Tag Archives: Phishing

Fact Check : Is Semak.Info A Phishing Website?!

Fact Check : Is Semak.Info A Phishing Website?!

Is the Semak.Info website used to check for GE15 voter information really a phishing website?!

Take a look at the viral claim, and find out what the facts really are!


Claim : Semak.Info Is A Phishing Website!

After the official voter information website by the Malaysia Election Commission (SPR) went down a day before the GE15 election day,, people were advised to try an alternative voter information website called Semak.Info.

However, this warning then went viral later that day, claiming that the Semak.Info website is really a phishing website!

The app.semak.info is a phishing site to track your mobile number. Please be informed. Please do not forward. Thanks.


Truth : Semak.Info Is NOT A Phishing Website!

This is yet another example of FAKE NEWS circulating on WhatsApp and social media, and here are the reasons why…

Fact #1 : Semak.Info + App.Semak.Info Are Different Pages

First, let me point out that Semak.Info, and App.Semak.Info are two different pages on the same website. Think of them as two different rooms in the same office.

Semak.Info is the public-facing page, where users can check their GE15 voter information. Think of it as the information desk at your office.


App.Semak.Info, on the other hand, appears to be the website administrator’s page. Think of it as the back office.

That’s why it has a login page, just like how your back office would have a door with a lock – so that the public can’t just walk inside.


Fact #2 : Phishing Websites Masquerade As Genuine Websites

Phishing (pronounced as fishing) is a social engineering attack that attempts to obtain your login information, or personal information like credit card and bank account numbers, etc.

Hackers accomplish this by creating fake websites that look like the real website, to trick you into revealing sensitive information like your bank account login and password, or your security questions.

The Semak.Info page does not ask for any login or critical personal information, so it is not a phishing website.

The App.Semak.Info page is blank, with a simple login function. It does not pretend to be an SPR or banking website, and so it is also not a phishing website.

Fact #3 : Semak.Info Is Owned By DAP

When Semak.Info was first circulated, I too was concerned about this “unknown” website. But a quick check showed that the Democratic Action Party (DAP) was the one promoting its use on Facebook.

I did a little digging, and confirmed that the Semak.Info domain is owned by the Democratic Action Party. It also looked like they bought the domain, and developed the website for GE14, way back in 2017.

Fact #4 : Phone Number Used To Send WhatsApp

Some people asked me why this Semak.Info website would require a phone number, when the official SPR website does not require one to obtain voter information.

What they may not realise is that the DAP team added a WhatsApp messaging feature to their Semak.Info website.

Once you key in your phone number and identity card number, the website will give you your voter information. At the bottom though is a blue Whatsapp [sic] button.

If you click on that button, the website will attempt to send a WhatsApp message to that phone number you keyed in earlier, with key voting information.

It doesn’t automatically send the message. You are given a preview of the message, and you will need to tap on the “Continue to Chat” button to actually send that message to the phone number.

Fact #5 : You Can Use A Fake Phone Number

You may be worried that the DAP team could be harvesting your phone number, and tying it to your identification card number.

Frankly speaking, that kind of data is already easily available and sold (illegally) to marketers and scammers alike. So no one actually needs to “scam” you into keying your phone number.

If you are worried, you can use a fake phone number with this website. Just key in any 7-digit number, with a legitimate 3-digit telco prefix (like 011, 012, 017, 018, etc.), and you are good to go.

Please WATCH OUT about such FAKE NEWS on WhatsApp and social media. They are designed to suppress voter turnout in the 15th General Election.

Regardless of what you may read or see on social media, please take the time and effort to cast your vote. This is not only your right, it is your responsibility as a citizen of Malaysia.

Remember – democracy does not guarantee us a good government. Democracy only guarantees us the right to vote out a bad government!

Happy voting on 19 November 2022!


Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.


Recommended Reading

Go Back To > Cybersecurity | Fact Check | Tech ARP


Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Watch Out For Nestle 2022 Anniversary Phishing Scam!

Please watch out for the Nestle 2022 Anniversary phishing scam!

Find out why it is just a SCAM, and WARN your family and friends!


Nestle 2022 Anniversary Phishing Scam Alert!

People are now sharing the Nestle 2022 Anniversary message on WhatsApp (translated into English) :


Your family has been chosen to receive a lucky drag for the Nestle 2022 Anniversary at the Nestle office.

This contest has been approved by the Malaysian court / police, with the cooperation of Bank Negera Malaysia (BNM).

The link attached to the a website with the following instructions :

  1. Winners must keep the PIN-CEK number as evidence for winner verification and prize collection
  2. There are two ways to submit the contest form – through WhatsApp or this website.
  3. The contest form must be completed with your details. Incomplete forms will be rejected by the sponsor without notice.
  4. Every valid application will be shortlisted. There is no limit to the number of applications.
  5. First Prize Winner : RM10,500
    Second Prize Winner : RM9,300
    Third Prize Winner : RM8,500
  6. To redeem your prize, just use your WhatsApp to :
    a) Fill in the Nestle winner application number
    b) Fill in your full name and identity card number
    c) Attach a clear picture of your BANK ATM CARD – front and back
    d) Go to the nearest ATM machine, and WhatsApp the details above to +60124181128


Nestle 2022 Anniversary Phishing Scam : How Does It Work?

The Nestle 2022 Anniversary phishing scam is DANGEROUS. Please warn your family and friends to AVOID it.

Fact #1 : There Is No Such Nestle Giveaway!

