Recent phishing & malware attacks faced by some of my friends provoked me to write this small self help article.
1. If you are visiting a website please ensure that you are visiting the correct URL. Many times we will get spoofed by Typosquatting
For example if you type http://gogle.com it will take you to http://google.com, but not all the providers are google to acquire all possible combination of domain names.
2. Beware of phishing. Most of the phish sites will be start with the domain name similar to the original sites. If you look carefully at the URL in the address bar the last part of the domain is important.
For example http://ebay.cgi-bin.tru.co this URL starts with ebay which is the sub-domain of main domain tru.co which is not an original ebay website. The web page might look exactly like ebay page but it's a phish site.
Mostly bank sites, paypal, ebay were targeted by phishers previously but these days even common mail sites, social networking sites are also being targeted.
If you suspect a site as phish you can verify it's authenticity by searching at http://phishtank.com If the URL that you searched was not available there you can submit it for analysis. There is also Anti Phishing Work Group & you can post the URL's there too. http://www.antiphishing.org/
3. Never click a link sent from an unknown user in an email or IM. Sometimes the from address will look like the original bank email ID.
4. And none of the bank will ask for your Debit card number & pin while logging in to their website so never give out that.
5. Always check whether the banking sites uses https instead of http. https is a secured protocol commonly used by all authenticated bank/company. Previously GMail offered https as a optional service now it converted it as a default service for all the users. While using https it might be little slow but it's always secured. Many websites we uses http by default & they may also have an optional https service.
For example meebo.com always points to http by default. If you key in https://meebo.com it will get into secured page.
6. Never have a common password for all the sites like mail, social networking, banks etc.
7. And always have password length greater than 8 characters & it should contains capital letter, small letter, number & special character. Which makes it strong & difficult to break it using brute force attack.
8. Never save all your passwords anywhere like writing it down or saving it as draft in mails.
9. Always clear cookies & cache of browser after accessing the bank sites. The following link contains the step by step instruction to clear cache/cookies in different browsers.
http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=32050
10. If you doubt whether any of the sites may harm your computer by infecting it with malware/spyware/virus. There are various services available to check the authenticity of a website. Key in the URL & check whether the site is good or bad.
http://safeweb.norton.com
http://siteadvisor.com
http://www.mywot.com/
Google too have it's own analysis engine which shows "May harm ur computer" when it detects the URL produced by the search result is harm. But none of the service give you a 100% guarantee because internet world is huge & rapid, there are high possibility that the website owner can change the content after the site got scanned.
It's always best for us to keep our steps cautiously...
Hope this will help atleast very little...
1 comments:
Good post and this enter helped me alot in my college assignement. Thanks you as your information.
Post a Comment