eCyber-aware

Blog Contest Result

noreply@blogger.com (Tee) — Thu, 20 Oct 2011 06:10:00 +0000

Finally! the long awaited blog contest has come to an end, thank you for participating in the contest!

Unfortunately, there are many submissions that are not acceptable, therefore disqualified. There are only 2 participants that manage to go through. And they are :

First prized goes to Lee Kok Weng :

Second prize goes to Welsh MunChean :

Congratulations to all the winners, and thank you for participating!

Young children being attack by scammers through online games

noreply@blogger.com (Jackson Chee) — Wed, 19 Oct 2011 02:34:00 +0000

Internet security should always be ramped up when children are using the internet, and a new rigged online game highlights that there is usually no exception, as it has been trying to scam children for their parents' banking information and more.

Online scammers are rigging an educational online game meant for preschoolers with malicious viruses that can take bank account details from a computer, according to Security News Daily.

Games that are rigged include some that let children nurture online pets or catch falling objects. The website said the young child thinks they are playing a harmless game but may open their parents' computer up to spyware and other Trojan viruses, such as Zeus, capable of forcing the PC to join a botnet or stealing online banking information.

Microsoft said families should first decide where their children can and cannot go on the internet, then increase antivirus software and other internet security measures just in case something does go wrong, such as what happens in this scam. The company said to monitor where children go online and remind them to never talk to strangers online.

Resources:

Scammers attack young children through online games. 2011. Scammers attack young children through online games. [ONLINE] Available at: http://www.bitdefender.com/security/scammers-attack-young-children-through-online-games.html. [Accessed 19 October 2011].

Fifth Poll Analysis

noreply@blogger.com (Thanaraj) — Tue, 18 Oct 2011 02:58:00 +0000

This shows that after few weeks of education and awareness on scaming and scamers. Most of our followers are well aware of the hackers...

Short Video Regarding The Contest

noreply@blogger.com (Jackson Chee) — Thu, 13 Oct 2011 11:12:00 +0000

Phising through Modern Warfare

noreply@blogger.com (Thanaraj) — Fri, 07 Oct 2011 16:29:00 +0000

Microsoft has issued an Xbox Live service alert of phishing scams operating through Call of Duty: Modern Warfare 2.

Phishing scams are an attempt to acquire personal information about a user, such as usernames, passwords or credit card details, by posing as a trustworthy source.

The service alert warns: "Users may receive potential phishing attempts via title specific messaging while playing Modern Warfare 2."

Though information regarding the source of the messages has not been released, the phishing messages are likely perpetuated by individual Xbox Live accounts. There is no indication that it is a hack of the Xbox Live service similar to the breach of the PlayStation Network.

Microsoft stated that it is "working to resolve the issue".

Poll Analysis #4 : What should a protected computer have?

noreply@blogger.com (Tee) — Thu, 06 Oct 2011 10:35:00 +0000

As usual, a poll is posted on our blog for visitors to vote through a duration of a week. The picture on the left is the result of the poll. Because this poll has multiple choice enabled, users are able to vote for more than one answers. According to the results, the most important feature for a protected computer is to have a firewall. Firewalls may be considered the most important because they are built in and come together as a system unit. The other two choices, which are anti virus and spyware software, and the most recent updates , scored a 60%.

Contest

noreply@blogger.com (Thanaraj) — Wed, 05 Oct 2011 14:50:00 +0000

Hi! there everyone thanks for giving us your support through out every week by participating on the poll questions. Due to your great support the eCyber-aware blog team have come with an event which is more over to a contest, Most of you guys might be jumping all over ready due to this event or contest

Well this is a drawing contest more like a poster...participants are asked to draw a picture a poster of a hacker in a cruel and ugliest way they can and they must send a scanned version of their artwork to the following email address; kingofbloging@gmail.com

Rules and Regulation:

Participants must be a follower of this e-Cyberaware blog

Artwork must be original and not be a copy paste item(artworks sent will be check for plagiarism)

Winners will be awarded with the following prizes:

Champion gets a 4GB pen-drive

1st runner up gets a cooling pad

2nd runner up gets a mouse pad

So hurry up and send us your artwork!

