The election result is (almost) out, with Barisan National winning 137 seats versus the opposition 82 in the parliament. And overall, BN won 309 state seats over 192 by the opposition and 1 independent contestant.
This is a shocking result to both the Barisan National and the opposition. BN suffers a big lost in the election, which even many of the current minister were ousted. And new star like Jeff Ooi, the blogger turn politician and many other opposition contestant won with a beautiful results.
It is well known that there is what was called phantom voters, which refers to people who didn't turn up for voting and yet he is voted. These phantom voters could be deceased, overseas, or just don't want to turn up to vote. Over the news, there is even voters that have fake identity card numbers.
So what is the implication of this? I would say, the opposition really won a very very tough competition and they won really BIG this time. Considering that there is phantom voters and possibly under table work to alter or influence votes, the oppositions have to work double hard to win the bid. And we saw now, perhaps it is too many votes, which it couldn't be faked out to change the result this time for the BN. There was saying that when the opposition seems to be winning, the committee will take another "backup" voter box and count it in, which then BN won eventually. Even the strategy of redrawing the area of certain state territory couldn't save BN for the bid this time.
So after all, the opposition is now in control of 5 of the major states in the country, namely Penang, Selangor, Perak, Kelantan and Kedah. And also occupied 1/3 of the parliament seats. I would look forward to changes that the new parliament and state government made to Penang and Selangor, where foreign investments are likely to have some influence after the election.
Anyway, it is still too early to say how's the future of Malaysia will be, but this is a good new start, and yet, a small step in the very long journey.
I do hope Malaysia really can live up to its slogan --- "Malaysia Boleh!"
Sunday, March 09, 2008
Thursday, March 06, 2008
Jewellery Marketing Scam
Nowadays we heard of many scams in the news that people are being conned for money. One of the oldest scam is perhaps those unsolicited emails that always end up in your junk mail folder (gmail filters that all the time, but yahoo and hotmail doesn't seems to do the job as good).
So email is one way that these scams will come to you, by saying that there is this fella had passed away and his cousin/son/relative who cannot inherit its funds in the Swiss Bank due to legal or tax reason. And to work around that is to transfer/remit those funds to overseas to avoid the huge amount of tax and such. And you had been referred or recommended to assist him, and rather you are the lucky one that he had picked up to contact with. The catch is, you need to first transfer some money, say about a few thousand to his account, so that he can use the fund to work things out and also for him to believe that you are trustworthy. So, basically many people actually fall into the trap for a very simple reason -- greed.
There are many more different scams over email, but then, that won't last long, as majority of users using email are educated to identify such scam over time. The next channel these scammers try is, to call you directly, on your fixed line or mobile line.
This is how it works, one of the actual case in Malaysia, some one was called and saying that his son was being kidnapped and command the parent on the phone to quickly go to the bank and transfer a big sum of money to the scammer's account. While on the phone, this father couldn't make another call out to verify that, or if he is able to do so, his son's line might had already been engaged by the scammer, probably talking about the same thing about his parents. And the scammer actually warned the party on the other end of the phone, not to make police report or try to be funny.
This is rather a mind twisting game, it challenges the victim on the urgency of the matter. To make it more realistic, the scammer might had already done some prior social engineering to figure out his household information. Such social engineering are pretty simple thru telemarketing tactics. You might receive a call saying that you are being invited to an exclusive showcase on some product, as part of their company new launch in the area, or you might got calls that say you won a lucky draw that you've never put your name on.
I've received such calls before, and they are quite "high-tech" I would say. I was being called and mentioned that the handphone company wanted to launch their product here and now calling up to survey. And they happen to have a talk/show on the coming saturday, at Johor Ah Fook Street, and I'm one of the VIP invited. Ofcourse, I'm not going to attend that, but well, the operator was polite and say that's fine, she'll keep me informed of the updates.
So one week later, she called again. I was told that I won a lucky draw on the day itself, but because I'm not able to attend, the prize wasn't given to me. But well, so they reserved the prize for me. And next, trying to lure me for another talk/show and such, and demand more of my information in order to verify and check my details so that the prize could be sent over to me. So that really alerts and annoy me, as it seems like it was purely a cold turkey call, where by all the operator know initially was only my number, not even my name and age. So of course, I refuse to give more details and say I'm not interested after all. And then the sales tactic came in, I was being questioned of why? since she did not even sell me product, but just that I won a prize! I really feel pissed off and she got it off the line with a bit of anger that I'm weird and stupid.
Just the day before, I receive a similiar call again and this time round, I manage to record this really boring or funny conversation.
So, what does all these things tell us? --- TO BE ALERT ALL THE TIME!
Social engineering had proven to be the weakest link in any security channel. No matter how secure your system or procedure is, there is always a way to social engineer thru it and break in with full trust.
With today's technology, there is ways to fake incoming call number, so the first line of defend of checking on the incoming call number is no longer a very trustworthy indicator of authenticity. And we really got to rely on our gut feelings and also experience, plus alertness.
