7 Tips to Protect Your Data from Phishing Sites

The definition according to Wikipedia concerning Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. A good example is when you receive an email that says you need to change your password to your online banking account. The email looks like it came from your bank, but the link does not take you to the bank's web site. Instead, the link takes you to a website that is meant to look like your bank's web site, but the purpose of this web site is to steal your passwords.

With the increase on phishing that has been taking place month after month, I wanted to share some statistics from the anti-phising.org web site. I hope that you find this information as interesting as I do. Please review the tips on how to keep you protected.

The United States still leads in the most overall web sites being hosted that are phishing for people's private information.

The top countries are: December-09 Country Percentage of Phishing Sites

USA 91.51%

HONG KONG 3.76%

CHINA 0.96%

BRAZIL 0.89%

REP. KOREA 0.47%

GERMANY 0.40%

UK 0.29%

RUSSIA 0.20%

FRANCE 0.18%

CANADA 0.17%

Statistics from antiphishing.org has the following stats for

December 2009:

• Number of unique phishing sites received in December: 46190
• Number of brands hijacked by phishing campaigns in December: 249
• Country hosting the most phishing websites in December: United States
• Contain some form of target name in URL: 42.14 %
• No hostname just IP address: 1.65 %
• Percentage of sites not using port 80: 0.15 %
• Average time online for site: 4 days
• Longest time online for site: 30 days

Financial Services most targeted industry sector at 39%

Most Targeted Industries for Phishing

Financial

39.00%

Payment Services

33.00%

Auction

13.00%

Other

13.00%

Retail

2.00%

7 tips to protect yourself from phishing:

1. Awareness - be aware of typical types of phishing web sites. Most use port 80, and are not secure. There is no LOCK on your web browser showing that a SSL (Secure Server Link) is being used to guarantee safety of your data.

2. Educate yourself and your office staff on how to determine if an email is a phishing email. Most have very similar characteristics.

3. Keep your web browser and operating system up to date, check regularly for updates and patches

4. Review Credit Card and Bank Statements on a regular basis. Look for and report anything that seems suspicious.

5. Report emails that are phishing, you can go to phishtank.com or antiphising.org and report the abusive emails.

6. Report the abusive emails to your IT (Information Technology) department. This way they can also notify the appropriate people.

7. Report the abuse to the targeted company. I recently received an phishing email that took me to a site that looked like Paypal's web site. I knew that it was a phishing email, but I needed to capture the URL (Web Address) to report to Paypal. Most companies have a way to report phishing abuse. The targeted company then goes after the offending web site.