Sunday, July 6, 2008

Review of a local E-commerce site



Blooming Florist Sendirian Berhad is a local company which has its owm site, www.blooming.com.my. The company has started its operation since 1981 by May and Martin Cheah.it allows customers to buy its products and services through the internet. Besides having an online store, Blooming Florist has grown to owned six retail outlets in Petaling Jaya, Kuala Lumpur and a head office cum workshop cum retail outlet in Kelana Jaya.To conduct its service effective and efficient, it has linked with most reliabe florists throughout the world.



The company delivers products such as hand bouguets, basket arrangements, cookies, cakes, wine, hampers, potted plants, pewters, plush toys, and home decorations.

Blooming Florist allows customers to buy and send the particular product to family members or friend located overseas.

For first timers, they can easily know what the company is offering. The site was designed simple with a white background, which able to outstand its product attractively. Products are listed out with their pictures which each able to be enlarge and pictured in different angles.

Moreover to emphasis on customer satisfaction, the company provides refund policy, floral arrangement tips, floral care and so on. There is also a page on FAQs (frequent asked questions) to guide custormers how to place an order, how to register as a member, and other information which normaly a custormer may ask.

The company's site is like other e-commerce site that we may see always on the Internet.


Search Engine
The page provides a search engine to help users to narrow down their findings to only what they are interested to. This able to shorten a customer purchasing prosses. Either than using the search engine, users can also choose to shop by products or by occasions as listed on the left hand side of its home page.


Shopping Cart
"My Shopping Cart" is located on top of the site. The cart is designed to collect a customer's orders at a time. At the end of a customer's shopping, the cart is filled with the total items and the sub total of the customer's purchase. Carts are useful to avoid customers buying lavishly.


Payment System
Customers can make their payments through various ways. They can either choos to pay by using the online credit card, online banking, mobile payment, or cash payment at their retail outlets.





Reference:
Prepared by: CHOI LAI YEET

Corporate Blogging : A new marketing communication tool for companies


Corporate blog is generally published and utilized by organizations to reach their desired goals.

Corporate blogs are acting similarly as some mass media such as radio, television, newspapers and so on. They are important to act as an media to deliver the organization’s important messages as well as views.

Although there are many types of corporate blogs, but they are generally categorized into two types, which are the internal and external blogs.

For the internal blogs, they are actually used within the organization. Employees can access and view them via the company intranet. Examples of internal blogs are knowledge and culture blogs. Internal blogs are important to encourage employee participation in company issue discussions, and gain direct access to communication between employees across departments in the organization.

The external blogs are weblog created for the communication of the organization’s stakeholders, such as company employees, groups, and any other parties which are interested in the company. The examples of external blogs are sales, relationship and branding blogs. These blogs actually link and gather all the stakeholders and outsiders to share their opinions and views.

The external blogs play an crucial role as a communication tool for the organization with outsiders. Discussions and sharing of opinions or information about newly launched products are available in these blogs. For instance, the relationship blog is used for creating, upholding and strengthening the relationship between the organization and its related stakeholders.

The implementation of corporate blogging in Stonyfield Farm over in the United States has successfully strengthened its bonds and relationships with its suppliers and customers. Not only that it built customer loyalty, but also boosted the employees’ working efficiency. The internal blogging system had become a very effective tool for the employees inside the company to communicate. On the other hand, the external blogs are very good at sharing its new product information as well as welcoming customers and suppliers to provide feedbacks and the views.




The benefits of corporate blogs include:

i) the posts and comments are easy to reach
ii) all current browsers do support the technology, making viewers can actually gain access to the recent posts without needing to visit the blog.
iii) a corporate blog does not require a high cost to set up. The license fees range from $200 for a single site to $1300 for 50 blogs.

In short, corporate blogging has become an important marketing communication tool for organizations. Each internal and external blog has its own roles and functions in assisiting the organization to achieve its desired goals.



