The website was created to allow people to experience phishing for themselves
By LYDIA NATHAN
The creator of fake account siapakenahack.com has assured Malaysians that he will not be storing the data from any entries received by people wanting to check if their personal data has been breached.
Professional security services provider, LE Global Services Sdn Bhd founder Fong Choong Fook told The Malaysian Reserve (TMR) that he hopes more people will be vigilant about this issue.
“There should not be any concern over our site storing the data we received because the website was created to allow people to experience phishing for themselves. So far, 1,000 people have logged in their details to the site.
“The website was created solely for the purpose of getting people to realise that just because a site may carry a governmental logo, it does not mean it comes from a legitimate party. When someone logs into the site and enters their details, the site will direct them to a disclaimer page that said it is a fake account designed to educate people against phishing schemes,” he said.
Although at a closer inspection, the logo design is undoubtedly not correct — the tigers in the logo are missing their tails and there are three instead of five keris — the now viral siapakenahack.com claims that it was developed by the Ministry of Malaysia National Cyber Communication Council, but in actual fact it does not exist.
Fong, however, said people will figure it out once they read everything printed on the page.
“It states in the fine print that the website is a fake account and that it was created for the purpose of educating the public. Having said that, I have noticed that a lot of people never read through the fine prints. You must always read the fine prints,” he said.
Fong expressed his concern over those who may be motivated to create similar websites to use for their own purposes instead.
“It it unsafe and dangerous if the website requires you to instal plug-ins or some type of software for verification purposes because once you click onto these plug-ins, the people behind the website will immediately get hold of your personal data. They can deploy ransomware or viruses to you and also use or sell your data to cybercriminals,” he said.
Not too long ago TMR reported on the dangers of such websites with Sys-Army Sdn Bhd CTO Alan Yau assuring the public not to panic following the recent outcry of data breach, but instead look to the proper authorities for verification.
“Given the sensitivity of the case, we must all follow the policies and procedures according to the law. Those who believe that they are at risk should change their passwords along with their SIM (subscriber identity module) cards,” he said.
In response to the website SayaKenaHack.com created by Singapore-based information technology expert Keith Rozario, Fong said while it’s possible that Rozario has good intentions, he should not have a copy of the leaked data himself.
“With so much uncertainty concerning the breach, having various people offering to check if your personal data has been compromised can blow up into a huge disaster,” he said.
Rozario was given till Sunday to take down the site after it was blocked by the Malaysian Communications and Multimedia Commission (MCMC) last Thursday, following an application from the Personal Data Protection Department under Section 130 of the Personal Data Protection Act 2010 for unlawful collection of personal data.
Fong said that anyone who feels they might be at risk can call the telecommunication companies themselves to verify.
“My mobile provider — within 20 minutes — told me if my number had been used to set up other accounts or not,” he said.
Meanwhile, Jobstreet.com made a disclaimer that nothing can be done in that aspect.
Fong said while he has a account with the job portal, he has yet to contact them.
“The industry should work with authorities like MCMC and Cyber- Security Malaysia to educate the public. The awareness method can be in the form of multimedia format or a classroom format,” Yau said to TMR.
Data breach or not, the public should always keep an eye out for anything that might seem suspicious.