Related Posts with Thumbnails

Thursday, December 31, 2015

Online Fraud

Online fraudsters are getting very sophisticated. My email account is subjected to a barrage of emails that are so expertly done that they look legitimate.

Dangers of Malware
Most online banking systems require a 2-step verification process. Recently, there is malware that will re-direct you to a phishing site that looks exactly like your bank's webpage. Here, you will log in using the password generated by your token. Crooks stand ready on the back end of that site. They immediately use your token to log onto the real site and make immediate transfers. Within 15 minutes, a lot of your money has left your account. See UOB's advisory on how to recognise this type of phishing site.

It is important to prevent malware from taking up residence in your computer.

Emails That Dupe You Into Clicking On Malware Links
Variously, these emails state...
(1) Unless you click on the link, your account will be deleted/suspended.
(2) Click on the link to get a good deal from NTUC / Cold Storage / Amazon.
(3) Click on the link to get a security update.
(4) Click on the link to read tips to guard against online fraud.

This morning, I received a very ORIGINAL one asking me to click on a link to read Pinterest's Privacy Policy.
I normally will simply delete such emails. Any unsolicited emails from Amazon, Pinterest, NTUC, CPF, Cold Storage, banks... whatever, I will immediately delete without reading. However, this morning, in order to write this post, I clicked on Show Details above.

Note the email address. It has been adulterated to read "@explore.pinterest". This email is therefore NOT from Pinterest.

Also suspicious is the requirement to click on a link to read the updated Privacy Policy. Why should I click on a link to read? The legitimate sites will usually just detail the Privacy Policy within the email because they too are aware of such malware links and do not want to confuse their own subscribers/customers.

Suspicious PayPal Emails and Calls
Almost on a daily basis, I had been receiving PayPal emails that look legitimate. These emails are from or These emails are NOT from PayPal. The adulterated email addresses make it clear. Recently, I logged onto the webmail service of my email provider and added all these suspicious emails to the Blocked Senders group along with a host of unwelcome advertisement email addresses. I also report the suspicious email addresses as "phishing" emails to my email provider so that it can block them from other people's accounts.

Use Apple Devices (but do NOT Jailbreak them)
We have transited everyone in the family to iMac, Macbook, iPad or iPhone. Old android or PC devices are never used for money transactions. If you do not jailbreak your Apple devices, the only way to load software is through Apple Store. Apple Store will test/qualify the new apps. Sometimes, viruses do get past Apple and make it into Apple Store BUT the moment it is found out, Apple will release iOS updates to deal with it.

These measures do not entirely remove the risk of malware loading onto our computers but they do reduce the risks by a lot.

Further, to be absolutely kiasu... if I receive emails from friends/contacts that look suspicious, I use ONE iPad to log into the webmail site and click to open. I don't even open it in the iPad email app itself. It is always the same iPad that I use for this. This iPad is never used for money transactions.

It is my Dirty iPad.

Suspicious Calls
I also receive calls from PayPal to verify details on the phone. I always tell them that I will never answer such questions on the phone.

No comments: