1. Top Story

Protect Your Business from Phishing Scams

By Nicole Jones

Yes, everyone knows about fishing, but what about the “ph” kind? Phishing is a type of fraud that sends files to hijack your computer or hijacks business brand names to trick computer users into visiting a bogus Web site — all with the intent of extracting sensitive information like bank account or credit card numbers. Almost 24,000 incidents of phishing were reported in December of 2006 alone, according to the Anti-Phishing Working Group.

By not knowing about phishing or how to protect your business from it, you or your employees could end up taking the poisonous bait. For example, the message “We suspect an unauthorized transaction on your account, please verify the following information” could lure your employees into providing sensitive corporate information or compromising your corporate Web site — potentially costing your business big dollars. Even worse, one little email could infect your computer with “pharming software,” that allows organizations to steal confidential information unbeknownst to you.

Scary, right? Don’t worry; you can do something about it. You can protect your business by following these tips:

1. Use a good spam filter to help fish out scams.

This is often your first line of defense against phishing scams because it ensures most of these messages never reach employees. Many browsers offer free software patches that update such defenses frequently.

2. Antivirus software and firewalls are your best friends.

If you keep these resources up to date, they can be an important second line of defense against software files that can harm your computer or track your activities online without your knowledge.

Antivirus and firewall resources keep you safe by quarantining these potentially harmful files before you accidentally open them. But, the updating part is important because old software can’t recognize or warn you about new scams, malicious software or viruses.

3. Know what to look for.

Even with the best software, some carefully-designed phishing manages to sneak past the filters.

When evaluating sites and emails for hijacking of legitimate company names, look out for extra words in a URL before the “.com”, like “ebay-payment.com” or “microsoft-security.com.” For example, Microsoft’s legitimate security page appears as http://www.microsoft.com/en/us/default.aspx in the browser bar. The slashes and extra information are listed after the Microsoft.com indicating they are part of this overarching domain name (that ONLY Microsoft owns and can use).

Also, look for easily missed spelling substitutions like a number “1” used instead of the letter “l” or two v’s (vv) used instead of a w.

4. Double-check contact information.

Look up the organization’s listing independently of the site and call a representative to ask about the site. Or check your official financial statement for the phone number in the case of emails asking you to call and verify info or accept a refund.

Voice over Internet protocol technology now makes it easy to mislead a caller about the origin of a call, even if you check out the area code. Cross-referencing contact information prevents this mistake.

5. Look for the padlock in the browser bar.

Before you provide sensitive information through an organization's Web site, look for a padlock icon on the browser's status bar. The icon positioned in that spot indicates the page was delivered securely by secure sockets layer (SSL). Phishers often try to give the impression of this security by pasting a padlock in the content of the Web page instead of the browser bar.

Also look for URLs that begin with “https” as a sign of legitimacy. Https means hypertext transfer protocol sent over an SSL. Whenever you see https in the browser bar, your information travels over the Internet in encrypted form so no one but the intended recipient can see it.

6. Beware of attachments.

Be careful about opening any attachments that you did not ask for or don’t know exactly whom they came from. Even if your antivirus or firewall did not catch them there is still a chance they could contain malicious code.

7. Don’t give out information in email messages!

This is a simple and failsafe way to avoid one of the most common types of phishing. Regardless of seeming legitimacy, email isn't a secure method of transmitting personal or financial information — period.

8. Keep a close eye on statements.

This is smart business advice that can also protect you from phishing. If you are the victim of a scam, you want to know about any unauthorized charges as soon as possible so you can report and dispute them before the site and “organization” has disappeared with your money. Keep an eye on your credit report as well to ensure you haven’t become a victim of identity theft.

9. Blow the whistle.

If you get emails that you think are fraudulent, forward them to the organization impersonated in the phishing email or to spam@uce.gov. If you think you've been a victim of phishing, you can file a complaint at ftc.gov and visit the Federal Trade Commission's Identity Theft Web site at consumer.gov/idtheft.

Call 1-877-FTC-Help with questions. Act quickly because the average lifespan of these fake sites is only four days, according to the Anti-Phishing Working Group.

10. Last but not least, educate ALL employees.

Assistants and other entry-level employees are often at the highest risk of falling prey to phishing because of their high volume of correspondence with people unknown to them. Seal all possible leaks by educating everyone in your business, not just executives.

Feature story provided by MidwestBusiness.com.

2. Hostway News

Scam Alert — Do Not Download Guard.php

Some Hostway customers have received spam email messages that appear to be from Hostway and ask them to upload a file named guard.php (for Linux) and guard.asp (for Windows) to their root directories to secure their Web sites. This is a scam.

According to Symantec Security's Web site, the file can open unauthorized access to your Web site. Hostway advises customers to delete the message immediately and not to upload it under any circumstances.

SiteMail 7.0 Released

Hostway recently updated SiteMail to work seamlessly with Microsoft Internet Explorer 7 and Mozilla FireFox 2.0. Other upgrades include:

• Streamlined attachment process
• One-click switching from HTML to text editor for composing new messages
• Improved subfolder support and interface enhancements.

Log into SiteMail to try it out.

FindMyHost Names Hostway "Best Web Host"

Hostway is the "Best Web Host" for February 2007. Every month the editors at FindMyHost.com honor Web hosting companies that "are honest, reliable, and excel in all areas — most importantly technical support," says the Web site. Through the years, Hostway has racked up an impressive collection of awards.

See them all.

 

3. Smart Tip

Ask for Permission to Email.

Most people can report you as a spammer or scammer with a single mouse click. Maintain a good reputation by building a permission-based email list and sending commercial messages only to people who've requested them.

4. Special Offer!

PhotoshopSupport.com

$10 Off Pen Tablet Training Video for Photoshop

Quickly become a professional-level pen tablet user with Photoshop. This instructive video teaches you how to set up a Wacom pen tablet, personalize it and use all of the hidden features. Through PhotoshopSupport.com and Hostway, you can get the DVD or download it for just $39.99. Click here for more information.