For more info on this please check out our events page...

Web Application Attacks

noreply@blogger.com (Jackson Chee) — Tue, 04 Oct 2011 06:26:00 +0000

There are two types of Web application attacks: automated and manual.

Automated attacks can be used to exploit a Web application using automated
Web application attack tools such as wget, curl, blackwidow and teleport pro.
Using these automated tools, crawling and attacks can be done shortly.
This type of attack can be avoided by setting “honey traps” using HTTP Module
(used in pre/post-processing of requests). The attacker can be put into an infinite
loop using defence trick once it is trapped.

To launch manual attacks, hackers must conduct information gathering such as
address identification, port scanning, social engineering and vulnerability scanning
to find out vulnerabilities that can be exploited.

Resources:
http://www.cybersecurity.my/data/content_files/13/87.pdf?.diff=1176417313

SECURING APPLICATIONS FROM HACKER

noreply@blogger.com (Thanaraj) — Mon, 03 Oct 2011 14:17:00 +0000

MOST companies today use the Web to do business with customers, employees,

suppliers and others. This is because it is easier to maintain a Web-based

application than a Windows-based one. But how can we be sure that a Webbased application is secured? Or that data is being shared only by the authorised

users?

The Gartner Group estimates that 75 per cent of cyber attacks today are at the

application level. And about 97 per cent of over 300 Web sites audited are

vulnerable to Web application attacks. The US Federal Bureau of Investigation

also reveals that 95 per cent of the companies are hacked from Web applications,

and only five per cent of them are aware of the attacks

(http://conference.hackinthebox.org/hitbsecconf2005kl/materials/TT-ShreerajShah-Webhacking-Kungfu.pdf).

From the figures, we can deduce that most company Web sites are prone to cyber

attacks, and some of these companies are not aware that their Web applications

have vulnerabilities that can be exploited by hackers.

According to statistics published by the National ICT Security and Emergency

Response Centre, there have been significant increases in Web defacement

incidents. In the first quarter of this year, there were 256 Web defacements

involving both public and private Web sites, compared to the previous quarter

which recorded 42 of such incidents.

To have a secure Web application, developers of the application must know each

attribute such as query string, form, cookie, script, etc, because they are

vulnerable. These attributes can be exploited by an attacker and expose sensitive

company information if they are not used securely.

Third Poll Analysis

noreply@blogger.com (Jackson Chee) — Thu, 29 Sep 2011 11:00:00 +0000

Last week, we posted a poll question for our visitors to titled : "Which one of these scams have you heard before?"

From the result, 1 person chooses "Phisher Scams". Another person also chooses "Nigerian Scams". 3 person chooses "Lottery Scams". This has shown that most of our visitors were scammed because of greed in money. Users should be more careful when playing lottery online. We should be cautious of those lottery scams website.

Top ten tips on avoiding cyber scams

noreply@blogger.com (Thanaraj) — Wed, 28 Sep 2011 09:30:00 +0000

People since time immemorial have fallen for scams of various kinds. Chalk it up to wishful thinking, dreaming, greed, what have you, but eventually, everyone finds themselves gullible. If that weren’t the case, life would lose some of its luster. We love to play act; we love to be fooled; and, we love to fool others as long as it’s all in good fun. Unfortunately, there are malicious people–cyber criminals and scam artists–who love to take advantage of those traits for their own gain and our (usually financial) loss.

Here are the top ten tips, courtesy of OnGuardOnline.gov for avoiding online scams:

Don’t send money to someone you don’t know.

Don’t respond to messaes that ask for your personal or financial information.

Don’t play a foreign lottery.

Keep in mind that wiring money is like sending cash: once it’s gone, you can’t get it back.

Don’t agree to deposit a check from someone you don’t know and then wire money back.

Read your bills and monthly statements regularly - on paper and online.

In the wake of a natural disaster or another crisis, give to established charities rather than one that seems to have sprung up overnight.