When you receive a call today, if it says that it is from the bank and need to verify with you on your details and mother maiden's name before carry on, you better stop there and ask if you can call back to the bank via their main line and asked to redirect to the same operator. This is a real life 2-way handshake protocol that you can establish the authenticity of the connecting party! (our major computer network protocol TCP which all your web surfing is running on is based on this). If not, you better challenge the banker rather than having only the banker challenging you to authenticate you over the air.
I think the bank will start to get crazy on this very soon as scammers tap on advanced technology to fool users. And who knows, the next call the you receive from the bank requires you to tell him your 2nd factor authentication code, which you need 1 min or so to dig it out from your bag and press the little button on it and read it out. Beware! never do so for now at least, since the bank didn't instruct so publicly, it could just be yet another scammer holding your credit card or bank user name and password, but just need your authentication code to access your account.
In the future, there will need to have a way to authenticate both parties on the line and this will not come cheap nor that very soon. At the bottom line, we ourselves are the one that need to do things that technologies couldn't help us to do so, especially in security.
So email is one way that these scams will come to you, by saying that there is this fella had passed away and his cousin/son/relative who cannot inherit its funds in the Swiss Bank due to legal or tax reason. And to work around that is to transfer/remit those funds to overseas to avoid the huge amount of tax and such. And you had been referred or recommended to assist him, and rather you are the lucky one that he had picked up to contact with. The catch is, you need to first transfer some money, say about a few thousand to his account, so that he can use the fund to work things out and also for him to believe that you are trustworthy. So, basically many people actually fall into the trap for a very simple reason -- greed.
There are many more different scams over email, but then, that won't last long, as majority of users using email are educated to identify such scam over time. The next channel these scammers try is, to call you directly, on your fixed line or mobile line.
This is how it works, one of the actual case in Malaysia, some one was called and saying that his son was being kidnapped and command the parent on the phone to quickly go to the bank and transfer a big sum of money to the scammer's account. While on the phone, this father couldn't make another call out to verify that, or if he is able to do so, his son's line might had already been engaged by the scammer, probably talking about the same thing about his parents. And the scammer actually warned the party on the other end of the phone, not to make police report or try to be funny.
This is rather a mind twisting game, it challenges the victim on the urgency of the matter. To make it more realistic, the scammer might had already done some prior social engineering to figure out his household information. Such social engineering are pretty simple thru telemarketing tactics. You might receive a call saying that you are being invited to an exclusive showcase on some product, as part of their company new launch in the area, or you might got calls that say you won a lucky draw that you've never put your name on.
I've received such calls before, and they are quite "high-tech" I would say. I was being called and mentioned that the handphone company wanted to launch their product here and now calling up to survey. And they happen to have a talk/show on the coming saturday, at Johor Ah Fook Street, and I'm one of the VIP invited. Ofcourse, I'm not going to attend that, but well, the operator was polite and say that's fine, she'll keep me informed of the updates.
So one week later, she called again. I was told that I won a lucky draw on the day itself, but because I'm not able to attend, the prize wasn't given to me. But well, so they reserved the prize for me. And next, trying to lure me for another talk/show and such, and demand more of my information in order to verify and check my details so that the prize could be sent over to me. So that really alerts and annoy me, as it seems like it was purely a cold turkey call, where by all the operator know initially was only my number, not even my name and age. So of course, I refuse to give more details and say I'm not interested after all. And then the sales tactic came in, I was being questioned of why? since she did not even sell me product, but just that I won a prize! I really feel pissed off and she got it off the line with a bit of anger that I'm weird and stupid.
Just the day before, I receive a similiar call again and this time round, I manage to record this really boring or funny conversation.
So, what does all these things tell us? --- TO BE ALERT ALL THE TIME!
Social engineering had proven to be the weakest link in any security channel. No matter how secure your system or procedure is, there is always a way to social engineer thru it and break in with full trust.
With today's technology, there is ways to fake incoming call number, so the first line of defend of checking on the incoming call number is no longer a very trustworthy indicator of authenticity. And we really got to rely on our gut feelings and also experience, plus alertness.
When you receive a call today, if it says that it is from the bank and need to verify with you on your details and mother maiden's name before carry on, you better stop there and ask if you can call back to the bank via their main line and asked to redirect to the same operator. This is a real life 2-way handshake protocol that you can establish the authenticity of the connecting party! (our major computer network protocol TCP which all your web surfing is running on is based on this). If not, you better challenge the banker rather than having only the banker challenging you to authenticate you over the air.
I think the bank will start to get crazy on this very soon as scammers tap on advanced technology to fool users. And who knows, the next call the you receive from the bank requires you to tell him your 2nd factor authentication code, which you need 1 min or so to dig it out from your bag and press the little button on it and read it out. Beware! never do so for now at least, since the bank didn't instruct so publicly, it could just be yet another scammer holding your credit card or bank user name and password, but just need your authentication code to access your account.
In the future, there will need to have a way to authenticate both parties on the line and this will not come cheap nor that very soon. At the bottom line, we ourselves are the one that need to do things that technologies couldn't help us to do so, especially in security.
Subscribe to:
Posts (Atom)
