The modus operandi of this group is like any other typical phishing band where potential victims are sent to fake online banking web sites where they enter their username and password information. The phishers will then use this information to log in to the victims’ online banking account and rob them blind.
What suprises me is the coverage that the media have been giving these thieves. The way the articles about their activities were written seem to imply that the crackers are advanced IT experts. The fact is, phishing is simply more of a social engineering exercise that requires little knowledge of IT. The same applies to victims of such attacks, they tend to be virtually ignorant of basic online information security.
Below are some steps you can follow to avoid being victims of phishing attacks:
- Banking institutions will never ask you to login to web sites not under their domain. For example, RHB’s online banking web site is https://logon.rhbbank.com.my/. Any other web site claiming to be from RHB bank but not using that URL is very likely to be a phishing front.
- All reputable online banking web sites will only be using the HTTPS protocol. Meaning their web sites URL will begin with
https://and not the far more commonly used
- Banking institutions will almost never ask you to submit anything anywhere via email. They already have your information, so why would they need you to “verify” anything, especially through untrusted communications medium such as email.
- Regularly change your password.
- Use strong passwords. A good password should be a combination of lower and uppercase letters, numbers and if allowed, special characters (eg. !@#$%)
Happy online banking, and don’t let the phishers bite 🙂