Phishing or pissing

To set up phishing sites it hardly requires an exploit to hack into the web application (Jhoomla, phpBB etc..) and upload the copied target site onto it. And booom..phishing site is up…in less than a couple of minutes.
But for an nfomation Security officer of that targetted organization, it takes much more than that to bring the attack and after effects under control. For them its sounds like a pissing attack. They get really pissed off. These pissing affect remains even after the phishing site has been brought down. They need to check if the phisher has compromised any customer’s user credentials. This requires continuous monitoring and thorough forensics. In the end both the organization and the end customers suffer.

Most important and effective thing the organization should always do to bring down the damages incurred due to phishing is PROPER customer training. This is what every organization knows and this is what most of them don’t do completely or in an improper way.

For the customers, they should always remember a few basic points:

* Always look for a lock icon in the browser taskbar. This icon indicated that the site is safe and uses HTTP over SSL.
* A phisher can also publish his own SSL certificate which is not verified by third party organization like Verisign etc. In that case you may get a warning if you want to trust the certificate? Do not blindly accept the certificate.
* Pay attention to URL. If the URL looks suspicious, simply leave that page. Also always type in the URL of the site you want to visit. Do not click the phishing link in the phishing mail.
* Today most browsers has an integrated anti-phishing feature. IE7 and FF2/FF3 have them. If your browser does not have the in-built feature, then install any good anti-phishing toolbar. This will warn you when you visit phished site.(if it has already been reported.)
* Always enable spam filter in your mailbox or at ISP level.
* Always keep anti-virus and anti-spyware properly updated and REGULARLY scan your system for any malware.
* If you come across any phishing site, do report it to concerned organization.

Well these are the basic points that every single customer should follow to avoid any data/credentials compromise.

w0lf

Similar Posts you might be interested in:

    None Found

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • MySpace

categories Phishing | w0lf | September 15, 2008

Leave a Reply