Wednesday, February 25, 2009
Phishing?
I received an email from "Maybank2u" that need me to login into the website and request for TAC. Haha. How i'm able to detect it was a phishing email? It's because:
1. I didn't subscribe my company email to maybank2u instead of my personal email. Yes, the email is going to my company email inbox.
2. The title was "Important Message from Mybank", see the typo. It's Maybank you stooopid!
3. The sender email was "Mybank [service@maybank2u.com.my]", yes maybe they use their own sendmail server or using 3rd party website that can create a spoof email address, but then, it's Maybank not Mybank you stooopido!
4. The receiver email is none, it' seems that they sent this email randomly. Hmm.
5. See paragraph no 4. :
"4. When you have received the TAC (Transaction Authorization Code) on your mobile phone, Log in to our secured verification server and submit the requested information(Account user ID, password and TAC).CLICK HERE to go on our secured server."
The link to secured server is going to : http://mail.gemacocards.com/www.maybank2u.com.my/index.html instead of https://www.maybank2u.com haha.
6. Of course when you click the link, Firefox 3.0 already help you to prevent you to proceed accessing the website. Thanks Firefox!
7. If you installed netcraft firefox plugin to detect any phishing site or where the site is belongs, you can see that the website is hosted in other country instead of Malaysia. Maybank is Malaysian Bank!
8. Another thing is, they do study how Maybank TAC being operated. They ask user to login first and click the request button, then Maybank will sent TAC number via your mobile number, then if the user not aware, they will enter the TAC number with user and password in the front page, auchh! Carefull everyone, maybank will not ask you to enter TAC in the front page instead of after you login to Maybank website.
That's all for now! Guys! you are intelligent enough to detect phishing email. Don't get fooled by them!
:)