He creates a fake website to educate them about phishing attempts.
PETALING JAYA: An online security expert today said Malaysians were a gullible lot.
To prove his assertion, he created a website siapakenahack.com and said it became popular.
But what people didn’t know was it was a fake website which didn’t do much.
It was created by CF Fong, who is the founder of security services company LGMS.
Fong told Star Online today he created the site to educate Malaysians to be vigilant of fake websites.
“The whole idea was to educate people because recently people were keying in their identification card (IC) numbers into the sayakenahack.com website,” said Fong.
“You shouldn’t depend on any broker or third party to find out (whether your account has been hacked).”
Many Malaysians had accessed the sayakenahack.com website after news reports that a data breach in 2014 had resulted in the theft of personal details of 46.2 million mobile subscribers in Malaysia.
The breach resulted in home addresses, MyKad numbers and SIM card information being exposed to the risk of falling into the wrong hands.
Reports said that 81,309 records from the Malaysian Medical Council, Malaysian Medical Association and Malaysian Dental Association were also leaked.
Tech blogger Keith Rozario created this website to enable the public to check if their personal data had been stolen.
Rozario said such data was already freely available to hackers or “geeks” to download, as they were the only ones with the necessary skills.
However, the site has since been blocked by the Malaysian Communications and Multimedia Commission (MCMC) on Thursday. This followed a formal request from the Data Privacy Protection Department.
Rozario said his site will be taken down today.
Fong told Star Online that 500 people had given their phone numbers on his siapakenahack.com fake website just today alone.
A check on the website showed it was developed by the “Ministry of Malaysia National Cyber Communication Council (MNCCC)” — a non-existent ministry.
After a visitor submits his phone number, a page appears to state it is “a fake website to teach you about phishing schemes”.
Fong said someone can create a similar website like this but with sinister motives.
“The moment you key in your phone number, a prompt may ask you to install a plug-in or simple software for verification.”
He said generally people were less defensive when asked to key in their phone numbers.
Fong warned that similar websites like the one he created could be programmed to send malware or ransomware for hackers to hack into the account.
“The correct procedure is not to key in anything on any website that you are unsure of,” he said.
Fong said his website had tell-tale signs that all was not right.
Besides the bogus ministry stated, the Malaysian coat of arms is not real. The tigers have no tails and there are only three keris instead of five.
Fong advised people to ensure that any websites that prompted them to give personal information was legitimate.
He suggested Google-searching the website first before proceeding.
It’s ‘elitist’ to block sayakenahack.com, says site designer
Leaked data ‘likely been available online for a while’
Minister: MCMC may have identified sources of massive data breach
The views expressed in the contents are those of our users and do not necessarily reflect the views of FMT.
Sumber Security expert shows how gullible Malaysians are online