EBizInsider

A small business owner contacted me recently in a panic. A “hacker” had compromised his web hosting account and used it for “phishing.” His website had been immediately shut down and years of hard work had been lost. Phishing is such a risk to identity theft that if such activity is identified on any of your shared or even dedicated web hosting accounts, most companies will immediately delete your data without notice. This is an ugly, dangerous business and you’d better take it seriously.

How Hackers do it - Phishing is the use of fake websites which hackers establish to try to get you to reveal your username and password. Once they have your info, they attempt to log into your accounts and steal your personal information.

Hackers won’t host this information on their own web servers or websites it would be too easy for them to get caught. Instead, they attempt to discover the username and password of YOUR web hosting accounts. Once they access the information, they set up shop inside of your web hosting, where they establish replicas of popular websites such as Bank of America, Paypal, Washington Mutual, Yahoo!, etc. Then they’ll send out e-mail like the one below.

“Dear PayPal User, Recently we have made new updates to our services. We would like you to log in and see all the new features that are available at http://www.paypal.com.”

The key is, when you click the link for “paypal.com” it will go to something like: “http://www.paypal.com.securityonlinelogin.com” or it will have numbers in the url such as: “http://66.512.412.1/paypal.com/index.htm.”

This website of course is NOT PayPal. Hackers have built this to bilk you.

Protect Yourself! - As a consumer, make sure that ANYWHERE you enter a username or password, that it is positively the website you intend to visit. Don’t be fooled by looks! Remember these keys:

a) Examine the URL at the top of the page. Whatever appears right before the .com/ should be the name of the website you intend to visit.

b) Enable security features on all websites you frequently visit. For example, Bank of America requires you to choose a personal image (Site Key) where you enter your passkey. A Bank of America login page without a personal Site Key is not official. Many companies also allow you to choose an image for authentication.

c) Avoid clicking links within e-mail. If you get a security message from PayPal, instead of clicking the link inside the message, type www.paypal.com into your browser and proceed from there.

d) Run virus protection and a firewall on any computer you use to access the Internet. “Key stroke logging” programs infect your computer when you merely visit unscrupulous websites.

e) Make sure you are in a secure environment. The URL in the browser should have https: in front. Internet Explorer shows a Yellow Lock at the bottom of the screen for IE version 6. In IE version 7, the lock is next to the URL. In Firefox, the lock is at the bottom of the browser page.

f) Avoid P2P software such as music sharing programs.

Beware the “Bots” - Merchants should remember that “automated bots” or scripts are continuously trying to figure out the passwords to your website. Almost every website has the ability for FTP (File Transfer Protocol) to be used. If hackers learn your website’s FTP, they can use your web hosting account info for unscrupulous activity. To prevent this:

a) Change passwords for anything that requires frequent password use.

b) Change passwords whenever people leave your company.

c) Choose STRONG passwords. Use at least 8 characters and include capital letters and numbers (e.g. tY7uXnkZ). Avoid repetitive numbers, letters, or personal information (e.g. phone number or birthday).

d) Check the list of authorized FTP users to your website frequently, and remove access to users which no longer qualify.

e) Run firewall and virus protection on EVERY computer in your organization, even those without Internet access (many viruses are spread on removable media devices such as USB drives).

f) Avoid P2P software such as music sharing programs.

g) Scan your network frequently.

The stakes are high! For more information, visit http://en.wikipedia.org/wiki/Phishing

Name (required)

E-Mail (required)

(Will not be published)

Website

Comments

Security Code

Enter the code above into this box. There's no letters, only numbers. We just want to make sure you're human.