Please use a Javascript-enabled browser. 040102en03001
news.gov.hk  
 From Hong Kong's Information Services Department
*
January 4, 2004
*
*

Security

 


*
Vigilance helps identify fraudulent websites

With the Internet's popularity rising, e-transactions, particularly online banking services, have become an indispensable part of many people's lives.

 

However, the recent upsurge in fraudulent e-banking websites has raised people's attention concerning the security of e-transactions.

 

In an interview with news.gov.hk, Information Technology Services Department Senior System Manager Tony Wong said hackers usually send e-mails to bank customers, requesting sensitive information for updating purposes.
tony wong SSL pad lock e-cert
Constant vigilance: Information Technology Services Department Senior System Manager Tony Wong says people can verify the true identity of a website by double clicking the Security Socket Layer padlock icon. Bank organisations are also advised to consider asking their customers to prove their identify with an e-Cert.

"If the customers follow the instructions and hyperlinks provided by the fraudulent e-mails, they will be redirected to a fake website created by the hackers, which looks exactly the same as the genuine website," Mr Wong noted.

 

A window will then pop up and ask customers to enter their account-related information, including their account number and login password. Once the entering process is completed, all the information, instead of going to the true e-banking website, will be sent to the hackers' website.

 

Never follow suspicious hyperlinks

To protect an individual from being deceived by hackers, people should always be skeptical when receiving emails from untrusted or unknown origins, Mr Wong said.

 

They should not follow the hyperlinks provided by suspicious emails or websites. Instead, they should enter domain names or website addresses directly from the browser or make use of the bookmark function of their browsers to store the true website address.

 

Mr Wong also offered some tips for people to verify the true identity of a website.

 

"When an organisation requests its customers to enter sensitive information through its website, some security measures will be adopted to protect the data from being stolen by hackers. One of them is the Security Socket Layer (SSL) which helps encrypt all the information provided by the customers."

 

SSL padlock icon helps verify websites' identity

"If a website adopts the Security Socket Layer measure, an SSL padlock icon will be found at the right bottom corner of the browser. For those fake websites, such a padlock doesn't exist."

 

If people double click that padlock, they will see the information about the website's identity, for example the domain name of the website, its e-Cert information and the name of the organisation issuing that certificate.

 

People are also reminded to always keep their anti-virus software up-to-date because hackers will try to steal people's information by spreading computer viruses or making use of the vulnerability of computer software to hack into people's computers. 

 

e-signature, e-Cert enhance security

To enhance the security of e-transactions, bank organisations are advised to consider using e-signature in their e-mails so that their customers can differentiate  genuine e-mails from fraudulent e-mails.

 

Currently, most e-transaction websites ask customers to provide their login names and passwords only. To enhance the security, they may also consider asking their customers to prove their identify with e-Cert .

 

"Even if hackers get the username and password of the customers, they still cannot login since they do no have the customers' e-Cert," Mr Wong noted.