Resource:
http://onguardonline.gov/

http://www.bbb.org/us/article/top-ten-cyber-monday-tips-for-staying-safe-when-shopping-online-23416

How do scammer target you

noreply@blogger.com (Tee) — Sun, 25 Sep 2011 09:47:00 +0000

There are many forms of scam all around us;

In our everyday life, watch out for :

1. Unsolicited offers that are promoted through email, SMS (short message service) or MMS (multimedia message service). These offers often come from unknown contacts that have never been in contact with you before.

2. Offers of unlikely promises, like the certainty of winning lotteries, wealth, or lose weight.

3. Emails using a lot of capital letters, bad grammars, or unusual subject headings.

4. Work-at-home schemes offering easy ways to earn a big amount of money.

5. Incredible health cures that claim to cure difficult-to-cure conditions and illnesses

6. E-mails from "legitimate" companies asking for account details (usually providing a phising link)

7. Lottery, prizes, and other wins, asking you to send money or personal details to claim your winnings

8. Modem jacking -- make sure websites, especially adult sites don not download internet diallers, which will cost us money in our phone bills.

Source :

http://www.scamwatch.gov.au/content/index.phtml/itemId/693900

Podcast #3 : Poll Analysis 2 (Bahasa Malaysia)

noreply@blogger.com (Thanaraj) — Thu, 22 Sep 2011 13:39:00 +0000

Salam sejahtera semua nama saya Thanaraj dari blog e-cyber-aware. Minggu lepas kami telah menyediakan sebuah soalan untuk para pengikut kami, menyatakan bahawa macam mana anda hendak memastikan bahawa anda tidak menjatuhi dalam sebuah perangkap semasa anda membeli barang dari laman sesawang.

Daripada keputusan yang diperolehi kami dapat tahu bahawa ramai memilih! iaitu daripada 50% daripada pengikut kami memilih jawapan tentang "bayaran balaik dan jaminan ke atas semua barang. Ini menunjukkan bahawa para pengikut kita takut akan kualiti barang iaitu dari segi mendaoat barang yang rosak atau pecah.

Pilihan kedua, para pengikut blog kita pula ialah ingin, "Memastikan bahawa laman web itu selamat apabila anda menghantar nombor kad kredit anda secara electronik dan pilihan ini telah memuaskan 33% peratus sahaja.

Seterusnya, pilihan ketiga para pengikut blog kita berhati hati apabila membalas kepada tawaran istimewah ini menunjukan bahawa para pengikut blog kita amat awas akan trik trik penipuan penipu laman sesawang.

Pilihan akhir merupakan "menyiasat laman web lain yang berkaitan dengan jumlah syarikat yang dipuaskan oleh mereka.Jawapan ini telah memuaskan 0%.

Hello all! my name is Thanaraj from the blog e-cyber aware. Last week we have prepared a question to the followers of our eCyber-aware blog, asking The way to ensure that you are not falling in a trap when you buy the merchandises online. From the results obtained we knew that our followers choose an answer of "inquire about refund and warranties on all items".Which rank number 1 by fulfilling 50% percentage of the chart. This shows that the followers fear the quality of the goods in terms of mendaoat damaged goods.
The second option, the followers of our blog is the want to, "Ensure that the website is safe when you send your credit card number electronically, and this option has satisfied 33% percent of the chart.

Next, The third option of our blog followers to be careful when replying to this Super deals show that the followers of our blog is very alert to scams scammers will trick trickswebsite.

The final choice is "investigating other sites related to the number of companies satisfied 0% percentage of the chart by them.

Podcast #2 : Phishing - Technique Used In Cyber Scam (Bahasa Malaysia)

noreply@blogger.com (Jackson Chee) — Tue, 20 Sep 2011 18:42:00 +0000

Hello everyone, today i will be discussing one of the technique that is used by scammer to scam internet user which is phishing. Phishing is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Website where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user's information.

Phishing, also referred to as brand spoofing or carding, is a variation on "fishing," the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.