References:



Prepared by : WONG CHEE WAI

E-Government in Malaysia: Its implementation so far and citizen's adoption strategies


The implementation of electronic government started since the initiation of Multimedia Super Corridor (MSC) by Malaysian government. E-government is introduce in order to improve the convenience, accessibility and quality of interaction with citizens and businesses. Other than that, it helps to improve the information flows and processes within government to improve the speed and quality of policy development, coordination and enforcement.

Several implementation of E-government in Malaysia can be described as the following:

(1) Government to Citizens
· Electronic Service Directory (e-services)


With E-services, one now is able to perform transaction with government agencies and utilities payment. For examples, telephone bill (TM Point), electricity bill (Tenaga Nasional Berhad), and Road Transport Department (RTD). The channel of service delivery may include the kiosk machines and internet. One of them is rilek services.

· Electronic Labor Exchange (ELX)
With ELX, Ministry of Human Resource has become a place which enables the employers and job seekers to communicate on the same platform as labor market information and references is available. The main objective of ELX is to ensure that manpower utilization is optimized so that mobilization of nation’s human resources can be improved.

· E-Syariah
E-Syariah applications are consist of Syarie Lawyers Registration System, Library Management System, Syariah Court Case Management System E-Syariah Portal and Office Automation System. It enables the Islamic Affairs Department to improve the management and the effectiveness of its 102 Syariah courts. On the other hand, the judges of Syariah Courts will be able to access the precedent case and the information needed in a particular case in a more rapid manner than before.

(2) Government to Business

· E-Procurement
Suppliers will be able to obtain tender information as well as submitting their bid via internet. Besides, suppliers can sell their product and services to Government via E-Procurement. This is contributing to the transparency and accountability, saved time and money of the suppliers. Thus, it encourages the suppliers to join the K-Economy as they go internet. However, E-Procurement is taken off with the introduction of ePerolehan.

(3) Government to Government
· Human Resource Management Information System (HRMIS)
HRMIS provide a single interface for the government employees to perform human resource management functions effectively and efficiently in an integrated environment. It provides an up-to-date HR data for effective planning, better communication, effective staffing and right sizing of civil servants.

· Government Office Environment (GOE)
Enterprise-Wide Communication Management System, Enterprise-Wide Collaboration Management System and Enterprise-Wide Information Management System are the elements in GOE. It allowed the fast search and retrieval of documents and collaboration and sharing of information. Preparation and storage of documents in an effective style and secure and traceable access to the documents is permissible.

· Project Monitoring System (PMS)
It is the online system that monitors the entire lifecycle of the national program. Application Service, Communication Service and Data Service are cover under PMS.

Citizens in Malaysia are still reluctant to use the E-Government service as they lack of confidence and trust on the current technology. However, due to the benefits that offered by E-Government, more and more citizens are moving towards using the services provided by E-Government. They are slowly adapting to the use of internet services as they trust and confidence is build on the services of the Government.

References:
Prepared by: HO PECK KEE

Saturday, July 5, 2008

Thing to take note to prevent e-auction fraud when a consumer participating in an e-auction

Auction is market mechanism where buyers make bids and sellers place offers. It is characterized by the competitive and dynamic nature by which the final price is reached. Electronic auctions(e-auctions) is auction which is conducted online, and it have been in existance for several years. individual consumers and corporations alike can participate in this rapidly growing and very convinient form of e-commerce. E-auction undoubtedly brings a lot of advantages to both buyers and sellers. To sellers they can enjoyed increased revenues, get optimal price setting, remove of expensive intermediaries, get better customer relationship, enjoys liquidation, lower their transactions as well as administrative costs. To buyers, they can enjoy the opportunity to find unique items and collectibles, chance to pay less, entertainment, anonymity and convenience.

