Recent phishing schemes targeting Microsoft’s Hotmail, Google’s Gmail, Yahoo and other e-mail providers represent a new larger wave of an ever-present problem and it once again emphasizes the importance of educating your users, clients and staff how to recognize threats and stay away from them.
Basic things to remember:
– Your bank, IT staff, utility company or any other service provider will NEVER ask for your login credentials of any kind (password, PIN, social security number…). They simply don’t need to do that as other means of accessing your account (should there be a need for it) are already in place.
– Don’t open attachments you don’t expect/need or know where they came from. Same goes for links, don’t get click happy by clicking on every link you see. Also, when placing your cursor over a link you should look at the status bar (lower left hand corner to see if the two match).
– Don’t use public computers to access your financial (or other important) data. Why? Well, you simply don’t know who maintains those machines and how frequently; you don’t know what’s installed on them and if someone is capturing your keystrokes for later use.
– Change your passwords and change them often. Also, maintain multiple passwords for different account groups. You shouldn’t be using the same password for your banking that you use to access a simple news site. Furthermore, try not to keep your passwords simple and guessable. “welcome” ” password” “12345” and other similar choices are examples of poor selection. I know what you must think, secure passwords are complicated and difficut to remember. Not true. All you need to do is try sentences.
Ex. “I was born on a Thursday” and then group them together “iwasbornonathursday” and if you really want to get fancy (read: SECURE) change some letters for numbers and you come up with “1wa5b0rn0nathur5day”. Simple enough and a lot more secure than “welcome”, isn’t it?