IT Articles : Step to protect you from Phishers
If a user is connected to his bank’s online banking service in one window, and leaves it open while visiting other sites, a crafted site can identify his bank, then activate a pop-up window imitating the bank’s logo and appearance and ask for the login to be repeated. An inattentive user who re-inputs the data falls right into the phisher’s trap.
One way to guard against what Trusteer calls “in-session” attacks is to have only the online banking site open in the browser and then to log off and close that window, before surfing elsewhere. Trusteer doesn’t say whether it has reported the problem to the browser makers
Steps to protect your web site:
1. Don’t give out your username/password to anyone else.
Even if it’s your own net/web/system admin. Chances are he/she already knows it for he/she can just login as admin to the control panel and look at your password.
2. Change your password once in a while.
It’s better to write them down instead of saving them on a hard disk with insufficient firewall protection.
3. Don’t use any word that can be found in dictionary or anything that signifies your birthdate, your street number to make it difficult for the hackers to guess.
4. Disable the “Forgot Password” utility on your site. This utility is very convenient to most end users, so fast that it gives out password so easy to for hackers to play with.
5. Make your password question / password answer (the one used to remind your forgotten password) difficult to guess. Treat it as a password. If anyone can just guess it, chances are hackers will start exploring with your account.
6. Make sure you are in constant contact with your web provider so they know your real identity and they can help you out as soon as there’s hacking going on in your site.
7. Don’t use any irc (internet relay chat) based chat system for it connects to ports 6660 to 6669. Hackers will exploit these ports and will upload trojan virus in your computer that can get your username/password on most of your accounts.
If you are going to use any irc chat system, don’t even use it without the aid of psybnc or bnc. For more details and pricing of this tool, email: firstname.lastname@example.org with Subject: psybnc or go to http://www.nabaza.com/support.htm and post your request there.
8. Don’t trust any email (even if it’s an email message coming from your trusted friend) message that has .exe file attachment. Chances are it came from a malicious programmer and this .exe file already spreadand infected/duplicated in all email addresses in your addressbook including yours. For antivirus information, go to http://www.nabaza.com/antivirus.htm