However, there is also limitation of e-auctions and one of them is that it faces the possibility of fraud. Fraud can be conducted by sellers as well as buyers or others. The following are some examples of fraud:


  • Bid shielding

  • Shilling

  • Fake photos and misleading descriptions

  • Improper grading techniques

  • Bid siphoning

  • Selling reproductions as originals

  • Failure to pay

  • Failure to ship merchadise

  • Loss and damage claims

  • Fake escrow services

  • Other frauds

According to Internet Fraud Watch, of all e-commerce activities conducted over the Internet, fraud is most serious in e-auctions. E-auction fraud accounted for 70 percent of the e-commerce fraud that occurred in 2001 (down from 87 percent in 1999). The average auction loss is $518 per complaint, and roughly $6.1 million was lost due to fraudulent activity in 2001.
Following are action to prevent e-auction fraud used by eBay-the largest internet auctioner to reduce fraud:

1. User identity verification such in IC number, driver’s license number or date of birth. For example, verified eBay user, the voluntary program, encourages users to supply eBay with information for online verification. By offering their Social Security number, driver’s license number, and date of birth, users can qualify for the highest level of verification on eBay.
2. Authentication service. Product authentication is a way of determining whether an item is genuine and described appropriately. It difficult to perform because it relies on the expertise of the authenticators, Because of their training and experience, experts can (for a fee) often detect counterfeits based on subtle details. However, two expert authenticators may have different opinions about the authenticity of the same item.
3. Grading services which is a way to determine the physical condition of an item, such as ‘poor quality’ or ‘mint condition’. Different item have different grading systems. For eg, trading cards are graded from A1 to F1, whereas coins are graded from poor to perfect uncirculated.
4. Feedback forum. It allows buyers and sellers to build up their online trading reputations. It provides user with ability to comment on their experiences with other individuals. For example, eBay offers insurance underwritten, users are covered up to $200, will with a $25 deductible. The program is provided at no cost to eBay user.
5. Escrow services. Both buyers and sellers in a deal are protected with an independent third party. Buyer mails the payment to escrow services which verifies the payment and alerts the seller when everything checks out. An example of a provider of online escrow services s i-Escrow.
6. Non-payment punishment. To protect sellers, a friendly warning for first-time nonpayment. A sterner warning is for second-time offense, with a 30 day suspension for a third offense and an indefinite suspension for a fourth offense.
7. Appraisal services which use a variety of methods to appraise items. It includes expert assessment of authenticity and condition, and reviewing what comparable items have sold for in the marketplace in recent months. An appraised value is usually accurate at the time of appraisal but may change over time as an item becomes more or less popular in the marketplace.
8. Item verification is a way of confirm he identity and evaluate the condition of an item. Third parties will evaluate and identify an item through a variety of means. For example, some collectors have their item “DNA tagged” for identification purpose. It provides a way of tracking an item if it charges ownership in future.
9. Physical inspection. It can eliminate many problems especially for collectors’ item. When the seller and buyer are in the same vicinity, it is easy to arrange for such inspections. eBay offers inspection services on a regional basis, so buyers can arrange for nearby inspections.
10. Insurance policy. eBay offers insurance underwritten by Lloyd's of London. Users are covered up to $ 200, with a $25 deductible. The program is provided at no cost to eBay users. Supplementary insurance is available from companies such as AuctionInsurance.com. At other auction sites, such as Amazon.com/ auction, some insurance is provided, but extra insurance may be added.


Tips for Buyers

  • Identify the seller and check the seller’s feedback rating.
  • Do your homework. Be sure you understand what you’re bidding on, its relative value and all terms and conditions of the sale, including the seller’s return policies and who pays for shipping.
  • Establish your top price and stick to it.

Evaluate your payment options. If possible, use a credit card. It offers the most protection if there’s a problem. Consider using an escrow service if the seller doesn’t accept credit cards.


References:

http://amazingcommerce.wordpress.com/2008/06/26/things-to-take-note-to-prevent-e-auction-fraud-when-a-consumer-participating-in-an-e-auction

http://wps.prenhall.com/wps/media/objects/260/267260/online_appendices/Turban-Appendix2A.pdf



Prepared by: YEAP SUE YIE

Saturday, June 28, 2008

Credit Card debts: Causes and Preventions


Credit card is a system which named after a small piece of plastic card issued to its users. Users lend money and to be paid later to the particular bank merchant. The system allows users to revolve their balance at the cost of having interest charged for late payments. The cards are in the same shape and size which are specified by the ISO 7810 standard that means they are easy to bring along everyday.

