SABB Internet Banking and Online Phishing - Coursework Example

A comparison of SAMBA and SABB Internet Banking and Online Phishing A comparison of SAMBA and SABB Internet Banking and Online Phishing Phishing emails are semantic attacks than con people into divulging sensitive information using techniques to make the user believe that the information is being requested by a legitimate source. Phishing also involves an attempt to criminally and fraudulently acquire sensitive information such as usernames, passwords and credit card details. In most case, phishing is carried by email or instant messaging (Downs, Holbrook and Cranor, p 79). Phishing criminals often target bank customers and online payment services. Fraudsters may in principle be able to determine which banks potential victims use and target bogus email. One of the phishing methods is called link manipulation. The method involves the use of some form of technical deception designed to make a link in an email. For each of these suspicious emails, individuals are often probed briefly for their reasons or any actions such as deciding to delete an email or advised to click on a link (Downs, Holbrook and Cranor, p81). One great problem found in the use of URLs happens to be the manner in which international domain names (IDN) are being used in web browsers. This problem allows visually identical web addresses to lead to different, possibly malicious websites. There is wide publicity surrounding phishing to warn customers of internet banking that they could fall victims of such crimes (Legard, 2003). However, phishing criminals still take advantage of similar risk, they opt to use open URL on the websites of trusted organizations to disguise malicious URLs with a trusted domain. In most cases, even the digital certificates cannot solve this problem because there is a high possibility of the phishing criminal purchasing a valid certificate and subsequently change content to spoof a genuine website (Downs, Holbrook and Cranor, p 81). Consequently, the phishing criminals have always used images instead of texts to make it harder for anti-phishing filters to detect text commonly used in phishing emails. Website forgery also form part of the phishing methods. Visiting the phishing websites makes an individual more prone to phishing deception. Phishing criminals have always use JavaScript commands so as to alter the address bar. They do this either by placing a picture of a legitimate URL over the address bar, or by closing the original address bar after which they open a new one with the legitimate URL (Downs, Holbrook and Cranor, p. 81). Further, the phishing attacker can use flaws in a trusted website’s own scripts against the victim. This particular type of crime also known as cross site scripting is particularly tricky and always goes undetected. This is because the criminals direct the user to sign in at their bank or service’s own web page, where everything from the web address to the security certificates appears correct. The truth is that the link to the website is crafted to carry out the attack, making it very difficult to spot the problem without specialist knowledge. Such flaws have been used against PayPal (Downs, Holbrook and Cranor, p81). Another frequently used phishing method is known as phone phishing, not all phishing attacks require the use of a fake website. Phishing criminals usually send messages that claim to be from a bank. The messages often tell the online bank users to dial a phone number regarding problems with their bank accounts. The moment the phone number owned by the criminal is dialed; voice prompts always tell the user to enter their account numbers and PIN. Voice phishing also known as vishing involve the use of a fake caller ID data to give the appearance that calls come from a trusted bank or a financial organization (Downs, Holbrook and Cranor, p. 81). Other techniques used in online phishing include forwarding the client to a bank’s legitimate website, then to place a popup window asking the user to avail his or her credentials on top of the website in away that it appears the bank is requesting this sensitive information or the use of tab nabbing technique. This technique takes advantage of the multiple tabs that users use and silently redirect a user to the affected site (Downs, Holbrook and Cranor, p. 81). SAMBA online banking is the first online banking and multiple award winning facility for corporations and businesses in Saudi Arabia. The online banking facility at SAMBA enables customers to perform several corporate banking transactions online, in real time, from the customer’s office or anywhere around the world (Samba, 2010). Security and integrity of the transactions in ensured. The company easily initiates transactions with complete security, covering a wide range of online transactions such as SARIE, Drafts, Foreign currency SWIFT, letters of credit, and letters of Guarantee. Integrity is also ensured through the accessing of customized solutions for customer’s needs based on their authorization levels, products, limits, accounts, and process flow defined by the various customers (Samba, 2010). In addition, SAMBA payment files are processed immediately in real time with no need for manual intervention; this minimizes errors and delays which then ensure that customer’s payment information is not compromised. Some of the security feature includes state of the art 128-bit encryption technology and digital certificates, secured socket layer (SSL) and secure servers or a marker checker function and various levels of authorizations for authorized users, as well as audit trail that tracks every activity during a transaction (Legard, 2003). To guard against phishing, SAMBA advises its customers to ensure that their banking sessions are secure, and recommends that customer follow these security tips. In the first place, customers are advised to avoid accessing their internet banking account from a cybercafé or a shared computer. If customers happen to have done so, it is wise to change passwords from their own computer as soon as they can. The SAMBA online banking crew also advises its customers to enter the samba website address directly into their address bar before they log in to ensure that customers are on the legitimate samba website. They are further advised to never click a link that offers to take them to the Samba website. These measures will prevent customers from becoming victims of phishing attacks. SABB, on the contrary, offers a wide range of refined services that are designed to empower customers with clever time management and maximal banking efficiency. Their internet banking facility provides customers a lot of ease and convenience to meet their banking needs, keeping their security as a primary concern (Sabb, 2010). Using SABB electronic banking services guarantees full convenience and no attacks from phishing criminals. SABB advises its customers to learn how to prevent phishing methods since prevention is better than cure; it is not easy to avoid phishing criminals once they get crucial information a bout a customer’s banking. One such method to curb against phishing criminals is to get Antivirus software, anti spyware software and a fire wall. In addition, customers are advised to keep their computer up to date, block spam emails, use and update web browser, make regular backups and ensure that they encrypt their wireless network (Sabb, 2010). SABB further informs its customers that they never send emails asking for personal information to be saved online. Customers are the advised that if they suspect any emails which appears to come from SABB, it is likely that the email is a scam, customers should never respond to these emails. Personal information such as account number, credit card number, PIN, and passwords should be treated as being highly confidential. These security items should only be used when a customer wants to log in into the SABB banking service (Sabb, 2010). Solution to phishing Several anti-phishing tools have been developed to solve the problem phishing. Anti-phishing services and tools are now being provided by internet service providers, built into mail servers and ere available on the web browser tool bars, however, these tools do not effectively control phishing activities. Prototype trusted paths for the Mozilla web browser that are designed to assist users in verifying their browser has made a secure connection to a trusted site (Downs, Holbrook and Cranor, p 80). Trust bar, a browser add on that uses logos and warnings to help users differentiate trusted and non trusted websites have also been made. These tools may assist an alert and informed user in identifying spoofed websites though they still require a degree of diligence on the part of the user to distinguish between the indicators provided by the tool and spoofed indicators that an attacker might provide (Dhamija, Tygar and Hearst, p582). A variety of cues can be used to avoid being a victim of phishing. These cues may be found within the headers or content of phishing email messages or within the content of the fraudulent websites. In addition, cues may be provided by browser based security indicators and by ant-phishing tools (Dhamija, Tygar and Hearst, pp 583). Experts recommend users of internet banking to treat with suspicion any email that asks them to follow a link to update account information, or threatens dire consequence for not immediately providing or updating personal information such as closing an account (Dhamija, Tygar and Hearst, pp 582). Messages from banks or other companies with which the user does not have any relations hip should also be viewed with suspicion. Other types of messages that claim to be from businesses but contain misspelled words or sloppy grammar are also suspicious. When a user identifies these messages, they are advised to disable the use of JavaScript in email clients and manually checking the URLs behind email hyperlinks, this should either be done by moving the mouse over them or by viewing their raw source, or by typing any hyperlinks directly into a web browser rather than clicking on them (Dhamija, Tygar and Hearst, pp 584). Conclusion Phishing has dire consequences to online banking clients. Phishing ensures that the fraudster obtains personal information often used in a legitimate organization such as banks, online payment service, and online retailer. Personal information data that can be accessed include the date of birth, login information, account details, credit card numbers, and PIN numbers. This personal information can be used to drain your financial account thus affecting financial stability of bank customers. References David Legard (2003). Fake bank website scam reaches US. IDG News Service. Retrieved on 10th December, 2010 from: http://www.computerworld.com/s/article/81211/Fake_bank_Web_site_scam_reaches_U.S. Julie S. Downs, Mandy B. Holbrook and Lorie Faith Cranor (2006). Decision Stategies and Susceptibility to Phishing. Pittsburgh, Carnegie University. Rachna Dhamija, J.D. Tygar and Marti Hearst (2006). Why Phishing Works. Montreal, UC Berkeley. Sabb (2010). Online security. Retrieved on 10th December, 2010 from: https://www.sabb.com/1/2/sabb-en/about-us/online-security/ Samba (2010). Online banking services. Retrieved on 10th December, 2010 from: https://www.samba.com/English/Common/HTML/securitytips_01_01_en.html. Read More