There is no such anniversary giveaway by Nestle Malaysia. There is no reason for Nestle Malaysia to give out so much money.

They are a business, not a charity. They are in the business of selling you products, not giving you money.

Businesses do sponsor giveaway contests, but they are generally low value. Nestle Malaysia, for example, is currently giving away RM30 Shopee vouchers.

Fact #2 : Nestle Would Not Use Free Websites

Nestle is a large multinational company. It would not be using free website services like Wix.

Nestle Malaysia has its own website (https://www.nestle.com.my/) and Facebook page (https://www.facebook.com/Nestle.Malaysia) where they post official contests and promotions.

Always verify if a contest is genuine by visiting the official website / social media page.

Fact #3 : Nestle Would Never Ask For Pictures Of Your ATM Card!

Nestle, and any legitimate brand, would NEVER ask you to send them pictures of your bank ATM card!

Sending the pictures of your ATM card will allow them to clone the card, or trick bank staff into giving the scammers access to your bank account.


Fact #4 : Nestle Would Never Ask You To Go To An ATM

No legitimate contest would require you to go to an ATM machine to receive money.


Fact #5 : Nestle Would Never Ask For Your PIN / TAC

Nestle would never ask you for your ATM card’s PIN or any TAC number you may receive.

Giving out those details is how scammers get access to your bank account.


Fact #6 : This Lets Scammers Withdraw Money From Your Bank Account

I know many of us are in dire straits during this COVID-19 pandemic, having lost jobs, income or even loved ones.

Unfortunately, scammers are counting on our desperation to prey on us, using such anniversary scams.

This particular Nestle 2022 Anniversary Scam is a real danger, because it will allow scammers to gain access to your bank account and withdraw money.

Also watch out for the other anniversary scams that I have covered over the years :

Please WARN your family and friends about these scams!


Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.


Recommended Reading

Go Back To > Cybersecurity | Business | Tech ARP


Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can SIM Swap Attack Empty Bank Accounts Without Warning?

Can a SIM swap attack clear out your bank accounts without warning?

Take a look at the viral warning, and find out what the facts really are!


Claim : SIM Swap Attack Can Empty Bank Accounts Without Warning!

This message has gone viral on social media and WhatsApp, warning about a new high tech fraud called SIM Swap Fraud that can empty bank accounts without warning.

The message includes a link to a Straits Times report about a young couple who lost $120,000 in a fake text message scam targeting OCBC Bank customers.

Your BANK Account could be Emptied without an Alert!

Dear All, Please let’s be very careful.. There is a new HIGH TECH FRAUD in town called the SIM SWAP FRAUD, and hundreds of persons are already VICTIMS.


Truth : SIM Swap Attack Are Real, But Don’t Work Like That

The truth is – SIM swap attacks are real and very dangerous, but they do not work like the viral message claims.

Here is what you need to know about the viral message, and SIM swap attacks.

Fact #1 : SIM Swap Attacks Are Not New

SIM swap attacks are really not that new. They have been around at least since 2015.

Fact #2 : Viral Message Is Partly Fake

The viral message is correct about the risk of SIM swap attacks, but pretty much wrong about everything else.

In fact, the method by which the SIM swap attack works is completely made up. So the viral message is really FAKE NEWS.

Fact #3 : Straits Times Article Was Not About SIM Swap

The fake news creator added a link to a Straits Time article, to mislead you.

That’s because the article isn’t about a SIM swap attack, but a phishing attack, where the victim received an SMS  with a link that took him to a fake website that “looked exactly like the OCBC login page“.

The victim then keyed in his bank login details, thus handing over control of his bank account to the scammers. He also ignored automated messages warning him that his “account was being setup on another phone“.

It had nothing to do with a SIM swap attack. It was an SMS-based phishing attack.

Fact #4 : SIM Swap Attack Generally Does Not Require Any Action

In most SIM swap attacks, scammers use your personal information, either purchased from other criminals or obtained through earlier phishing attacks or social engineering, to request for a SIM card replacement.

All that does not require any action on your part. In most cases, you only realise you’ve been hit when you lose access to your mobile number.

Fact #5 : SIM Swap Attack May Require Action In Some Cases

The Press 1 claim in the viral message is partially correct, but it only happens in a particular circumstance.

In India, scammers have tricked people by offering a free network upgrade, or to help improve signal quality on their phones :

  1. The scammer will call the victim, claiming to be from their mobile service provider.
  2. The scammer will try to get the victim to reveal his/her 20-digit SIM card number.
  3. The scammer will use the 20-digit SIM number to initiate a SIM swap with the mobile service provider.
  4. The mobile service provider will automatically send an SMS to confirm the swap.
  5. Once the victim confirms the swap, his/her SIM card will stop working.
  6. The scammer now has access to the victim’s mobile number.

Fact #6 : SIM Swap Attack Does Not Hack Your Phone

The SIM swap attack does not involve any hacking of your phone.

You only lose access to your mobile number. Your phone is not hacked.

Fact #7 : SIM Swap Attack Does Not Empty Bank Accounts

Once the scammers successfully gain control of your mobile number, they can use it to intercept one-time passwords (OTP) like TAC numbers.

This allows them to change passwords to your bank accounts, social media accounts, etc. which is why SIM swap attacks are so dangerous and damaging.

However, it does not mean your bank accounts are immediately emptied. For one thing – the scammers need to know your bank login.

That’s why SIM swap victims often have had their bank logins and passwords stolen earlier though phishing attacks. The scammers only need their mobile numbers to receive OTP / TAC numbers to authenticate the transfers.

Fact #8 : SIM Swap Attack Can Be Used To Cheat Friends Too!

Stealing money from your bank account requires extra work, so scammers who do not have your bank login details will resort to cheating your friends.

With access to your phone number, they can easily gain access to your social media accounts (Facebook, Twitter, Instagram) as well as instant messaging apps (WhatsApp, Telegram).

Once they have control, they can send messages to your friends, pretending to be you. Naturally, they will concoct some story to ask your friends for money.

The idea is to use your (now) stolen accounts to convince your friends that you genuinely need their help. The money that they transfer goes directly to the scammers, or their mules (people who rent their bank accounts to scammers).

Now that you know the facts behind the SIM swap attack or scam, please SHARE this article with your family and friends!


Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.


Recommended Reading

Go Back To > Cybersecurity | MobileTech ARP


Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Verified : KKM + MySejahtera SMS Messages Are Legit!

Are scammers sending fake SMS messages from KKM and MySejahtera to scam you out of your money?

Take a look at the viral post, and find out what the FACTS really are!


Claim : KKM + MySejahtera SMS Messages Are Fake!

People have been sharing a screenshot of two SMS messages from KKM (Malaysia Ministry of Health) and MySejahtera, claiming that they are scam messages.

RM0 MySejahtera: You are COVID-19 positive. Kindly refresh your MySejahtera Profile and click to declare your close contact: https://bit.ly/3jNvOqL

RM0 KKM Anda adlh COVID19 positif & masih belum menjawab status kesihatan hari ini. Segera lengkapkan H.A.T. di MySejahtera. Rujuk https://bit.ly/2VMaWrC

This is a scam. If receive don’t click. Please inform all ur family members and friends ….NETIZEN WATCHDOG

Many also include a link to the Kuan Evening Edition video to prove that these messages are indeed fake messages used by scammers in “phishing attacks”.


Truth : KKM + MySejahtera SMS Messages Are Legit!

The SMS messages in the screenshot are legit, and came from KKM and MySejahtera.

The truth is that viral message is FAKE NEWS, and here are the facts…

Fact #1 : The MySejahtera SMS Message Is Legitimate

The MySejahtera SMS message in English is legitimate. It warns you that you have tested positive for COVID-19.

You are therefore required to declare your close contacts in the MySejahtera app or website.

The link – https://bit.ly/3jNvOqL – leads to the Close Contact reporting page in the MySejahtera website (https://mysejahtera.malaysia.gov.my/help/closecontact/).

Fact #2 : The KKM Telephone Number Is Genuine

On 24 September 2021, KKM confirmed that the 03-2703-3000 telephone number is genuine.

The Malaysia Ministry of Health uses that telephone number to call those identified as COVID-19 positive to fill up their Home Assessment Tool (HAT) in the MySejahtera app.

Fact #3 : The KKM SMS Message Is Legitimate

The KKM SMS message in Bahasa Malaysia is also legitimate.

It is a reminder that you did not fill in your Home Assessment Tool (HAT) in the MySejahtera app today.

Those who are under home quarantine must complete that home assessment test every day.

The Ministry of Health may issue a compound if you fail to perform the home assessment test, as required.

The link in the SMS – https://bit.ly/2VMaWrC – actually leads to a PDF infographic on the Home Assessment Tool (HAT) – https://www.infosihat.gov.my/images/media_sihat/poster/pdf/DiManakahHAT.pdf

The infographic explains who needs to perform self-monitoring using the HAT feature, and how to do it in the MySejahtera app.

Now that you know the truth, please SHARE this fact check, so your family and friends won’t be fooled by the fake news!

It is critical that everyone understands that these alerts are genuine, and take them seriously!


Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.


Recommended Reading

Go Back To > Fact Check | Tech ARP


Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Maybank B40 Subsidy Scam : Do NOT Click Or Call!

Watch out for the new Maybank B40 subsidy scam! It is a phishing attack to gain access to your Maybank account!

Do NOT click or call. Just delete it, and WARN YOUR FAMILY AND FRIENDS!


Maybank B40 Subsidy Scam : Do NOT Click Or Call!

Scammers are sending out this SMS claiming that Maybank (MBB) will issue the B40 subsidy after you fill in some information.

Please do NOT click on the message, or call the telephone number. Just delete it and warn your family and friends!


Why This Maybank B40 Subsidy Offer Is Just A Scam

Let us show you why this Maybank B40 subsidy offer (and similar offers) is just a scam.

If you spot any of these warning signs, BACK OFF and DO NOT PROCEED!

Warning Sign #1 : No Such B40 Subsidy Program

The Malaysian government has not announced any B40 subsidy program.

Neither would Maybank offer free money for the B40. It’s a bank, not a charity.

Warning Sign #2 : Bad Grammar

The bad English grammar should be a warning sign that this is not a legitimate offer.

Warning Sign #3 : Not Using The Real Maybank Domain

A genuine Maybank campaign would use the real Maybank domain – www.maybank.com.my.

The use of a different domain should warn you that this is not a legitimate Maybank website.

In fact, Google Chrome will warn you that this website is a phishing attack – to get your personal and banking information.

Warning Sign #4 : Asking You For Your Information

The banks – whether they are Maybank, Public Bank, CIMB, etc – will NEVER ask you to fill in your personal details.

Think about it – they already have your information because you have an account with them!

Even if there is a legitimate B40 subsidy programme, they only need you to log into your Maybank account. They do NOT need you to register your details again.

These scammers ask you for these details so they can use them in phishing calls, to convince you that they are really from Maybank.

Warning Sign #5 : Asking You For Your Bank Login!!!

This is a BIG warning sign. Banks will NEVER ask you for your user name and password.

If you key in this information, you are basically giving these scammers access to your Maybank account.

They will call or message you and try to get your TAC (Transaction Authorisation Code) number that is sent to your mobile number. DO NOT GIVE THAT TO THEM!

If you sent them your user name and password, please contact the bank immediately, and change your password!


Recommended Reading

Go Back To > Cybersecurity | BusinessHome


Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

INTERPOL : Alarming Rate Of COVID-19 Cyberattacks!

According to INTERPOL, cybercriminals are taking advantage of the COVID-19 pandemic, boosting cyberattacks at an alarming pace.

Learn more about their key findings, and what they are projecting will happen in the near future!


COVID-19 Pandemic : New Opportunities For Cyberattacks!

The COVID-19 pandemic has forced organisations and businesses to rapidly deploy remote work systems and networks to support staff working from home

Cybercriminals are taking advantage of these new COVID-19 work-from-home normals, targeting staff of major corporations, governments and critical infrastructure to steal data and generate profits.

Online Scams + Phishing

 Threat actors have revised their usual online scams and phishing schemes. By deploying COVID-19 themed phishing emails, often impersonating government and health authorities, cybercriminals entice victims into providing their personal data and downloading malicious content.

Around two-thirds of member countries which responded to the global cybercrime survey reported a significant use of COVID-19 themes for phishing and online fraud since the outbreak.

Ransomware + DDoS

Cybercriminals are increasingly using disruptive malware against critical infrastructure and healthcare institutions, due to the potential for high impact and financial benefit.

In the first two weeks of April 2020, there was a spike in ransomware attacks by multiple threat groups which had been relatively dormant for the past few months.

Law enforcement investigations show the majority of attackers estimated quite accurately the maximum amount of ransom they could demand from targeted organisations.

Data Harvesting Malware

Taking advantage of the increased demand for medical supplies and information on COVID-19, there has been a significant increase of cybercriminals registering domain names containing keywords, such as “coronavirus” or “COVID”. These fraudulent websites underpin a wide variety of malicious activities including C2 servers, malware deployment and phishing.

From February to March 2020, a 569 per cent growth in malicious registrations, including malware and phishing and a 788 per cent growth in high-risk registrations were detected and reported to INTERPOL by a private sector partner.


An increasing amount of misinformation and fake news is spreading rapidly among the public. Unverified information, inadequately understood threats, and conspiracy theories have contributed to anxiety in communities and in some cases facilitated the execution of cyberattacks.

Nearly 30 per cent of countries which responded to the global cybercrime survey confirmed the circulation of false information related to COVID-19. Within a one-month period, one country reported 290 postings with the majority containing concealed malware. There are also reports of misinformation being linked to the illegal trade of fraudulent medical commodities.

Other cases of misinformation involved scams via mobile text-messages containing ‘too good to be true’ offers such as free food, special benefits, or large discounts in supermarkets. 


INTERPOL : Projection Of Future COVID-19 Cyberattacks

Here are INTERPOL’s projection of future COVID-19 cyberattacks :

  • A further increase in cybercrime is highly likely in the near future. Vulnerabilities related to working from home and the potential for increased financial benefit will see cybercriminals continue to ramp up their activities and develop more advanced and sophisticated modi operandi.
  • Threat actors are likely to continue proliferating coronavirus-themed online scams and phishing campaigns to leverage public concern about the pandemic.
  • Business Email Compromise schemes will also likely surge due to the economic downturn and shift in the business landscape, generating new opportunities for criminal activities.
  • When a COVID-19 vaccination is available, it is highly probable that there will be another spike in phishing related to these medical products as well as network intrusion and cyberattacks to steal data.


Recommended Reading

Go Back To > CybersecurityEnterprise + Business | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

COVID-19 Email Scams + Malware Are Spreading!

As the COVID-19 coronavirus spreads across the world, so are COVID-19 email scams and malware!

Tatyana Shcherbakova tells us what she and her team discovered!


Warning : COVID-19 Email Scams Are Spreading!

As the COVID-19 coronavirus spreads, fake information is being created and distributed at a very high rate, confusing people all over the world.

Cybercriminals are taking advantage of the confusion, creating various email scams, with some realistic ones pretending to be from the WHO.

Tatyana Shcherbakova, a senior web content analyst, details how her team looked at the COVID-19 email scams, and came across the realistic ones from WHO…


WHO Is Warning You? These Are COVID-19 Email Scams!

At first, we found emails offering products such as masks, and then the topic became more commonly used in Nigerian spam emails. We also found scam emails with phishing links and malicious attachments.

One of the latest spam campaigns mimics the World Health Organization (WHO), showing how cybercriminals recognize and are capitalizing on the important role WHO has in providing trustworthy information about the coronavirus.

Users receive emails allegedly from WHO, which supposedly offer information about safety measures to be taken to avoid a COVID-19 infection.

Once a user clicks on the link embedded in the email, they are redirected to a phishing website and prompted to share personal information, which ends up in the hands of cybercriminals.

This scam looks more realistic than other examples we have seen lately, such as alleged donations from the World Bank or IMF for anyone who needs a loan.

In order to stay safe, we advise users to carefully study the content of the emails they receive and only trust reliable sources.

If you are promised a vaccine for the virus or some magic protective measures, or content of the email is making you worried, it has most likely come from cybercriminals.

This is especially true if the sender suggests clicking on a link and sharing your personal data or opening an attachment.

You should not donate any real money or trust information with promises to help those affected by the virus, even if the email comes from someone who introduces themselves as an employee of a trusted organization.

Finally, double check the email address, as scammers often use free email services or addresses that have no relation to the organization mentioned.


Malware Masked As COVID-19 Coronavirus Documents!

They also found malicious files disguised as documents related to the COVID-19 coronavirus. The malicious files were masked under the guise of pdf, mp4 and docx files about the COVID-19 coronavirus.

The names of files imply that they contain video instructions on how to protect yourself from the virus, updates on the threat and even virus detection procedures, which is not actually the case.

In fact, these files contained a range of threats, from Trojans to worms, which are capable of destroying, blocking, modifying or copying data, as well as interfering with the operation of computers or computer networks.

Some malicious files are spread via email. For example, an Excel file distributed via email under the guise of a list of coronavirus victims allegedly sent from the World Health Organization (WHO) was in fact a Trojan-Downloader, which secretly downloads and installs another malicious file.

This second file was a Trojan-Spy designed to gather various data, including passwords, from the infected device and send it to the attacker.


COVID-19 Email Scams + Malware : How To Avoid

As governments and businesses are forced by the COVID-19 coronavirus to encourage their employees to work from home, it is critical that they employ these cybersecurity practices to reduce risk of falling for phishing attacks, or malware :

  • Provide a VPN for staff to connect securely to the corporate network
  • All corporate devices – including mobiles and laptops – should be protected with security software
  • The operating system and apps should be updated with the latest patches
  • Restrict the access rights of people connecting to the corporate network
  • Ensure that the staff are aware of the dangers of unsolicited messages


Recommended Reading

Go Back To > Cybersecurity | Business | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Microsoft : Cybersecurity Trends + How To Stay Safe In 2020!

As part of Safer Internet Day (SID), Antony Cook from Microsoft shared the key cybersecurity trends in 2020, and how we can stay safe against those dangers.

Even if we are experienced techies, it is enlightening to find out what Microsoft believes are the cybersecurity threats that we should be looking out for in 2020.


Microsoft : Key Cybersecurity Trends In 2020!

Cybersecurity Trend #1 : Less Ransomware But More Attacks

Ransomware has declined in recent years, dropping more than 60% from its peak. But Microsoft sees a rise in other types of cyberattacks.

Attackers have learned that ransomware attracts too much attention from law enforcement, and organisations have gotten better at backing up their data.

So hackers are moving onto other activities like cryptocurrency malware and phishing, where they can more easily profit with less attention.

Cybersecurity Trend #2 : Mining Malware Will Be Big!

Attackers are often acting for financial benefit, so they will make big bets on cryptocurrency, especially in Bitcoin.

They will focus more on mining malware that lets them use your computer to mine cryptocurrency coins without being detected.

Coin mining software is easily available, and cybercriminals have put malware into many widely-shared and used software. They are also trying to inject these malware through websites illegally streaming copyrighted content like the latest movies.

Cybersecurity Trend #3 : Embedded Threats

Attackers are now more sophisticated, targeting legitimate and trusted software supply points to deliver malware. There have been many examples of this attack vector :

  • a routine update for a tax accounting application,
  • popular freeware tools which have backdoors forcibly installed,
  • a server management software package,
  • an internet browser extension or site plugin,
  • malicious images which active scripts when clicked,
  • peer-to-peer applications

In those cases, attackers were able to change the code of legitimate software that people trust and install without hesitation, allowing them to “hitch a ride”.

This attack vector is very dangerous and frustrating, because it takes advantage of the trust that consumers and IT departments already have for legitimate software.

Cybersecurity Trend #4 : Phishing Scams

Phishing continues to be one of the most effective ways to compromise systems, because it targets human decisions and judgment.

Microsoft noted that the percentage of inbound emails that were detected as phishing messages increased 250% throughout 2018, and they expect the final figures for 2019 to show the same trend.


Microsoft : How To Stay Safe In 2020!

Here is a summary of what Microsoft believes we should do to stay safe online against cybersecurity threats in 2020 :

Cybersecurity Tip #1 : Practice Good Security Hygiene

  1. Keep your operating system and software updated.
  2. Turn on email and browser protections.
  3. Apply the cybersecurity configurations that your hardware and software vendors recommend.
  4. Stay away from any unfamiliar software or websites.
  5. Use only legitimate software, and not just your key applications.

Cybersecurity Tip #2 : Implement More Access Controls

System administrators should implement more access controls, using Zero Trust or at least privilege models.

This will limit hackers that successfully break into your network from accessing more than a segment.

Cybersecurity Tip #3 : 3-2-1 Backup!

Make sure you create and keep backups, and the cloud is a great tool for this.

Microsoft recommends adhering to the 3-2-1 rule – keep three backups of your data on two different storage types, with at least one backup offsite.

Cybersecurity Tip #4 : Keep Vigilant!

Even if we implement strong cybersecurity measures, we must remain vigilant, and keep an eye out for suspicious activity.

Not just system administrators, but users as well. If you see anything suspicious – report it to your IT department immediately.

It can be anything from a sudden slowdown in your computer’s performance, to strange web pages and images appearing.


Recommended Reading

Go Back To > Computer SystemsHome


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Travel Scam Alert + Advisory For The Holidays!

Kaspersky Lab just issued a travel scam alert and advisory for this holiday season. Pay attention, so you will enjoy a great holiday!