As we all know credit cards provide us benefits such as convenient and attraction of the intense competition in the credit card market. Those banks and financial institutions usually provide offer incentives like frequent flyer points, gifts certificates or cash back to attract customers to signup their credit card offers.
On the other hand, many credit card holders are filed for bankruptcies each year. This happened because subscribers do not realize of its consequences when signing up without understanding the terms and conditions of subscribing them. Subscribers often pay only the interest and the minimum amount when debts are due, this allows their debts to accumulate each month and being charged for a higher interest.


The followings are causes of credit card debts.

1. Poor Money Management
This is one of the best reasons why so many individuals accumulate so many debts. Occurs when they do not have a monthly spending plan and do not practice how to keep track on their monthly bills which makes them unaware of where their money is going. They might spend on something which is useless or invaluable in their life, yet they do not realize it. This unwanted purchase might also be charging through your credit card and at the end forcing you to pay interest on the purchase every month.

2. Unemployment
Individuals are forced to use credit cards for their own convenient to maintain their current lifestyles. During the unemployment period, individuals especially the main breadwinners of a household are in need of income to raise their family members. If those expenses are unable to reduce which means this may lead to a larger potion debt.

3. Gambling
As today, gambling is a common activity for most of the individuals. If individuals are addicted to gambling, then it is hard to stop them. For gamblers’ convenient, gambling organizations set up website for their loyal customers. It will lead them to financial disaster if they gamble using their credit services

4. Financial Illiteracy
Individuals do not really understand how money works and grow, how to safe and invest for rainy days and reasons of balancing their checkbook. You are what you have in your accounts and you are responsible for it. If there is a habit of spending wisely in you, you are lucky. Financial mistakes are expensive so be educated and get in control of your expenses. Topics like saving and investing your personal finances are not taught in school. So it is on you to wisely save them so rainy days.

5. No Financial Communication Skills
Communicate with your wife and a child about finances matter is important. Often communicate and discuss financial issues and spending behaviors. It is wise to outline your strategies for you to spend and save at the same time. Family members should be honest about their expenses. In the US, many couples divorce because one of them is rack up thousands of dollars in credit card debt. Moreover, some of them did not even know the credit card account was existed!


However, there are many ways to avoid those debts if we know how to prevent them.

1. Budget
Practice to draft out a budget every month. It is important to manage your money before it dries up. If you able to follow the plans without spending over the budget, then u might no have to rely on your credit cards anymore.

2. Control
Control ourselves from using credit cards unless they are necessary. A wise holder will only use them from emergency and so on. There are no penalties so not using yours cards.

3. Low interest rate
Get a low interest rate cards to reduce your burden someday. Each month’s unpaid balance will be charge according the rates.

4. Remember pay on time
Your credit cards’ statements will usually arrive days before the due date. So remember to clear of your debts. If you are unable to pay back the whole sum, then try to pay back as much as possible, or else your debts will keep on grow each month.

5. Awareness
Be aware of the consequences of not able to repay your debts. You maybe declared as a bankruptcy or lose everything to the creditors. Educate the young generation. Teach them the ways to manage their own finances for a greater future.

In conclusion, the cards should be used for emergencies only, unless you plan to pay up the entire balance immediately.



http://www.3debtconsolidation.com/top10-causes.html
http://ezinearticles.com/?Credit-Card-Debt---Prevention-Is-Better-Than-Cure&id=226244

Mobile Payment systems in Malaysia : Its potentials and customers' adoption strategies







Mobile payment is also referred as collection of money or certain fees from customers through the usage or high technology devices such as mobile phone and Personal Digital Assistant (PDA).

Mobile money nowadays has become very popular with wide usage over the world, particularly in Philippines. However, in Malaysia the usage is still in the beginning stage. Mobile Money International Sdn. Bhd. is the first company introducing this idea in Malaysia. Being the pioneer in this industry in Malaysia, Mr. Lee Eng Sia as the managing director of MM wallet has the vision to create a society and business world using more digital money instead of using cash.

