Protecting Yourself and Your Customers from Phishing

Tweet

By: James Koole on January 28th, 2009
Posted in: Reseller Resources
Tags:
Comments: 0

Phishing attacks are often associated with banking websites, but domain owners and Resellers need to be aware as well – hackers are actively targeting domain registration and management systems in an attempt to acquire user credentials. We’ve put together some information that will assist you both in protecting yourself from phishing attacks, and also to assist you in educating your customers so they can avoid falling victim to these hackers.

I’ve split the information into two groups; there’s some tips and info about what OpenSRS is specifically doing to protect against phishing, and also some general advice that applies to any and all online accounts.

OpenSRS Specific information:

• OpenSRS will never ask you for your username or password via email. We never ask for detailed personal information via email either (many phishing attacks use a form to be filled out that requests all of your personal info).
• All OpenSRS service administration systems including the Reseller Web Interface (RWI), the Manage Web Interface (MWI), and the Mail Administration Center (MAC), are protected by SSL Digital Certificates.
• When notified of an issue related to possible phishing directed at OpenSRS Resellers, domain registrants or competing domain Registrars and service providers, our abuse and compliance teams immediately work with their colleagues around the world to identify and disable the offending domain(s).
• OpenSRS abuse and compliance teams are well connected with various agencies and institutions in the global effort to identify and eliminate phishing websites no matter the target.

General tips:

• Be suspicious of any and all emails purporting to be from banks, financial institutions, or other online services that require you to log on via a link. Use your browser bookmark instead of clicking links in email.
• Check the SSL digital certificate of the site you are logging into if you have any concerns. This is as easy as clicking on the favicon in the address bar of Firefox or the lock icon on Internet Explorer. Ensure the information in the digital certificate matches the site you think you are logging into.
• Newer browsers, like Firefox 3, Internet Explorer 7 and Safari 3.1 offer protection against some phishing attacks by alerting you to known phishing sites when you attempt to surf to them. This doesn’t provide complete protection, however, as new phishing sites are created all the time.

The Anti-Phishing Working Group (APWG) has created an educational page for consumers with excellent information that will assist them in protecting themselves from being phished. Feel free to educate yourself and also to share this resource with your customers.

Comments are closed.