Travel Scam Operations On The Rise!

Kaspersky Lab researchers have uncovered several travel scam operations last month, seeking to trick holiday-goers looking for great bargains.

Fraudsters Are Phishing For Unwary Victims

There were more than 8,000 phishing attacks, disguised as offers from popular lodging platforms. In fact, 7,917 of those phishing attacks specifically targeted people looking for Airbnb rentals.

In one example, fraudsters created a phishing page that look like an Airbnb page, and pretended to offer cheap city-centre rentals with high review scores. Once the victim confirmed and paid for the booking, both the fraudsters and the offer disappeared.

Spam Is Still Effective!

In just one day, the researchers detected 7 different fake email blasts that are very convincingly disguised as offers from popular booking platforms for airline tickets and accommodation.

Three of those spam emails actually offered FREE FLIGHTS in return for the completion of a short online survey, and sharing the link with other people. After answering just three questions, victims were asked to enter their phone numbers, which were then used to subscribe to paid mobile services.


Travel Scam Methods

Spam and phishing attacks were amongst the most effective attack vectors. They use social engineering to manipulate and exploit human behaviour.

Fake Websites

These travel scam operations are often very sophisticated, using fake sites that are almost identical to the legitimate websites.

They, therefore, easily trick unwary victims into handing over their credit card details, or pay for a product or service that does not exist.

Mobile Booking Risk

More people are booking their flights and accommodations on a mobile device, which makes it harder to spot fake links. This makes mobile users particularly vulnerable to both spam and phishing attacks.


Kaspersky Travel Scam Advisory

To avoid these travel scams, Kaspersky Lab recommends taking these security measures :

  • If an offer seems too good to be true, it probably is. AVOID IT!
  • CHECK the link in the browser’s address bar before you key in sensitive information like your login and password.
    If it is misspelled (e.g. airbnb.com.room.online), or does not match the page you are visiting (like this example below), or uses special symbols instead of letters, don’t key in any information. CLOSE THE PAGE!

An Expedia page with a Booking.com address??? Something’s NOT right…

  • Book your stay and tickets only with trusted providers.
    Make sure you are on their actual websites by typing in their address in the browser’s address bar.
  • NEVER click on links that come from an unverified source, whether it’s in an email, an instant message or through social networks.
  • Use a security solution with behaviour-based anti-phishing technologies like Kaspersky Security Cloud, or Kaspersky Total Security, which will warn you if you get tricked into visiting a phishing web page.


Recommended Reading

Go Back To > Cybersecurity | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The 2019 Imagine Cup Asia Teams Introduce Themselves!

On the eve of the 2019 Imagine Cup Asia competition in Sydney, we met with the top 12 Asian teams that will compete for a coveted spot in the 2019 Imagine Cup 2019 World Championship!

Let’s take a look at the twelve awesome Asian teams, and see the innovative ideas they will be pitching in the 2019 Imagine Cup Asia Regional Finals!


What Is The Imagine Cup?

Held and sponsored by Microsoft since 2003, the Imagine Cup is the world’s premier student technology competition. Teams of students from across the globe work together with mentors and industry leaders to bring their biggest and boldest ideas to life.


The 2019 Imagine Cup Asia Regional Finals

This year, Microsoft organised the 2019 Imagine Cup Asia Regional Finals in Sydney, Australia. Hundreds of teams from 17 Asian countries submitted their projects, but just twelve great teams won a shot to participate in the Asia Regional Finals.

These twelve teams will compete for US$20,000 in prizes on 12 February, but only one team will win the ultimate prize – an all-expenses paid trip to the World Finals in Seattle!

There, the 2019 Imagine Cup Asia Regional Champion will participate along the best and brightest teams from across the globe to claim the title of World Champion, US$100,000 cash prize, and the chance to take home the Imagine Cup!


The 2019 Imagine Cup Asia Regional Finalists


Country : China

Project : Rail Component Inspection Robot

Their Rail Component Inspection Robot (which combines AI and IoT) operates through automatic positioning, and identifies various defects through multi-sensor fusion in order to realise the replacement of workers in a rail inspection project.


Country : India

Project : Spot – AR Based Product Filtering

Spot allows you to recognise packaged foods and check if it contains a certain ingredient or exhibits a certain character.

If a tourist visits India, he is unaware of what he can eat because packets have information written in a foreign language.


Country : India

Project : Caeli – Breathe Freely

Caeli is a smart automated Anti-Pollution and Drug delivery mask specifically designed for Asthmatic and Chronic Respiratory Patients.

Caeli implements breakthrough features to improve the quality of life for respiratory patients living in polluted areas.


Country : India

Project : RVSAFE

Disasters often strike, when we are least prepared to face them. They leave behind a trail of destruction, adversely affecting human life, and property.

The loss caused by disasters can be significantly reduced with better communication and proper management. Keeping this in mind, we designed RVSAFE, a one-stop solution for effectively handling any kind of disasters (natural or man-made).


Country : Indonesia

Project : Selection – Social Media

Sellution is a software as a service (SaaS) to help SMEs to perform social media marketing, not just in an easy way, but is also effective and efficient.

Sellution’s main features are optimizing marketing content, help finding the right audience, and recommendations.


Country : Korea

Project : Fishing Phishing

Fishing Phishing by the Fhisherman team from Korea is a smartphone application that uses Machine Learning to analyse call voices in real-time.

It is designed to detect scam calls and warn the users!


