Online security is a major contention amongst some customers who use internet banking services. While it is a valid concern, there are many steps we can take to minimise this risk.
The three most commonly used internet scams are phishing, trojans, and spyware; with the most common one being phishing.
Phishing is a fraud technique commonly used to attempt to trick people into revealing their security number and password to fraudsters. It is a type of deception designed to steal your valuable personal data, such as credit card numbers, passwords, account data, or other information. Phishing is typically carried out using e-mails (where the communication appears to come from a trusted website), an instant message, brochures and phone contacts.
Please do not respond to any email, suspicious website links or attachment from any senders (unknown or reputable) requesting for your personal and confidential financial information (credit card numbers, ATM card, IC and etc). EON Bank Group does not send out any email or contact the customers to validate or restoreyour internet banking information. If suspicious of any such communication, please contact our Customer Contact Centre at 03-2616 1133 or email to echannel@eonbank.com.my
EON Bank Group has many safeguards and detection systems in place to guard against identity theft prevention, but prompt action by customers is very important to help us stop and prevent such illegal activities.
Be Alert & Be Responsible
Below are some of the guidelines for safe internet banking:
•
Do not respond to emails, phone calls or SMS asking for your personal information, login information or change password notification.
•
Always enter to the bank’s correct URL www.eonbank.com.my and do not click any link from any email or attachment to go to our secure site.
•
Please keep your password safe and memorize them. We strongly advise to create an uncommon password. Also, change your password regularly.
•
Use the latest trusted antivirus, anti-spyware and personal firewall software. Update it regularly.
•
Be vigilant about clearing the browser cache, cookies and history once you complete your online transaction. Remember to logout properly.
•
Do not leave your computer unattended when you are conducting your transactions or while your session is still active.
•
Always check your account balances to ensure that no unauthorized withdrawal has taken place.
•
For secured website, please look for the security icon (locked padlock usually located within the bottom right navigation bar) while visiting our bank site.
•
If your bank account has been compromised, act fast and inform us at 03-2616 1133 or email to echannel@eonbank.com.my
Common Phishing Scams
There are a few common scams related to internet banking fraud. The method of the phishing scams include :
•
Via emails (seemingly from reputable or non-reputable source)
•
Via website (unsecured website/link/attachment)
•
Via phone calls and SMS
•
Via brochures/application form (e.g. Investment Scheme/Programmes)
Below are 12 steps that users can take to safeguard against possible online fraud attempts:
1.
Keep antivirus up to date – One of the most important things you can do to avoid phishing attacks is keep your antivirus software up-to-date because most antivirus vendors have signatures that protect against some common technology exploits. This can prevent things such as a Trojan disguising your Web address bar or mimicking an https secure link. If your antivirus software is not up-to-date, you are usually more susceptible to attacks that can hijack your Web browser and put you at risk for phishing attacks.
2.
Do not click on hyperlinks in e-mails – A hyperlink is a word, phrase, or image that you can click on to jump to a new document or a new section within the current document. Text hyperlinks are often blue and underlined, but don't have to be. When you move the cursor over a hyperlink, whether it is text or an image, the arrow should change to a small hand pointing at the link. When you click it, a new page or place in the current page will open.
It is never a good idea to click on any hyperlink in an e-mail, especially from unknown sources. You never know where the link is going to really take you or whether it will trigger malicious code. Some hyperlinks can take you to a fake HTML page that may try to scam you into typing sensitive information. If you really want to check out the link, manually retype it into a Web browser.
3.
Take advantage of anti-spam software – Anti-spam software can help keep phishing attacks at a minimum. A lot of attacks come in the form of spam. By using anti-spam software such a Qurb, you can reduce many types of phishing attacks because the messages will never end up in your mailboxes.
4.
Verify https (SSL) – Hypertext Transfer Protocol over Secure Socket Layer or https is used to indicate a secure communication platform such as payment transactions and corporate information systems.
Whenever you are passing sensitive information such as credit cards or bank information, make sure the address bar shows "https://" rather than just "http://" and that you have a secure lock icon at the bottom right hand corner of your Web browser. You can also double-click on the lock to guarantee the third-party SSL certificate that provides the https service. Many types of attacks are not encrypted but mimic an encrypted page. Always look to make sure the Web page is truly encrypted.
5.
Use anti-spyware software – Keep spyware down to a minimum by installing an active spyware solution such as Microsoft Antispyware and also scanning with a passive solution such as Spybot. If for some reason your browser is hijacked, anti-spyware software can often detect the problem and provide a fix.
6.
Get educated – Educate yourself on how to prevent these types of attacks. A little research on the Internet may save you a great deal of pain and save you from falling prey to any fraudulent schemes.
7.
Use the Microsoft Baseline Security Analyzer (MBSA) – You can use the MBSA to make sure you have all of your patches up to date. You can download this free tool from Microsoft's website. By keeping your computer patched, you will protect your systems against known exploits in Internet Explorer and Outlook (and Outlook Express) that can be used in phishing attacks.
8.
Firewall – Use a desktop (software) and network (hardware) firewall. On the desktop, you can use a software firewall such as Zone Alarm or use Microsoft’s built-in software firewall in Windows XP. The incorporation of a firewall can also prevent malicious code from entering your computer and hijacking your browser.
9.
Use backup system images – Keep a backup copy or image of all systems in case of foul play. You can then revert back to a pure system state if you suspect that a phishing attack, spyware, or malware has compromised the system. Tools such as Symantec Ghost and Acronis True Image are perfect for this.
10.
Don't enter sensitive or financial information into pop-up windows - A common phishing technique is to launch a bogus pop-up window when someone clicks on a link in a phishing e-mail message. This window may even be positioned directly over a window you trust. Even if the pop-up window looks official or claims to be secure, you should avoid entering sensitive information because there is no way to check the security certificate. Close pop-up windows by clicking on the X in the top-right corner. Clicking cancel may send you to another link or download malicious code.
11.
Secure the hosts file – A hacker can compromise the hosts file on desktop system and send a user to a fraudulent site. Configuring the host file to read-only may alleviate the problem, but complete protection will depend on having a good desktop firewall such as Zone Alarm that protect against tampering by outside attackers and keep browsing safe.
12.
Protect against DNS (Domain Name System) pharming attacks – This is a new type of phishing attack that doesn’t spam you with e-mails but poisons your local DNS server to redirect your Web requests to a different Web site that looks similar to a company Website (e.g. eBay or PayPal). For example, the user types in eBay's Web address but the poisoned DNS server redirects the user to a fraudulent site. This needs to be handled by an administrator who can use modern security techniques to lock down the company's DNS servers. Hence, do contact us if you face this problem.
The above are simple guidelines to minimize the risk of identity theft. Please continue to protect your personal information and keep yourselves updated on ways to mitigate this risk.
