[ALERT] ADVISORY ON PHISHING CAMPAIGN RELATED TO BRUNEI SYARIAH LAW IMPLEMENTATION

Submitted by admin on Fri, 04/05/2019 - 18:03
Background

As Brunei recently announced the implementation of Syariah law, it has been discovered that some parties are taking advantage of the current situation to carry out phishing campaigns. Phishing emails appear to have a subject matter related to the implementation of Syariah law. Such emails may contain malicious attachments or a link to a phishing website.

Phishing is a method of social engineering through electronic communications to obtain personal credentials or sensitive information such as usernames, passwords or credit card details. It is usually carried out through email or instant messaging and often redirects users to a fake website which looks like a legitimate site. It is good practice NOT to click on any links in emails as it may contain viruses/malware, or it could redirect you to a phishing site. File attachments may contain malicious software or embedded code which infect users’ computers or devices.
 

Recommendations

•    Be suspicious of messages that seem to grab the readers’ attention especially if the issues being highlighted are relevant to the current social, political and economic situation and are trending heavily in both social and traditional media.
•    Look for tell-tale signs in these phishing emails that might not be consistent with the organizations that they supposedly represent. For example, bad grammatical errors, email compositions that seem to be copied and pasted, inconsistent terms being used in the same email, etc.
•    Be suspicious of demanding messages that require your immediate response.
•    Do not reply to email or pop-up messages that ask for your personal or financial information. Ignore and delete the email immediately. Legitimate organizations will never request sensitive or personal information via email, and most banks around the world will not ask for your information unless you are the one who contacted them.
•    Do not click on links, download files or open attachments in emails from unknown senders. Make sure you type the URL of the website you need, directly into your web browser.
•    Do not forward any attachment from these emails to other platforms like mobile devices and smart phones.
•    Make sure you visit only the genuine website of a business. Many businesses would often have a secure website that begins with https://
•    Update your computer’s operating system and Internet browser software regularly. These updates routinely include security enhancements.
•    Install antivirus software and update the virus definitions regularly.
•    Select and maintain passwords that are difficult to guess and change them regularly.
•    Never reveal confidential information on fake/spam email.
•    Always turn on Windows Firewall. The settings can be found in the Control Panel. 
•    Do not send any emails or instant messages containing your personal or financial information.