Country : Malaysia

Project : Smart Urban Farming with Automated Environmental Controlled Systems (SUFECS)

SUFECS was developed to transform the farming experiences of urban farmer.

With SUFECS, farmers can monitor and control the artificial environment to achieve the most suitable environment for crops.


Country : New Zealand

Project : LookUP

It is estimated one in five people in the world are dyslexic. However, most QnA platforms are completely text-based.

LookUP is a medium in which the dyslexic and non-dyslexic communities can effectively collaborate and learn from one another.


Country : The Philippines

Project : Aqua Check – Water Contamination Mobile Application

Aqua Check utilises Microsoft Azure’s Custom Vision to empower anyone to analyse for contamination by taking a photo of a water sample through a microscope.

Using Azure Web and Azure Maps, we are able to map the contamination locations.


Country : Singapore

Project : Mobile Augmented Reality Navigation Application for Wheelchair Users

This project aims to develop a mobile application, InclusiveAR, to assist wheelchair users in travelling.

InclusiveAR will map out wheelchair-accessible routes and provide visual guidance to direct wheelchair users to their destinations using AR.

The Straw Hats

Country : Sri Lanka

Project : Mind Probe

Our project aims to help people with disabilities like ALS, DMD, etc. which impair their ability to communicate.

We tap into their brain waves and use that to predict the number they are thinking and use that information to interface with a smartphone.

Maker Playground

Country : Thailand

Project : Maker Playground

Maker Playground is a next-generation IDE for IoT project development from developing device firmware, generating circuit diagram, programming your device, and designing an IoT dashboard all in one software.


See You @ The 2019 Imagine Cup Asia!

Congratulations to the 12 awesome teams!

Later today,, they will present their projects at the 2019 Imagine Cup Asia Regional Finals… and by 5 PM, we will find out who the 2019 Imagine Cup Asia Regional Champion will be!


Recommended Reading

[adrotate group=”2″]

Go Back To > Software | Business | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kaspersky Lab Protection For Household 2.0 Revealed!

Kaspersky Lab is not letting their woes with the US Department of Homeland Security detract them from their core business of protecting consumers against cyberthreats. That was the message they conveyed when they presented the Kaspersky Lab protection options for Household 2.0.


Household 2.0

The modern home has changed. In the new era of Household 2.0 which consists of 2.4 people and 0.3 pets, there is an average of 6.3 connected devices per house! Yet, the Kaspersky Cybersecurity Index found that 39% of people are leaving their devices unprotected from cyberthreats like hacking, malware, financial fraud and more.

To protect these connected devices that play such a prominent role in Household 2.0, Kaspersky Lab is introducing updated versions of Kaspersky Internet Security and Kaspersky Total Security.


Kaspersky Lab Protection For Household 2.0

The updated Kaspersky Internet Security and Kaspersky Total Security come with anti-phishing technology to prevent users from falling victim to fake or spam emails, fake websites and fraud.

In addition, the updated URL Advisor tells a user whether a link in the search engine leads to a trusted, suspicious, dangerous or phishing website, or a website that may cause their computer harm, via a special indicator close to each link.

Many people are also worried about ransomware and the loss of their digital memories. To give them peace of mind, the new Kaspersky Internet Security and Kaspersky Total Security have updated anti-ransomware features.

Protecting your mobile devices is the new App Lock feature for Android. You can now protect specific apps like instant messaging services, social media or email accounts with a secret code. You can also use the Kaspersky Secure Connection service to encrypt your network traffic whenever you use a public or insecure Wi-Fi network.

Children are also increasingly connected to the Internet. To protect them, parents can use Kaspersky Safe Kids parental controls in Kaspersky Total Security to set time limits, restrict applications and prevent access to pages with adult content, obscene language or information on drugs and weapons.


The 2018 Kaspersky Lab Product Price List

Products One Device Three Devices Five Devices
Kaspersky Total Security RM 109 / ~US$ 27 RM 199 / ~US$ 49 NA
Kaspersky Internet Security RM 100 / ~US$ 24 RM 179 / ~US$ 44 RM 249 / ~US$ 68
Kaspersky Anti-Virus RM 39.90 / ~US$ 9.70 RM 119 / ~US$ 29 RM 199 / ~US$ 49

Here are some Amazon purchase links :


The Kaspersky Think Security Campaign

In conjunction with the announcement of the new Kaspersky Lab protection fo household 2.0, Techlane Resources, the Kaspersky Lab distributor in Malaysia, announced the Kaspersky Think Security Campaign.

You can now purchase Kaspersky Internet Security 3 Devices 1 Year at RM 179 / US$ 44 and get the following Kaspersky products absolutely FREE :

[adrotate group=”2″]

  • Kaspersky Internet Security 1 Device 1 Year,
  • Kaspersky Internet Security for Mac 1 Year, and
  • Kaspersky Internet Security for Android 1 Device 1 Year

You can also purchase Kaspersky Anti-virus 1 Device 1 Year at RM39.90 / ~US$ 9.70 and get the following Kaspersky products absolutely FREE :

  • Kaspersky Anti-Virus 1 Device 1 Year,
  • Kaspersky Internet Security for Mac 1 Year, and
  • Kaspersky Internet Security for Android 1 Device 1 Year

Go Back To > Events | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Trend Micro : Worst Cyber Threats Facing SMBs

Hackers have plenty of impetus for targeting large enterprises, especially government agencies, financial institutions and health care organizations. Even large entertainment firms such as Sony Pictures, retailers like Target and telecommunications companies including TalkTalk have been exploited by cyber criminals.

