More
An Online Business Guide: How to Prevent Phishing

An Online Business Guide: How to Prevent Phishing

24-03-2014 14:23:57
Phishing: The act of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
Problem- Most phishing occurs when a client clicks on a URL that is embedded in an email, social media site, adware etc and is redirected to a website that looks very similar to the one it is impersonating. Once the client enters the personal information (username/password, SSN, Credit Card) the hacker captures it and then has the option to use it illegally or resell that it on the black market. (example of a Google phishing attack that occurred 3/14) 
 
 
Solution- If you want your users to know that they are on the correct website then make it impossible to duplicate and easily recognizable. How do you do that? First purchase an Extended Validation (EV) SSL certificate. The Certification Authority (CA) will first validate the legal existence of your company and then issue an EV SSL certificate that turns your clients the Address Bar Green and displays your company’s information when they are on your site. (Bank of America Example below)
 
 
Once you have correctly installed the certificate using best practices the second step is simply to inform your customers. Inform them about Phishing attacks and how you have taken action to prevent them from happening.  Most importantly make sure your customers know about the EV SSL certificate on your site and to NEVER enter any information if the browser is not displaying the Green Bar.

foto: "Phishing" by kleuske

 

Recent Posts

European Cyber Security Month 2018
27-09-2018 10:46:21

The European Union Agency for Network and Information Security (ENISA), which is the center of knowledge about cyber security in Europe, organizes as every year in October the European Cyber Security Month. The campaign is starting in a few days. What is its purpose and how can you participate in it?

European Cyber Security Month 2018
GDPR and SSL certificate. Is encryption necessary for compliance with the GDPR?
18-05-2018 15:47:40

General Data Protection Regulation (GDPR) is a 99-article regulation meant to protect the private data of Europeans in IT systems. Announced in 2016, covers a broad variety of topics and will go into effect as a requirement on May 25, 2018. GDPR applies to any company doing business in Europe even if it is located elsewhere.

GDPR and SSL certificate. Is encryption necessary for compliance with the GDPR?
Deadlines for replacing Symantec Group certificates
08-12-2017 14:11:50

In November this year we wrote about the need to replace SSL certificates issued by Symantec Group. Find out the dates when you need to re-issue your certificates.

Deadlines for replacing Symantec Group certificates
more posts