internal
HOME
ARCHIVES
CONTACT
THE BIG TRIP
GHOST
REALITI
TABLE FOR TWO
external
THE TALENT FACTORY
CONTRADICTHEORY
distractions
o ENGLISH PREMIER LEAGUE
o JUWITA SUWITO
o FRIDAY NIGHT LIGHTS
Phishing attack from "tmonline.com.my"? Or Paranoid Dzof?
I received a strange email today:Dear dzof123,Reasons why I suspect this to be a phishing attack
Welcome to TM Online the smarter way to manage your telephone bills anytime, anywhere.
To activate the service log on to http://www.tmonline.com.my for TM Bill with the User ID and Temporary Password provided below:
USERID: dzof123
PASSWORD: *********
For security reason you will be required to change your temporary password immediately.
TM Online your one stop management of your telephone accounts.
Thank you,
TM Online
- It came completely out of the blue. I didn't ask for it, they didn't ask me for it, they just gave me a username and password straight away. And they give my username as dzof123, a name I would have never chosen on my own.
- The domain is tmonline.com.my instead of something like http://www.tm.net.my/ or https://tmbill.tm.net.my/SelfCare/Maintenance/selfcareLogin.jsp (which is where you really go to change your passwords and, oh yes, PAY TMNet BILLS ONLINE)
- When you do go to tmonline.com.my and look at the website, it looks... well, it just looks darned suspicious. Hard to explain it. There's no link to tm.com.my for example. And none of the usual terms and conditions and disclaimers. Also, no contact address/phone number. But more than that, it just looks... wrong.
- When you click on FAQ or Online Demo, it tries to surreptitiously forward you on to pagead2.googlesyndication.com and eview.connectme.tv.
- However, when you try to register and fail to give a valid account number, you get the message "No match was found for your account number. Kindly drop an email to tmonline@tm.com.my for personalised assistance" - which looks like a completely valid response. Could you spoof it? Interestingly, a search of both tm.net.my and tm.com.my shows NO contact email address. It's either by using forms or phoning in.
Comments:
paranoid dzof
this should verify the site
https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=HOME-SME.TMONLINE.COM.MY&lang=en
the verisign link is at the bottom of the login page.
this should verify the site
https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=HOME-SME.TMONLINE.COM.MY&lang=en
the verisign link is at the bottom of the login page.
This site is REAL. I use it for viewing my TM home phone bill online. There's a link to it from the TM main website:
http://www.tm.com.my/customer/bill_payment/care_bill_online.htm
Though I dunno why yours was automatic, because mine I had to sign up using my home phone account number and all.
http://www.tm.com.my/customer/bill_payment/care_bill_online.htm
Though I dunno why yours was automatic, because mine I had to sign up using my home phone account number and all.
I don't know about the site, but I happen to know one of the girls in the picture. She's either January Low or one of her friends, because I used to see them a lot in college.
January's an accomplished dancer in her own right, so I don't think that this photo at least is a fake. If it is, it's a good one.
January's an accomplished dancer in her own right, so I don't think that this photo at least is a fake. If it is, it's a good one.
Ya...h the girl on the left does look like January Low, now you mention it. The girl on the right is Lydia Ibtisam, who was on that TV show Impian Illyana. But, having famous people on a picture doesn't necessarily mean the site is genuine.
Post a Comment