Actually, the concept of Mobile Money has a great potential to grow and become popular among Malaysian citizens. There are a few reasons for its potentials. First of all, the security is high because it uses personal password to gain access to the customer’s digital wallet.


Secondly, it is very convenient to use Mobile Money. By only having a mobile device in your hand, you can pay anyone, from anywhere, at anytime by sending one SMS. Regardless of what time it is or what is the geographical condition of the place you are staying, you can easily pay for personal bills or loans, purchase goods and many more benefits that we can think of.


Since this industry is growing fast, there are few customer adoption strategies which can help to attract more customers to adopt and accept this mobile money concept.

Firstly, advertising is important to increase potential customers’ attention and awareness about this digital money concept. The benefits using MM Wallet are shared with the public to make sure everyone knows about it.

Secondly, Mobile Money International Sdn. Bhd should first segment its target market to the younger generations instead of all age groups. This is because the young generation can easily accept new things and concept. Not only that, the young people are also more familiar with such mobile devices, thus they are more likely the group to first adopt this mobile money system.




Thirdly, the company may try to reach and cooperate with more banks and companies in more industries and fields. This can make customers feel that their digital money is very useful. With only Money Mobile Wallet, customers can buy things they want to buy without even bringing cash with them. Therefore, it is important that the company can have contacts and affiliates with other companies from different fields and industries.

Last but not least, with the rise of Mobile Money Wallet or digital money, shopping, paying bills and transferring money can be so easy and convenient, at the same time securing the safety of customers.




References:

Prepared by: WONG CHEE WAI

Friday, June 27, 2008

Review on a post on e-tailing

Blog title: using Touch ‘n Go to buy fast food in Malaysia will be a reality


Touch ‘n Go is incorporate in October 1996 and officially launched its services in March 1997. It is an electronic purse that can be used at all highways in Malaysia, major public transports in Klang Valley, selected parking sites and theme parks. This card looks similar to a credit card but it uses contact less smartcard technology. As long as this card is pre-loaded with electronic cash, user can continue to use the card. For the time being, user can reload the card at toll plazas, train stations, Automated Teller Machines, Cash Deposit Machines, Petrol kiosks and at authorized third party outlets.


Touch ‘n Go enhances the speed of paying for low value but high frequency transactions. Apart from the speed, it is also very convenient because user no longer need to prepare for small change or wait in queue at the cash lane to complete the transaction.

Touch ‘n Go is now expanding their applications and services towards the retail purchase, starting with particularly the fast-food industry. Starting from 19 April, consumers use their Touch n’ Go card for retail purchase as well as buying fast food. As much as 21 outlets in the Klang Valley have taking part in this project. The outlets which taking parts includes A&W, Burger King, Dunkin’ Donut, 7-Eleven, Carrefour hypermarkets, Caltex convenience stores and Cineleisure. Besides, to encourage users to use Touch ‘n Go retail purchase, Touch ‘n Go has come out with such promotion that enable users to enjoy some privileges when they pay using their cards.
According to Touch ’n Go chief operating officer Hasni Zarina Mohamed Khan, the card was an electronic purse and supports Bank Negara’s move for a cashless society. User can now use the card at all the outlets with no worries as all of the chain stores have an agreed that there will be no extra charges for those using Touch ’n Go cards compared to those using cash. For example, if the item is RM1 then it will still be RM1 if you use the card.

Moreover, cardholders could top up the value of their cards to RM1, 000 and need not need to worry if the cards were lost or stolen. At the same time, the card could also be a good way of controlling children's spending as this could be their one card from taking public transport to buying their lunch or snacks.

Hong Kong’s Octopus is one of the very successful examples of this electronic purse system that makes travelling, dining and shopping in Hong Kong simple and hassle-free. Touch ‘n Go is now is targeting on 5-10% of the carholders to use the card for retail purchase, as only 20% of the holders is using the Octopus for retail purchase purposes in Hong Kong which is one of the most successful in the world.