That said, the highest valued companies are not the easiest targets, especially since there are relatively few of them compared to the amount of small and medium-sized businesses. Hackers on the prowl will follow any and all leads to a quick payday. Often, this means firing into the crowd, so to speak.

Cyber criminals will have better success going after a larger number of targets than trying to orchestrate advanced targeted attacks against one bigwig organization. Even as cyber criminals continue to become more ambitious, in all likelihood, cyber attackers will continue to go after smaller businesses in 2016. For this reason, it’s worth reviewing some of the biggest cyber threats currently facing SMBs.


DDoS attacks

Distributed denial of service attacks represent a huge cyber threat to any business, but especially to SMBs that can only afford limited bandwidth. As hinted at in the name, the purpose of a DDoS attack is to shut down a server, thereby blocking user access to specific Web services or applications. This is accomplished by flooding network intrastate with meaningless traffic. Hence the name, the heavy distribution of requests results in a network crash.

There are countless motives for orchestrating a DDoS attack. For example, it may be executed in an attempt to shut down specific security services, so as to orchestrate a more serious, supplementary attack. However, more often than not, the goal is extortion. Hackers will flood a network, and will send ransom notes to the company stating that they won’t ease up until a certain amount of money has been paid to them. This is precisely what happened to ProtonMail in late 2015. Cyber attackers shut down the company’s central data center, and then requested a ransom of 15 Bitcoins, the rough equivalent of $6,000. In response to pressure from third parties, ProtonMail paid the ransom. However, the cyber criminals did not ease up.

The first main takeaway here is that DDoS attacks remain a significant threat to all organizations, but especially companies that offer Web-based services, and in particular, SMBs that might not have significant bandwidth. The second lesson from the incident is that any SMB that falls prey to an attack should not pay a ransom. Recovery will be time consuming, and will most likely impact revenue. However, paying cyber criminals a ransom only for them to continue the attack will result in even more lost money. When it comes to prevention, network vigilance is key. Any early signs of an impending DDoS attack may make it possible to mitigate the effects. Laying out a smart network infrastructure that can evenly distribute barrage of traffic may also alleviate some of the strain.


Striking the point of sale

Point-of-sale malware is not a new cyber threat, but it’s one that has become especially prominent in the past few years. According to Trend Micro, SMBs were hit particularly hard in 2015, having accounted for 45 percent of all scenarios involving POS malware. Everything from restaurants to boutiques to small service providers are heavily targeted, mainly because cyber security is not quite as strong for these companies. Not to mention, smart, sneaky new strains of POS malware are always being created.

For example, Trend Micro researchers recently discovered a form of malware that seeks out POS systems in a network. Dubbed “Black Atlas,” the malware does not appear to target specific companies in any particular industry. However, SMBs are the most likely to be affected.

Other POS threats come in the form of skimmers. These are basically rigged payment processing units that are designed to collect card information, which is then sold on the Dark Web. Part of the reason this is such a big problem for SMBs is because smaller businesses are more likely to purchase less-expensive, poorly vetted card payment systems. Some of these are actually pre-configured with skimmers. In fact, Trend Micro noted that in China, cyber criminals can actually receive text messages every time a skimmer successfully plunders payment information.

In order to avoid being snagged by a POS malware scam, SMBs are encouraged to always purchase verified, well-known payment processing systems. This will significantly reduce the threat of skimmers. Defending against POS malware is slightly more complicated as strains continue to become more elaborate, and generally more difficult to detect. There have been several cases in the past few months of hotel chains having customer payment information stolen as a direct result of POS malware.

The good news, however, is that the use of EMV chip technology significantly reduces the chances of payment information being pilfered. Rather than using the same code for every transaction – as magnetic stripes do – these chips generate a single-use script for each purchase, so that even if hackers to manage to collect this information, it is essentially useless.

Therefore, SMBs are encouraged to make the shift to EMV card processing systems as soon as possible, especially considering that as of October 2015, liability for stolen payment data shifted to merchants. Any business that does not have EMV card reading technology, and is hacked, can therefore be held accountable for the ensuing damages. Many small businesses can hardly afford to become the victim of a POS malware ploy, let along cover subsequent legal damages.


Phishing scams

Phishing scams will always be a problem for companies of all sizes. As long as corporations continue to fall for these ploys, hackers will work tirelessly to bring down their targets, which include SMBs. Much like DDoS attacks, modern phishing scams often take the extortion angle. One of the most prominent, recent examples is the notorious CryptoLocker strain. There are various forms of encryption malware, and many of them start off as phishing scams.

[adrotate group=”2″]

Basically, an employee might receive an email with a request to download a certain PDF or XML. In theory, an aware user should be cognizant of the danger involved with downloading a shady file, but on a particularly busy day, a phishing email may trick even the most wary of workers. Upon opening the cleverly disguised executable, files on the network are locked down. What typically follows is a payment request in order to decrypt the files.

Other phishing ploys might target social media portals, so as to take control of an account. For an SMB that relies on its Web presence to drive traffic to brick-and-mortar locations – for example, a restaurant, bar or mechanic shop – a hacked company Facebook page isn’t exactly choice marketing. Regardless of the targeted medium, a phishing scam can cause serious productivity setbacks for SMBs.

When it comes to securing against phishing scams and cyber threats in general, employee vigilance is hugely important. Granted, even this won’t always be enough to prevent a business from becoming the victim of a cyber attack. For the real tricky threats, SMBs will have to rely on threat protection.

Go Back To > Cybersecurity | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!