Hello rakan-rakan sekalian, hari ini saya akan berbincang tentang perlakuan "phishing" iaitu satu teknik yang digunakan oleh penipu siber untuk mendapatkan maklumat pengguna internet. "Phishing" berlaku melalui tindakan menghantar e-mel kepada pengguna secara palsu yang mendakwa untuk menjadi perusahaan yang sah yang ditubuhkan dalam usaha untuk penipuan pengguna ke dalam menyerahkan maklumat peribadi yang akan digunakan untuk kecurian identiti. E-mel yang mengarahkan pengguna untuk melawat laman web di mana mereka diminta untuk mengemaskini maklumat peribadi, seperti kata laluan dan kad kredit, keselamatan sosial, dan nombor akaun bank, bahawa organisasi yang sah sudah mempunyainya. Laman web, bagaimanapun, adalah palsu dan hanya untuk mencuri maklumat pengguna.

"Phishing", juga dirujuk sebagai menipu jenama atau "carding", adalah perubahan daripada perkataan "memancing," idea yang berkaitan tentangnya ialah umpan yang tercampak keluar dengan harapan bahawa manakala kebanyakan akan mengabaikan umpan, ada yang akan tergoda ke dalam gigitan.

Tips For Staying Safe When Shopping Online

noreply@blogger.com (Jackson Chee) — Tue, 20 Sep 2011 17:34:00 +0000

Many internet users get scam when they buy things online. One of those reason is that they are too easy to believe those scammer. Actually there are many ways we can do to avoid being scams when shopping online. First of all, we should protect our computer. We should always have our computer have the most recent updates installed for spam filters, anti-virus, and anti-spyware software and a secure firewall. Secondly, we should shop on trustworthy websites. Shoppers should start to check on the seller’s reputation and record for customer satisfaction. Always look for widely-recognized “trustmarks” on retailer websites and click on the seals to confirm that they are valid.

Thirdly, we should protect our personal information. We recommends taking the time to read the site’s privacy policy and understand what personal information is being requested and how it will be used. If there isn’t one posted, it should be taken as a red flag that personal information may be sold to others without permission. Apart from that, we should also beware of deals that sound too good to be true. Offers on websites and in unsolicited e-mails can often sound too good to be true, especially extremely low prices on hard-to-get items. Consumers should always go with their instincts and not be afraid to pass up a “deal” that might cost them dearly in the end.

Besides that, we should beware of phishing website.Legitimate businesses do not send e-mails claiming problems with an order or an account to lure the “buyer” into revealing financial information. If a consumer receives such an e-mail, BBB recommends picking up the phone and calling the contact number on the website where the purchase was made to confirm that there really is a problem with the transaction. We should also confirm that our online purchase are safe. Shoppers should always look in the address box for the “s” in https:// and in the lower-right corner for the “lock” symbol before paying. If there are any doubts about a site, we recommends right-clicking anywhere on the page and select “Properties.” This will let you see the real URL (website address) and the dialog box will reveal if the site is not encrypted.

Moreover, we should keep documentation of our order. After completing the online order process, there may be a final confirmation page or the shopper might receive confirmation by e-mail. We recommends saving a copy of the Web page and any e-mails for future reference and as a record of the purchase. Lastly, we must check our credit card statement often. We shouldn't always wait for paper statements. We recommends consumers check their credit card statements for suspicious activity by either calling credit card companies or by checking statements online regularly.

Sources:
http://www.bbb.org/us/article/top-ten-cyber-monday-tips-for-staying-safe-when-shopping-online-23416

Rights of using your credit card online

noreply@blogger.com (Thanaraj) — Tue, 20 Sep 2011 09:26:00 +0000

Pay with a credit card – It’s best to use your credit card, because under federal law, the shopper can dispute the charges if he or she doesn’t receive the item. Shoppers which is you! also have dispute rights if there are unauthorized charges on their credit card, and many card issuers have “zero liability” policies under which the card holder pays nothing if someone steals the credit card number and uses it. If you are going to shop on classifieds web sites like Craigslist, never wire money and only buy locally.

Podcast #1 : Why we fall for Cyber Scams (Bahasa Malaysia)

noreply@blogger.com (Tee) — Mon, 19 Sep 2011 16:14:00 +0000

Hello everyone, today, what i'll be discussing about is why we fall into the hands of cyber scammers, making ourselves lose a large amount of money.

