accountable for the success of internet is electronic commerce that allows people to buy or sell anything they want at anytime of the day or night. The process of advancement in Information Technology to develop into a business transaction is the e-commerce history.

The term e-commerce meant the process of execution of commercial transactions electronically with the help of the leading technologies such as Electronic Data Interchange (EDI) and Electronic Funds Transfer (EFT) which gave an opportunity for users to exchange business information and do electronic transactions. The ability to use these technologies appeared in the late 1970s and allowed business companies and organizations to send commercial documentation electronically.

The growth and acceptance of credit cards, automated teller machines (ATM) and telephone banking in the 1980s were also forms of electronic commerce. From the 1990s onwards, electronic commerce would additionally include enterprise resource planning systems (ERP), data mining and data warehousing. Perhaps it is introduced from the Telephone Exchange Office, or maybe not. The earliest example of many-to-many electronic commerce in physical goods was the Boston Computer Exchange, a marketplace for used computers launched in 1982. The first online information marketplace, including online consulting, was likely the American Information Exchange, another pre-Internet online system introduced in 1991.


  • In general the first business deal carried out on telephone or via a fax is mainly considered as first e-commerce transaction.
  • In 1960’s Electronic Data Interchange (EDI) was formulated. This is a set of standard instructions to interchange data and to carry out business deals electronically.
  • 1969: ARPANET, was developed by Americas department of defence for researching new reliable networks and later this enhanced into Internet that was purely used as a research tool for nearly 20yrs.
  • 1984: EDI, or electronic data interchange, was standardized through ASC X12. the ASC X12 standard became stable and reliable in transferring large amounts of transactions.
  • 1992: The National Science Foundation lifted restrictions on the Internet allowing commercial use. CompuServe offers online retail products to its customers. This gives people the first chance to buy things off their computer.
  • 1994: Netscape arrived which providing users a simple browser to surf the Internet and a safe online transaction technology called Secure Sockets Layer.
  • 1995: Two of the biggest names in e-commerce are launched which is EBay and Amazon.com. Generally, B2C websites are the bridge that link customers to suppliers such as EBay, online auction. Beside that, the B2C concerns itself with selling to the end user such as Amazon, online book retailers. On the other hand, the e-commerce that is conducted between businesses is referred to as B2B such as Microsoft sell his software to other organization.
  • 1998: DSL, or Digital Subscriber Line, was launched into the market that provided much faster access and persistent connection to the internet. AOL swamped the market and had about 1.2 billion sales over a period of 10 weeks from online sales. E-commerce spread to a significant group globally within a span of 4 years from 1996 to 2000.
  • Today the largest electronic commerce is Business-to-Business (B2B). Businesses involved in B2B sell their goods to other businesses. In 2001, this form of e-commerce had around $700 billion in transactions. Other varieties growing today include Consumer-to-Consumer (C2C) where consumers sell to each other, for example through auction sites.


In the very beginning, many people will have doubt on e-commerce but now it is become a modern tool, not only e-commerce revolutionized the world of wholesale, but also retail. As a result of that, the businesses are now continually searching for new ways to meet the needs of the online market such as Wal-Mart, they target on integrating consumer relationship with e-commerce industry to increases their customer base.


The technology used for e-commerce is young, but it's expanding faster than any before it and will soon be the most advanced system the world has ever seen and e-commerce is still one of the leading forces of economic growth today.

http://www.ecommerce-journal.com/articles/electronic_commerce_aka_e_commerce_history

http://ecommerce.networksolutions.com/ecommerce_what_is_ecommerce.asp

by Wong Leed Chen

Posted on 10:39 PM by 4EvEr and filed under | 0 Comments »