July 05, 2011
Preventing Phishing Attacks
According to a recent Anti-Phishing Working Group (APWG) survey, over one-third of the respondents reported being a victim of repeated phishing attacks or website spoofing attempts on their company’s web servers. Surprisingly, almost 37% of the respondents found that it took multiple phishing attempts before finally being notified of the malicious attack.
Although one in five of the survey takers report that the security issues were found by company staff, and almost 80% of phishing attacks are discovered by third-party companies. So as a website owner, how can you protect your company’s own interests as well as guarding your customers’ sensitive information?
Phishing Methods
Phishing is an act of online identity theft by obtaining sensitive information including usernames, passwords and credit card account numbers by disguising as legit websites and other e-communication outlets. While the majority of phishing attacks are launched via means of e-mail, many web hosting providers also encounter phishing issues.
Phishing in the form of a shady website appears identical to trustworthy social sites and online payment websites; however, in reality it’s a digital trap waiting for the next victim. Phishing may also be successfully done by e-mail attachments or instant messaging.
The most common method of phishing is link manipulation. A link is made to appear legit; however, the URL actually contains deliberate typos to unknowingly redirect users elsewhere. Other forms of manipulating links include: altering text images, inserting the @ symbol within the URL, and mismanagement of IDN in web browsers.
Another commonly used tactic of phishing is website forgery. This malicious attempt occurs when JavaScript commands are utilized to modify the address bar, either by persuading users to click a phony URL over a legit image or closing original address bars and opening new ones. Cross-site scripting is also a crafty tool for phishing as users are prompted to enter sensitive information only to be stolen once a transaction is completed.
Preventing Phishing
Obviously, it saves a lot of time and money if phishing is thwarted at the initial attempts; however, with the dynamic digital landscape, prevention is not always feasible. Website owners should always take extra safety precautions by securing the OS, web server, content, and applications, as well as promptly downloading and installing available applicable security patches.
Additionally, website phishing attacks may be reported using Internet Explorer (IE) by clicking the gear icon, point to Safety, and then click on Report Unsafe Website. IE 9 offers users a SmartScreen Filter to help spot and report phishing sites. Windows Live Hotmail and MS Office Outlook users may also report suspicion of e-mail phishing.
If you have reason to believe you’re a victim of phishing, there are a couple of steps you should take. First, immediately change all passwords and PINS of online accounts that could potentially be compromised. Next, contact credit reporting agencies or appropriate financial institutes to place a fraud alert on your credit report. Finally, close any accounts that were accessed without your permission.
Conclusion
While anyone can become a victim of phishing, applying a little common sense goes a long way. Never open e-mails or click on suspicious links. Legit companies will never ask for sensitive information in an e-mail. Always review monthly credit card and bank statements to check for suspicious activity. Contact your bank or credit card immediately upon discovering unauthorized purchases. Phishing attacks may not always be prevented, but by taking proactive measures, the damage they inflict can certainly be minimized.
Popular LinksCategories: Security Issues |
Tags: attack,
web hosting,
windows,
Scripting,
Security Issues,
server,
redirect,
URL,
hosting server,
server security,
forms,
Windows hosting,
Windows Web Hosting,
website,
dynamic content,
security,
Internet Information Server,
windows server,
malicious,
web hosting security,
online check,
servers,
content,
website security,
website attack,
multiple websites,
credit card,
JavaScript,
cross site scripting,
site scripting,
web server,
web hosting providers,
MS,
theft,
IT staff,
web hosting outlook,
website address,
web hosting companies,
link bar,
web forms,
passwords,
hosting security,
hosting accounts,
multiple hosting,
website attacks,
dynamic websites,
Windows servers,
links,
IT hosting,
Windows security,
IT,
fraud,
web site security,
new server,
IT security,
Internet Explorer,
web servers,
website owners,
dynamic website,
web applications,
website content,
identity theft,
online identity,
image hosting,
credit card numbers,
social security numbers,
content theft,
internet content providers,
security measures,
third party applications,
multiple servers,
hosting account,
Windows web servers,
multiple web hosting,
multiple web hosting accounts,
website safety,
web hosting company,
survey,
mail server,
web address,
mail filter,
phishing
Post comment: