New phishing scam using RMA's name

Today's Kuensel has the following ad by RMA (see image):

We reproduce this notification on ThimphuTech.com to alert our readers. In a recent Kuensel article, Boaz warned about phishing:

"[Boaz] Shmueli said that with more local financial institutions offering internet banking, people should be careful about "phishing". Phishing is when an email falsely claims to be from a legitimate organisation and attempts to acquire personal information, usually accompanied with a threat that the account will be closed unless such information is sent back."

Quick notification of phishing scams is therefore of paramount importance. While posting notifications in the paper-version of newspapers is important, an equally if not more effective way of spreading this information quickly is including it on the newspaper websites, on the Royal Monetary Authority's homepage, and even on social media sites such as Facebook or Twitter. Bloggers quickly pick up on such online notifications and spread the word.

Planning to point our readers to the original notification on the RMA website, I discovered that it was very awkward and user-unfriendly to find the notification, not to mention the format in which it is displayed (or rather, hidden). Browse to the RMA homepage and you will find nothing. Here's the secret path: From the abundance of links, find and click on Notifications and then again on Notifications in the sub-menu. You will then see a page as in the image below. Now scroll all the way down (why are the most recent notifications at the bottom?). Then click on the PDF icon (the text itself is unclickable) to reach a PDF file with the notification . Unfortunately, the notification "design" is much less appealing than the Kuensel notice.

Well hidden announcement!

Organizations should use their homepage in an effective way. This is their prime virtual real-estate and their window to the public. The main page should include announcements or notifications that are visible, updated regularly and easy to view.

New phishing scheme

I just received an email that appears innocent, but is actually a tricky phishing scheme. "Phishing is a form of fraud in which a message sender attempts to trick the recipient into divulging important personal information like a password or bank account number, transferring money, or installing malicious software. Usually the sender pretends to be a representative of a legitimate organization." (Gmail's definition). The email that I received (which was able to pass through the Gmail spam filters) looks like this:

The scammers here are posing as Adobe, a credible company, well known for their Acrobat Reader software. This email is tricky for two reasons:

• It doesn't directly ask for your password or other personal information. (That will happen only after you click on the link to their website) 
• The URL mentioned in the email actually links to that exact URL (In some schemes, the URL written in the email is linked to a different URL -- placing your cursor on the link will reveal the destination URL). In other words, these scammers purchased the domain "adobe-software-2010.com". If you examine the actual sender's address, you'll see that it is "newsletter@adobe-software-2010.com". 

If you receive such an email, protect yourself by not responding or clicking on any links within it. If you are using Gmail, you can help others by reporting the email as Phishing (as shown in the picture above). I reported this one, so hopefully you will not receive it!