I used to play this game several times years back. Maybe they should put this on Phishing 101;
http://wombatsecurity.com/antiphishing_phil/index.html The extended version however need to pay... yup, the developers feed their dependents too,not just us! On Sat, Oct 9, 2010 at 10:35 AM, ApOgEE <[email protected]> wrote: > Social Engineering or S.E. is a method of gaining useful secret & > confidential information of certain victim. The attacker could use any form > of social communication like stalking victim's personal life, being friend > of victim's friend and family to gain information, being friend or dealing > any job/business with victim, being friend with victim's self and asking > questions that is unnoticeable to victim as malicious confidential > information leading to loss of victim's property and so on. They are > manipulating people (either victim or people around victim) to perform a > well planned attack causing loss to the victim. Good social engineer can do > as good as spy to get victim's information if it is worth to get. > > To avoid such attack, always be careful on whatever information you are > passing to your friends and family. You have to be aware on which > information to open or kept secret to your friends and family. It is not > about being so secretive where you keep everything secret including your > name and so on... if you avoid communicating to people, you could be 'kera > sumbang' then.. hahaha... You have to know exactly what kind of information > is to keep secret and what not. > > The BASIC rule is, keep your password or ANYTHING RELATED to your bank > account like TAC, Mobile number, what so ever secret to yourself ONLY. You > have to be certain that any information being asked to you is from an > AUTHORIZED entity. For online, check for https, cert, or any trustworthy > relation and be confirm to whoever you trust. For phone, you have to confirm > that YOU CALL the right person. If someone called and ask you such > information, KEEP A LOG of their name and phone number and DO NOT PASS any > confidential information. Anybody can call you and ask because you can't see > them. Your phone call are recorded in Telco's server and anybody (who could > be Malicious Cracker) could break-in and listen to it. DO NOT PASS your > secret info via SMS because your data is not encypted. If you are in doubt > of any entity, simply DO NOT PASS your information and get your confirmation > from AUTHORIZED person that such entity should be TRUSTED OR NOT before you > continue to pass your confidential information. > > Again... do you think your secret are all safe?... THINK AGAIN... > > > On Sat, Oct 9, 2010 at 9:34 AM, Muhammad Najmi Ahmad Zabidi > <[email protected]> wrote: >> >> i think i can. >> except for the term "social engineering", it must be elaborated as well. >> >> >> >> On Sat, Oct 9, 2010 at 9:08 AM, Harisfazillah Jamel >> <[email protected]> wrote: >> > Assalamualaikum and salam sejahtera, >> > >> > If you are using Maybank2u you will see a warning "Beware of >> > Phishing". If you are not a IT person, can it be understand ? >> > >> > --------------- >> > Beware of Phishing >> > >> > >> > Protect your Username, Password and Transaction Authorisation Code (TAC) >> > >> > In the field of computer security, phishing is the criminally >> > fraudulent process of attempting to acquire sensitive information such >> > as usernames, passwords and Transaction Authorisation Code (TAC) >> > details by masquerading as a trustworthy entity such as banks or other >> > financial entity. Communications purporting to be from IT >> > Administrators are commonly used to lure the unsuspecting public. >> > Phishing is typically carried out by e-mail and it often directs users >> > to enter details at a fake website whose look and feel are almost >> > identical to the legitimate one. Even when using server >> > authentication, it may require tremendous skill to detect that the >> > website is fake. Phishing is another example of social engineering >> > techniques. >> > >> > Therefore, please ignore the phishing email, but report the matter to >> > us immediately. >> > _______________________________________________ >> > Owasp-Malaysia mailing list >> > [email protected] >> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia >> > >> > OWASP Malaysia Wiki >> > http://www.owasp.org/index.php/Malaysia >> > >> > OWASP Malaysia Wiki Facebook >> > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >> > >> _______________________________________________ >> Owasp-Malaysia mailing list >> [email protected] >> https://lists.owasp.org/mailman/listinfo/owasp-malaysia >> >> OWASP Malaysia Wiki >> http://www.owasp.org/index.php/Malaysia >> >> OWASP Malaysia Wiki Facebook >> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > > > > -- > Best Wishes, > > M. Fauzilkamil Zainuddin > ---------------------------------------------------- > ApOgEE a.k.a JeRuNgKuN > ---------------------------------------------------- > https://edge.launchpad.net/~apogee - ApOgEE on LaunchPad > http://artofapogee.blogspot.com - Art Of ApOgEE > http://coderstalk.blogspot.com - Coder's Talk > ---------------------------------------------------- > > > _______________________________________________ > Owasp-Malaysia mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > OWASP Malaysia Wiki > http://www.owasp.org/index.php/Malaysia > > OWASP Malaysia Wiki Facebook > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > _______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