Money. We live with money. Money is important, and we NEED money. Normally, money is hard to get, we need to work so hard, just to get our paycheck by the end of the month, to pay our ever so costly living e expenses. What if, one day, all you have to do is "invest" in a few thousands ringgit Malaysia, and get back tens of thousands of ringgit Malaysia?

Sounds too good to be true? It probably is. Never let greed take over our common sense, and always think of the risk we are taking before we make our final decision. There is no such thing as free lunch in the world, and even if there is, it will be a one in a million chance.
Remember, greed will not bring good, so resists the temptation, and work hard to earn legit money!

Hello rakan-rakan sekalian, hari ini, apa yang saya akan berbincang tentang ialah mengapa kita jatuh ke dalam tangan penipu siber, dan menyebabkan diri kita kehilangan jumlah duit yang besar.

Wang. Kita hidup dengan duit wang. Wang memang penting, dan kita MEMERLUKAN wang. Biasanya, memang sukar kita hendak mendapat wang. Kita perlu bekerja keras, hanya untuk mendapatkan gaji kami menjelang akhir bulan, untuk membayar perbelanjaan sara hidup kita yang selalunya sangat tinggi. Bagaimana jikalau, satu hari, semua yang anda perlu melakukan adalah "melabur" dalam beberapa ribu ringgit Malaysia, dan menguntung berpuluh-puluh ribu ringgit Malaysia?

Kedengaran seperti ini sesuatu yang terlalu baik untuk menjadi benar? Memanglah tidak benar. Jangan biarkan ketamakan mengambil alih akal kita, dan sentiasa memikirkan risiko yang kami sedang mengambil sebelum kita membuat keputusan muktamad kita. Tidak ada benda yang percuma di dunia, dan jika ada pun, peluangnya sangat nipis. Ingat, ketamakan tidak akan membawa baik, justeru, tahanlah godaan, dan bekerja keras untuk mendapatkan duit wang yang halal!

Click play to listen to podcast!

First Poll Analysis

noreply@blogger.com (Tee) — Sun, 18 Sep 2011 14:24:00 +0000

Last week, we posted a poll question for our visitors to titled : "Have You Ever Become a Victim of Cyber Scam Before?"

The results is as follow :

The results are 12 No (80%), which is a lot higher than Yes (20%)

It is shown that most of our blog visitors are very cautious about these cyber scam cases, therefore they can prevent themselves from being a victim of cyber scam.

Not all Internet earnings are genuine

noreply@blogger.com (Thanaraj) — Sat, 03 Sep 2011 05:02:00 +0000

Nowadays people are more towards earning money in the internet, well this actually works for some but most of them failed by a deceiving uncle scam!
In order not to fall in the hands of these "Uncle Scam" the users should learn to identify and differentiate between a genuine site and a fake scam trap site. the following are the methods or ways of a scam-er approaching:
The most important part of a scam is making the FIRST CONTACT.It will trigger a series of emails if you fall to their traps.It is obvious it is synonymous to SPAM so you better be able to recognize these sites that is apt to get your money and leave you in the middle of Timbuktu.
See how you may identify these culprits right from the very intro of their page or email. Their links may be catchy so might as well follow the tips on the latter part of this blog so that you may no fall prey to these abusive individuals.
It's better to be aware right from the very start so I suggest you refer your friends and loved ones to this blog to give them an insight of the opportunities that the internet offers and the hazards of falling prey to scumbags ready to get your money just for the ploy of earning quickly or getting rich easily.

Popular cyber scam techniques

noreply@blogger.com (Tee) — Thu, 01 Sep 2011 17:05:00 +0000

Greed; is the nature of humans, we can never get enough, and we often seek ways to get more of everything, be it fortune or fame. Sometimes, the nature 'greed' can cross the line.

In the 21st century, where computer and internet has been parts and parcels of life, there are as many as 6.9 billion (and growing) people that are capable of accessing the internet.

Alongside the 6.9 billion people, a minority of those people has found out ways to abuse the internet users, specifically for their money. This is commonly known as Cyber scam.

Today, when internet has been around for so many years, these selfish users has refined their scam techniques to trick even the most careful users of the internet.

The following list are the list of a few popular techniques used by cyber scam operators.

1. Auction Fraud

Today, there are many websites that offer auctioning services, whereas a user can bid for a desired item. But, the catch is, due to the various location of the traders, the transaction is usually done online, and the item is delivered through postage services.

In most cases, the trade will be done within a few days of shipping the item to the destined owner; Whereas , scammers, after receiving the money, does not deliver the goods as promised. For example, they might not give item in the condition as shown in the picture, or sometimes they don't even send the items.

These auction frauds are hard to prevent as scammers can make multiple accounts to fake positive feedbacks, tricking users into believing them.

2. Phishing scams

The e-mail has been replacing the conventional land mail in today's world. There are billions and billions of users with registered email addresses that are used from a day to day basis.
The email has been a massive tool of malice because if anyone can send an email, anyone can recieve and read it.
If anyone can send an email, anyone can receive it.

The setup is begun by sending thousands and thousands of email to different email addresses, to get a slight chance of getting the victims attention.

For example, a scammer can fake an exact copy of an email from a bank, and send it to the victim asking for personal information, giving fake excuses such as promotions, account verification, or the upgrade of the system.

Sometimes, these users are unaware of the phishing scams around the internet, and foolishly enter their bank account numbers, pins, and personal IDs. This will grant the scammers with access to do transactions with the victims bank account, without the victims approval nor knowledge.

3. Nigerian 419 Letter

Named for the section of Nigeria's penal code that this scam violates, this popular technique has been on the internet for quite some time as it rakes a big amount of money from the victim.

This setup too begins by sending thousands and thousands of email, hoping to grab the attention of an innocent victim. The content of the message is usually capitalized to emphasize the importance and urgency of the message. An example of the message :

"DEAR SIR/MADAM: I REPRESENT THE RECENTLY DEPOSED MINISTER OF AGRICULTURE FOR NODAMBIZIA, WHO HAS EMBEZZLED 30 MILLION DOLLARS FROM HIS STARVING COUNTRYMEN AND NOW NEEDS TO GET IT OUT OF THE COUNTRY..."

This scam revolves around asking the victim to "help" transfer funds to their bank account, and get a share out of it. But before the transaction can be done, the victim must pay thousands of dollars for the so called "tax", "attorney", "bribes", and other fees.

As for most cases of fraud, after the scammer gets hold of the money, they disappear and the victim will never hear from them again.

Sources :

http://www.pcworld.com/article/119941/top_five_online_scams.html

Definition of Cyber Scam

noreply@blogger.com (Jackson Chee) — Wed, 31 Aug 2011 18:29:00 +0000

Cyber Scam is refers to the use of internet service to trick a victim for their money. There are a few characteristic that you will find in cyber scams. Most scam are done through e-mail which is also known as spam. E-mail user will be tricked by giving the scammer (person who do cyber scam) their critical information such as usernames, passwords, credit card information, or other types of account information.
Another way of cyber scams is through the spyware. Spyware is software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware application are typically bundled as a hidden component of freeware or shareware programs that can be download from the Internet. However, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.

An example of cyber scam through e-mail:

Subject: Windows Account Alert™‏

From: Windows Microsoft™ Center (war.veteran @ hotmail.com)
Sent: Fri 4/30/10 7:58 AM
To: accountprotectteam2010 @ hotmail.com Microsoft Live Account Alert!!! Dear Account Owner This Email is from Microsoft Customer Care and we are sending it to every Hotmail Email User Accounts Owner for safety. we are having congestion's due to the anonymous registration of Hotmail accounts so we are shutting down some Hotmail accounts and your account was among those to be deleted. Please verify your account and let us know if you still want to use this account. If you are still interested please confirm your account by filling the space below.Your User name, password, date of birth and your country information would be needed to verify your account.

Username: ...............................
Password: ................................
Date of Birth: ............................

Country Or Territory: ................
Confirm your E-mail by filling out your Login Information below after clicking the reply button, or your account will be suspended within 48 hours for security reasons. Sincerely,
The Windows Live Hotmail Team

— An example of an email phishing for user's Hotmail account passwords

Sources:
http://www.cybertopcops.com/anti-fraud.php
http://www.webopedia.com/TERM/P/phishing.html