References:

http://ecommerze.blogspot.com/search/label/e-Tailing

http://www.touchngo.com.my/

http://thestar.com.my/news/story.asp?file=/2008/4/12/nation/20902911&sec=nation

http://www.octopuscards.com/consumer/en/index.jsp

http://en.wikipedia.org/wiki/Octopus_card

Prepared by: YEAP SUE YIE

The application of pre-paid cash card for consumers


In today’s world, we often heard about plastic payments. What are these plastic payments? Basically, the present day plastic payment can be divided into pay three categories that is pay first, pay now and pay later. Pre-paid cash card for consumers are fall under the pay first category.

Pre-paid cash card or to be known as stored- value card is refers to a card either with a magnetic stripe or with a computer chip that is pre-loaded with cash. A pre-paid cash card can be disposable and reloadable. Anyone with cash can easily obtain a stored- valued card. It enables the cardholders to spend on purchasing in a manner which is similar to spending paper money or coins.

Several applications of pre-paid cash card include:

(i)Payment

-Transit system fare cards

Transit system fare card is the most common applications for pre-paid cash cards. It enables the collection of public transportation’s fare to be collected in an effective manner. Passengers need not to trouble themselves to take out their money in order to pay the fares. There are two types of pre-paid cash cards under this system. Firstly is magnetic stripe card. After each use, the destination, privileges and the fares will be magnetically encoded on the card


For example, the paper ticket with magnetic stripes that we use when we take KTM
and LRT.

Secondly is smartcard. It is typically a credit card sized which embedded with microprocessor or integrated circuit which can process information. Examples for this types of pre-paid cash card are:



~Touch 'n Go card (Malaysia)












~Octopus card (Hong Kong)







~EZ-link (Singapore)






In Malaysia we can use the Touch 'n Go card when we take any of the public transportation other than taxis.

-Payment for purchases
Pre-paid can also be used to make payment at convenience stores, supermarkets and fast food restaurant and vending machines. Many of the country already practiced it. The examples that we are familiar with is the Octopus Card which is widely used in Hong Kong and EZ-link in Singapore. The card can be used to make payment after purchases at Watson’s, 7-Eleven, Starbucks, McDonald’s and etc.

-Library photocopier
Pre-paid cash card can also be use to make payment at the library photocopier. For example card that we use to make payment at photocopier in UTAR.

(ii) Access control in building and for school administrative functions
Other than making payments, pre-paid cash card can also use to gain accessed into a building and for school administrative purpose. This is one of the applications of Octopus card in Hong Kong. In Singapore, EZ-link is also use as identification card for students in many institutions and those who are serving national service.

References:

Prepared by: HO PECK KEE

Friday, June 20, 2008

The application of third party certification programme in Malaysia


The internet security has always been a big issue ever since it was created. As a matter of fact the internet has become a very important part in people’s daily life.

With the advancement of technology nowadays, customers can now even buy almost everything they want to buy online. Of course when buy from companies which provide websites we need to pay, but an issue is actually raised: how secured is it when a customer decides to pay online?

What my topic concerns this time is the usefulness of third party certification in tackling the problem of customers browsing to a fake website, or so-called phising. A third party verification is extremely important to ensure customers are dealing with the genuine website.

There are two licensed company in Malaysia which are eligible of issuing digital certificates, they are:




~MSC Trustgate.com Sdn Bhd






~Digicert Sdn Bhd.



Well then, what are the applications of third party verification program, or digital certificate? The program may satisfy the requirements of the following applications.

Firstly, third party verification programs are needed in browsers or smart cards to grant access control to facilities, intranet and extranet.

Secondly, they are used to validate incoming messages which have not been modified yet. In other words, it is very useful in operating document archive and retrieval.
Thirdly, digital certificates are required to create the organization’s rights and privileges, in particular, for the purpose of licensing.

Fourthly, companies will need them for integrity and authentication purposes. They are usually used for digital signing of messages to verify the status and identity of the particular sender.

Fifthly, this verification program is used as a proof for document sending or time-stamping. It is crucial for time and date verification for important messages, in this case, the payment systems as it involves legal and commercial activities.

Last but not least, and the most important one, is that the verification program ensures high level security, the private and confidentiality of the organizations. The company will need the program to encrypt and decrypt a code or message, which is the process of converting a message into password by sender and translate it back to readable form by receiver.

