A couple of months back, my friend and I spoke at a Conference on Software Testing held at Bangalore on Web Application Security. It was a just few days after one of the famous Indian bank's E-Banking website was attacked. The attacker launched the attack from Asia and the news came in almost all popular dailies.
Roughly after six months, today, I happened to read an article on Phishing which says that Phishing is very active and more than 150 banks globally are targeted. Phishing is at six month high. I am sure the list will contain the bank where I hold an account. There are many fraudulent companies which setup web site simple for grab the data and before the world identifies that it is phishing, the attacker would have stolen enough. However, the security agencies need to protect others from falling prey further.
Though the way the software is built itself is an issue, we cannot the entire blame on the software developers :-(. Each one of us, as the users should have security awareness. But the important thing is that we, the normal human being (layman) never try to understand the techniques used by attackers and we don't even care thinking that the probability being stolen due to phishing is very less. You are absolutely right, the probability is less and not zero. We never really care about the current trends in web attacks and certain basic security awareness is very much crucial.
Here are some of the points that one needs to care
1. Try to avoid logging from public systems like Internet cafe
2. Whenever you log off, delete all the history and cookies
3. Don't not click the images in the web banking sites
4. Do not launch your e-Banking website through a hyper link from an external website.
5. Take time to read the address in the address bar. Check whether the address exactly matches the address of your bank's website. Make sure that first part of the address, the protocol, is "https". These days none of the banks and commercial websites use "http".
6. Do not save passwords in the browser and do not be lazy to key in your password everytime.
7. Periodically, change your passwords and use strong passwords (with alphabets, numbers, special characters)
8. Since most of the phishing takes place through fraudulent emails, ensure that you different between the emails from your bank and the attacker. You can find some ways of identifying phishing email in one of my previous blogs.
9. Above all, if you happen to receive any phishing email, report to your bank as they can sensitize other account holders.
And now, if you have time and energy, just go and read about security and phishing especially. :-)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment