PHISHING. It brings to mind images of shadow-cloaked personas hunched over their keyboards as they nefariously send out innocuous-looking emails to their targets scattered in the global information superhighway.
Similar in sound to the word “fishing”, which involves lures to hook fish, phishing is a fraudulent act of sending emails purporting to be from reputable sources to induce individuals to reveal personal information.
I had a first-hand encounter with a rather sophisticated form of phishing that showed the perpetrators’ eerie ability to utilise personal information of their intended targets.
Early this week, I was woken in the wee hours and saw on my smartphone screen an email purportedly from someone with the human resources department of the company I work for.
Perhaps due to the fuzzy state of my mind, I did not wonder why someone from the department would want me to sign a purchase agreement for an unspecified item.
I also did not wonder why the person would say “Thanking you” to end the professional-looking business email.
I also did not realise that the email was from an email account of someone whom I not only knew from the company, but was from a different department.
The email was brief and to the point, even stating that the sender is someone purportedly from the payroll section of the human resources department, complete with the full address of the company’s headquarters.
Luckily, due to the nature of the Android operating system on my smartphone, the attachment in the email did not open when I tapped on it.
Later, when I clicked on the attachment on a desktop computer, the screen showed a small pop-up window set against a fuzzy background of an official-looking document. It asked for my username, password and even phone number.
By this point, alarm bells were ringing in my head. I closed the window and called the HR department, and a staff confirmed that the person named in the phishing email was not attached to the department.
Thankfully, the person whose email account was hacked for the phishing attempt had succeeded in wresting back control of his account from the phisher. On my part, I deleted the email and changed my password for good measure.
However, this was an eye-opener in the ongoing battle against spammers, phishers and all online crooks.
Phishers and spammers are a notoriously tenacious bunch who can send out more than 150 million emails a day just to profit by fleecing a relatively small number of people.
In August 2012, the Symantec Security Technology and Response Group released its findings that revealed cybercriminals sent out 156 million spam emails daily to hoodwink 80,000 victims for profit.
The findings revealed that despite the fact that a majority of the spam emails were intercepted by spam filters, around 16 million make it into inboxes, with eight million opened by victims.
Out of the eight million, 800,000 links in the emails are clicked, with 80,000 people unfortunately sharing their personal information and ending up losing money.
These numbers are worrying. Online portal www.worldometers.info puts the population of Malaysia at 31,053,648 as at March 27. That number is a drop in the ocean compared with the 156 million spam emails that scammers send out daily.
The risks are further heightened when, during the recent Dewan Rakyat sitting, the Malaysian Communication and Multimedia Commission (MCMC), in a written reply, said broadband penetration in the country was at 77.9 per cent, and was targeted to reach 95 per cent by 2020.
While it is good that Malaysians are using more information technology, it also increases the pool of potential victims for spammers and phishers who exploit the growing number of Internet-connected smartphones, laptops and desktops.
The gravity of the problem is made more obvious when MCMC informed members of parliament during the same sitting that the commission had blocked 10,962 phishing websites from 2008 to January.
However, there is awareness on the importance of checking the authenticity of emails and having an anti-virus software to filter spam, as can be seen through the customers who buy such programmes in Kuantan.
One IT shop owner, who has been running his business for 20 years, said his customers usually bought anti-virus software, and if they bought new computers, they wanted him to ensure that anti-phishing programmes were installed.
As a popular character from the television series CSI: Miami would say: “Trust, but verify.” Words to live by, whether online or off-the-grid.
The writer is NST Pahang staff
correspondent. He seeks pleasure in contemplative pursuits like viewing thought-provoking documentaries and reading