In short, third party verification program has been very useful in securing customers and the company data and important information.

References:

Prepared by: WONG CHEE WAI

Thursday, June 19, 2008

Phishing: Examples and its prevention methods



Phishing is a crime ware technique used to steal identity of a target company to get the identities of their customers. Phishers (pronounced “fishers”) create websites that look just like the one from your bank, online bookstore, or other familiar destinations. It includes sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

The e-mail will directs the user to visit a Web site where they are asked to update or verify their personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.

HTML-based emails often include company logos, colors, graphics, font styles, and other elements, and cover topics such as account problems, account verifications, security upgrades, and new product or service offerings. Web links included in these emails almost always possess the look and feel of the legitimate sites they copy, making the fraud almost impossible to detect.

Many fraudsters use fear to trigger a response, and phishers are no different. In common phishing scams, the emails warn that failure to respond will result them to no longer having access to their account. Other emails might claim that the company has detected suspicious activity in the account or that it is implementing new privacy software or identity theft solutions.

Phishers also use techniques such as filter evasion that they uses images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing e-mails. Some phishing scams use Java Script commands in order to alter the address bar. This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original address bar and opening a new one with the legitimate URL.

In an example PayPal phishing, phishers send e-mail to their targetd PayPal users. The e-mails has several spelling mistakes in the e-mail and the presence of an IP address in the link (visible in the tooltip under the yellow box) are both clues that this is a phishing attempt. Another giveaway is the lack of a personal greeting, although the presence of personal details would not be a guarantee of legitimacy. Other signs that the message is a fraud are misspellings of simple words and the threat of consequences such as account suspension if the recipient fails to comply with the message's requests.
Example of phising:







Here are some recommendation on how users can protect and prevent their network, servers, pcs and mobile devices from phishing:



  • Implement a comprehensive anti-phishing and anti-pharming solution, comprising protection at all possible entry-points—including the Internet gateway, messaging gateway, endpoint clients, endpoint servers, and the network. Trend Micro offers a variety of anti-phishing and anti-pharming products and solutions to suit various enterprise needs.

  • Keep all browser, email, and IM security patches up to date.

  • Get knowledge about the latest threats, symptoms of infection, and how to protect servers, PCs, and mobile devices

  • Never give personal or confidential information to an unfamiliar or unknown individual or business.

  • Delete any email that requests confidential information. If the request appears legitimate, use an established phone number to verify the request.

  • Seek IT counsel and support if you experience any communication (via email, phone, fax, or instant message) that requests corporate or personal information.

Prepared by: YEAP SUE YIE

The threat of online security: How safe is our data?

Internet is an incredible invention that has been widely used by many large companies and small businesses. Although internet has brought convenience to the users, it has also brought with a whole mass of problems. In this case, how safe would our data be when we expose our personal information to the internet?

As we know there are tremendous of security risks on the internet. The most common online threats and attacks are as follow:

Online Fraud
It is strictly where a computer system is instrumental to the crime. Data theft and identity theft are the issues comprise in online fraud.

-Data theft
Data theft is an “invisible” or “faceless” crime, posing a real threat to businesses. The risks to your business can include, a salesperson quits but takes your customer database with them, and an employee sells private data to criminals or even hacked into your database systems to perform activities that benefiting them. Several types of data theft are thumbsucking, bluesnarfing and data spill.

-Identity theft
Identity theft occurs when someone uses your personally identifying information such as your name, social security number, or credit card number, without your permission, to commit fraud or other crimes. Examples of the fraud that involves are credit card fraud, phone or utilities fraud, bank or finance fraud, government documents fraud and etc. Skilled identity thieves may use a variety of methods to get hold of your information. It may include dumpster diving, skimming, phishing, changing your address, old-fashioned stealing and pretexting.


Hack Threat
It can be refer to the illegal and unauthorized hack attempts to a system or network with nasty intention to compromise a defenseless system. Examples for hack threat are illegal part scanning and exploratory actions.

