ANNOUNCEMENTS

BE ALERT OF PHISHING SCAMS

Phishing attacks have become increasingly common in the last decade. Phishing attempts appear in many forms, including but not limited to email, pop-up window, text messages, phone calls and social media. It will often try to make you believe that urgent action is needed and you must click a link or a button.

What is phishing?

According to Microsoft’s Safety & Security Center, phishing can be summed up as:

“A type of online identity theft. It uses email and fraudulent websites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information”.

In other words, they’re tricksters. Typically, the phisher sends an e-mail or directs a website that appears to come from a legitimate business requesting "verification" of information and warning of some dire consequence if it is not provided. It usually contains a link of a fraudulent website that seems legitimate, with company logos & content and attempts to acquire sensitive information such as usernames, passwords, credit card or bank account details.

What are the tell-tale signs of a phishing scam?
  1. It is an unknown number or email.
  2. The sender address in an email or the URL of a website has been spoofed to appear as a reputable source. In some cases, the domain name looks similar to a registered and legitimate organization (e.g.: Fake site: www.t1me.com.my / Real site: www.time.com.my).
  3. Secure URLs that don't employ https are fraudulent, as are sites that begin with IP addresses i.e. 122.888.74/time.html
  4. Announcing you have won a prize like the latest smartphone, a holiday trip or just something that seems too good to be true.
  5. You’ve been prompted to call back an unknown number, reply to an unknown email or click on a link for the next action.
  6. A registered company name eg: TIME, is mentioned many times throughout or a low resolution of its company logo has been used.
  7. There are well-placed errors such as grammar and spelling mistakes.
  8. You’ve been asked to provide or confirm your personal details which are already on file i.e. IC no., bank account no., address, etc.
  9. It contains messages that inflict a sense of urgency or reaction from you without thinking.
How to be smart and prevent it?
  1. Take note of all the tell-tale signs and don’t take any action if you are unsure.
  2. If you suspect a website to be fraudulent, enter a fake username and password. If the website still accepts the information, it means that it is a phishing website.
  3. Never click on a link within a suspicious or unknown email. Always type in the URL of the site yourself and navigate to the login page via their menu, even if the website has a secure address or the security lock is shown on your browser.
  4. Make sure you are using a browser with the latest security patches and updates.
  5. Change your passwords periodically.
  6. Use a phishing filter. Most browsers have the function to enable phishing and malware detection.
  7. Never give out information over the phone if you did not initiate the call.

Feel free to contact us at 1800 18 1818 or email us at cs@time.com.my if you have any questions or concerns.