Nov 23, 2008

Phishing: What It Is And How To Avoid It (Part 2)

Categories: Maybank2u

This is Part 2 of our series on Phishing: What It Is And How To Avoid It. See Part 1 here.

Because criminals are becoming more sophisticated with their phishing scams, M2U users must learn to be even more sophisticated and careful when doing online banking.

Maybank’s Head of Cyber Security tells us how to avoid being a victim of phishing scams.

How can I spot a phishing scam?

To avoid being a victim of phishing, you need to stay alert when doing your online banking. Here are some steps to help protect yourself from phishing attack.

1. Double check the destination link of URLs in emails

When you receive an email purporting to be from Maybank which prompts you to click to visit M2U, double check the destination URL. Place your mouse over the link in the email (don’t click!) to see the destination URL. Be sure to look at the status bar at the bottom of your browser window because the URL can be faked within the email body. See the image below for an example.

2. Emails with generic greetings

Be suspicious of emails with generic greetings like, “Dear customer”.

3. Double check your login URL (with https://)

When logging into your M2U account, double check that the beginning of the URL in your browser shows https://www.maybank2u.com.my/…

4. Use web browsers like Firefox which provides web forgery warnings

Certain browsers like Firefox have built-in web forgery warnings. While not 100% accurate, it does help to filter out the very obvious phishing scams and every little bit counts.

What kind of advice do you have for M2U users to avoid phishing scams?

The most important thing that M2U users can do to avoid phishing is to practice safe online banking habits.

One habit to cultivate is to check M2U to verify any notifications that you have received via email. M2U will always provide more details on our website for genuine notifications. If you can’t find the notification on our website, be suspicious of the email.

Another important habit is to only login to M2U by typing in the URL yourself and avoid clicking any links in email, instant messenger or external websites that supposedly lead to M2U.

* * * * *

And there you have it, all you need to know about what phishing is and how to avoid becoming a victim. Again, feel free ask for clarification in the comments of this post.

Now please do us a favour. Ask your friends if they know what phishing is. If they don’t, please teach them and show them Part 1 and Part 2 of M2U’s series on Phishing: What It Is And How To Avoid It.


Tags
how-to online banking phishing security

6 Responses to “Phishing: What It Is And How To Avoid It (Part 2)”

  1. norshas Says:
    November 30th, 2008 at 9:11 pm

    I’ve failed to login to M2U for the past week. Error message was displayed as below:
    “There is a problem with this website’s security certificate.

    Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

    We recommend that you close this webpage and do not continue to this website. ”

    Pls advise. TQ

  2. Cheong Woi Yoke Says:
    February 23rd, 2009 at 10:02 am

    I received email in my company’s email address with the subject SECURITY ALERT attn to all Maybank customer that Maybank is recently suffered a DDos-Attack on Online Banking server. And asked me to complete the next steps to verify the integrity of my Maybank account. If fail to complete the verification in the next 24 hours my account will be suspended.
    I am asked to log in to Maybank online account link. 2nd step to request for TAC then logout and close the browser. Steps 4 upon receiving the TAC and submit all to their secured server. 48 hours to processing
    2001-09 Maybank.All rights reserved.
    I did log in through the link and type Username & password and immediately cancel it when I feel suspect this is phishing mail and called up Maybank customer service to verify.

  3. syirah Says:
    April 9th, 2009 at 5:55 pm

    that’s good warning post. it can help maybank customer. fortunately i read it

  4. Haji Abdul Karim Says:
    April 16th, 2009 at 5:35 pm

    I would like to report the case below
    from
    Haji Abdul Karim

    — On Wed, 15/4/09, Maybank wrote:

    From: Maybank
    Subject: Unblock your Account
    To:
    Date: Wednesday, 15 April, 2009, 11:39 PM

    Unblock your Account

    ——————————————————————————–

    For security reasons, your Maybank account has been blocked due to inactivity or becouse of too many failed login attempts.

    Please login at maybank2u to restore your account access.

    Online banking: Login

    Maybank Berhad
    https://www.maybank2u.com.my

    ——————————————————————————–

    © 2001-08 Maybank. All rights reserved.

  5. Mohamad Says:
    April 22nd, 2009 at 6:54 am

    Hi,

    I just got phishing email today from email: alert@red-alertm2u3.com
    URL given: http://www.x-m2u-networks.com/M2ULogin.htm

    Where and how to report?

  6. azmi Says:
    May 5th, 2009 at 10:37 am

    Below email i rcvd this morning. but the link to maybank2u as below : http://user-vc8fpat.biz.mindspring.com/CSI/APvX/of/index.asp . kindlytake aaction. this phisig email request a tag also.

    azmie

    Unblock your Account

    ——————————————————————————–

    For security reasons, your Maybank account has been blocked due to inactivity or becouse of too many failed login attempts.

    Please login at maybank2u to restore your account access.

    Online banking: Login

    Maybank Berhad
    https://www.maybank2u.com.my

    ——————————————————————————–

    © 2001-08 Maybank. All rights reserved.

Leave a Reply

What is this?

This is the all-you M2U blog, where you can find all the information you need about M2U.

Learn more

Subscribe

Subscribe to our RSS feeds to stay up-to-date with M2U.

Tags