Malicious Code
It is any code added, changed, or removed from a software system in order to cause intentionally harm or threaten the intended function of the system. Viruses, worms, Trojan Horses, and attack scripts are the traditional malicious code whereas Java attack applets and dangerous ActiveX controls are the modern examples for malicious code.

Intrusion
It is the unauthorized access or illegal access to a system or network successfully. It could be web defacement or installations of malicious programs.

Denial of Service (DOS)
It is the illegal act to bring a particular system down or to damage a system in order to disabled at least one of the services provided by the systems. Common forms of DOS attacks are Buffer Overflow Attacks, SYN Attack, Teardrop Attack and Smurf Attack.

Spam
Spam flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Basically there are two types of spam; that is Usenet spam and Email spam.

Due to the expansion of internet, electronic commerce information is no longer secured. Numerous of security risks on the internet may lead users to serious financial loss, information thefts and the attack on your computer. Companies should look into this matter seriously (threats of online security) as in it is the major factor contributing to failures in customer service by most of the B2B companies.

Companies and customers should recognize those online threats and attack in order to safe guard their data. Companies must ensure that the information security is up to the standards and consists of the basic core principles of information security such as confidentiality, integrity and availability.

References:

Prepared by: HO PECK KEE

Wednesday, June 18, 2008

How to safeguard our personal and financial data?

As we know the internet contains about 50,000 networks connecting millions of computers in the world. It is publicly accessible series interconnected computer networks that transmit data. These data can be divided into several categories. Each category of the data needs various level of protection.

Before computer is being used, people store their confidential data in a locked cupboard or hide under their beds. But nowadays people used to keep their data in their personal computer.








Personal Data
Those stored privacy data are usually from a wide range of sources like the healthcare records; criminal justice investigation and proceedings documents; financial institutions and transactions statements; biological traits, such as genetic material; residence and geographic records; and also their ethnicity background.



Financial Data
The information about one’s personal financial transactions, such as the amount of assets owned, positions held in stocks and funds, outstanding debts, and made purchases can be very sensitive. If criminals able to access to the information such as one’s account number and credit card number, which means that person might become a victim of fraud or identity theft.
Whereas information of one’s purchases can reveal a great deal about that particular person’s history, like places that he had visited, whom he had contacted with, products he usually purchase, his activities and habits, or his medications which he had consumed. There are cases where some corporations use these information to target individuals with customized marketing strategy towards those individual’s personal preferences, which he may or may not agree with it.




Here are some ways how to safeguard your personal and financial data.

1. Use a credit card with a small limit when buying through mail-orders and online purchases. By doing this may avoid dishonest sales person to use your credit card information. Cards with low limit will not help those thieves to rack up many bills before you hit the wall.

2. Reviewing your monthly statements is a simple thing you can do to prevent your financial data being stolen. Yet many people neglect to do it. This method not only will review your monthly statements, and on the other hand you may also get alert of possible fraudulent charges and find legitimate charges that are not necessary or redundant.

3. Choose your pin wisely. While you are choosing something that you will remember, but you do not want it to be something that a wise thief could crack out just by learning your date of birth, your identification card number or your child’s name. Choose a combination of uppercase and lowercase letters, numbers and symbols will offer you more security. Remember it by heart, never write it down and carry it in your wallet or mobile phone.

4. Protect your personal computer’s security by using as many tools as to guard your computer from being hack. Install spyware, anti-virus software, firewalls to tighten the security. Failing to protect your personal computer is like leaving your doors unlocked, windows widely open and with a banner saying, “Welcome burglars!”

5. Do prepare for a disaster. It is very important to make sure that you safeguard your family’s important documents in case of disasters. You can keep an emergency box on hand which includes copies of the important documents in sealable plastic bags or you can purchase a fire proof safe for temporary protection of your valuables. You can also rent a safety deposit box from a bank which located outside of your immediate vicinity, in case of the disaster effects the whole town.

6. If information is shared with other user or using the services on a public computer of a public library or internet café, remember to close all the browser windows and logout properly before leaving the place. It is to avoid other users from reading your personal information and also your e-mails.
Prepared by: CHOI LAI YEET