Phishing Update
Wednesday, June 10, 2009 13:27Websites and Phishers
I had just got done writing about recent website attacks on a variety of small business websites when I came across updated statistics from the Anti-Phishing Working Group that show even more of a need to protect your website. The statistics indicate that the majority of criminals are actually using legitimate business websites when carrying out phishing scams. The information shows that the fake or forged websites are only used by these con artists in 13 percent of the phishing attacks. With a total of 30,454 domain names used by phishers in the last half of 2008, only 5591 of these domains were ones the phisher had set up themselves. The remaining phishing attacks were using legitimate business domains. This contradicts some of the information in my phishing article and is all the more reason to protect your business website and brand.
The Anti-Phishing Working Group has put out a short report that has some general guidance on steps a business should take if phishers have compromised your website. The report can be downloaded here . The report does not go into great technical detail, but it does explain how these type of phishing attacks occur, how to discover or know if your site has been taken over by phishers, how to respond to such website attacks and a little on recovery and follow-up to such attacks. Also, at the end of the report is a list of sites that are additional resources related to this topic. The report is only 18 pages long and would be a good read for any business that has a internet presence.
Facebook and Phishers
One other update that I wanted to note is that Facebook is being used by phishers to gather Facebook users’ log-ins and passwords. This is just another method of the phishing attack that we have discussed in previous articles. In this method, a compromised account sends a link to friends which takes the user to a site that looks like a real log-in page for Facebook. The user then enters their personal information including password giving the phisher this information. Many business owners who have a Facebook account use the same log-ins and passwords for other accounts which is what phishers are counting on. Once they have the log-in information, they can gain access to on-line shopping, bank accounts, or as talked about before, to your web hosting account.
Download the report from the Anti-Phishing Working Group and read it. Also, look to make sure that you’re not using the same log-in information for your social media accounts such as Facebook for access to your more critical accounts such as on-line shopping, web-hosting, banking or other critical accounts. If you do use the same log-in information, change it. I always recommend using different log-ins and passwords for all your different accounts.
Related posts: